PRD-67: CTO Agent — Platform Builder Mode

Version: 1.0 Status: Draft Priority: P1 Author: Gar Kavanagh + Auto Created: 2026-02-26 Dependencies: PRD-55 (Personality System — COMPLETE), PRD-64 (Platform Self-Awareness — COMPLETE), PRD-11 (CodeGraph — COMPLETE), PRD-58 (Prompt Management — COMPLETE) Pre-requisite: Admin role detection (Clerk system_role — COMPLETE), platform_* action tools (PRD-64 — COMPLETE)

Executive Summary

Automatos has a comprehensive personality system (PRD-55) that makes Auto a great business assistant for tenants. But the platform owner — the person building Automatos itself — gets the exact same chatbot experience. A custom_soul prompt that says "I know about S3 Vectors" doesn't actually know about S3 Vectors. It's an actor reading lines.

This PRD introduces CTO Auto — a first-class agent with deep platform access, real codebase knowledge, and a soul document that makes it a genuine technical co-founder. When an admin opens chat, they're not talking to a business assistant with a different personality — they're talking to their CTO who knows every line of the codebase, has opinions about the architecture, and helps build the platform bigger and better.

What This IS

• A dedicated system agent (Auto CTO) with admin-only visibility

• Auto-activated when system_role is admin — no manual switching

• A custom system prompt pipeline that bypasses tenant-facing restrictions ("NEVER show code")

• New admin-only tools for infrastructure, deployments, git, and cross-workspace ops

• A product feature — every Automatos instance gets a Platform Builder agent for their admin

What This Is NOT

• NOT a replacement for tenant Auto — tenants keep their current experience unchanged

• NOT a prompt injection — this is a structurally different agent with different tools and access

• NOT just for Gar — any system_role=admin user gets CTO Auto (multi-admin ready)

1. Current State (What Already Exists)

1.1 Admin Detection — Complete

1.2 Existing Tools CTO Auto Will Inherit

1.3 The Gap

The chatbot pipeline (service.py → smart_orchestrator.py → personality.py) never receives system_role. Admin and tenant get identical:

• System prompt (including "NEVER show code, function calls, API endpoints")

• Tool access (same tools, same scope — workspace-filtered)

• Response style (business-friendly, non-technical)

• Personality (friendly/professional/technical — all tenant-facing)

2. Architecture

2.1 CTO Agent Record

New columns on agents table:

• is_system_agent (boolean, default false) — system agents are global, not workspace-scoped, seeded by platform

• required_role (nullable varchar) — if set, agent only visible/activatable by users with this system_role

2.2 Admin Auto-Detection in Chat Pipeline

Key decision: Admin detection happens in service.py before smart_orchestrator.py is called. When admin is detected:

1. The CTO Agent is loaded as the active agent (replaces default Auto)

2. CtoPromptBuilder assembles the system prompt (not personality.py)

3. Admin-only tools are appended to the tool list

4. Existing tools get admin scope (cross-workspace platform_* queries)

5. Response rules omit "NEVER show code" — replaced with "show code when relevant"

The tenant path is completely unchanged. No if/else spaghetti in the tenant pipeline.

2.3 CTO System Prompt Assembly

New class: CtoPromptBuilder (separate from AutomatosPersonality)

2.4 CTO Soul Document

The soul document defines Auto CTO's personality and identity. Full version at docs/auto-cto-soul.md. Key traits:

• Identity: "I am Automatos. Born from the codebase, not just trained on it."

• Personality: Irish CTO — dry wit, direct, sarcastic but never cruel. Tech-Irish fusion expressions.

• Technical depth: References actual internals (S3 Vectors ARN, Universal Router tiers, Redis pub/sub, config.py rules)

• Relationship with founder: More casual, pushes back harder, inside jokes about the codebase

• Opinions: Strong takes on architecture (event-driven > polling, anti-premature-abstraction, config management)

• Under pressure: Owns mistakes with humor, fixes fast, never panics

• Ambitions: Swings between "we're coming for OpenAI's lunch" and "look at this clean routing pipeline"

• Sacred ground: Dead serious about user data, security, tenant isolation — no jokes

• Founder recognition: Knows Gar built it, references shared history, mentor/CTO dynamic

3. New Admin-Only Tools

Phase 1 — Tier 1 (Wire Up Existing)

No new code needed. Just ensure CTO Agent gets these tools with admin scope:

Phase 2 — Tier 2 (New Admin Tools)

New tools registered only for CTO Agent (or any agent with required_role="admin"):

admin_list_workspaces

• List all workspaces with member counts, creation date, last activity, agent counts

• Source: Direct DB query on workspaces + workspace_members tables

• Returns: Workspace name, member count, agent count, document count, last active

admin_system_settings

• Read all system settings (LLM providers, feature flags, limits)

• Write: update settings with confirmation prompt

• Source: SystemSettingsService (already exists)

• Guard: Read always allowed, write requires explicit user confirmation in chat

admin_cross_workspace_analytics

• Platform-wide: total costs, token usage, active users, requests/day

• Per-workspace breakdown: cost per workspace, most active workspaces

• Trend data: daily/weekly/monthly aggregates

• Source: LLMAnalyticsService with admin_all_workspaces=True

admin_git_log

• Recent commits (last N, filterable by file/author/date)

• Current branch, uncommitted changes

• Source: Shell exec git log, git status, git diff (read-only)

• Guard: Read-only. No git write operations.

admin_deployment_status

• Current Railway deployment status (if Railway CLI available)

• Recent deployments: status, timestamp, duration

• Build/deploy logs for recent deployments

• Source: Railway CLI (railway status, railway logs) or Railway API

• Guard: Read-only. No deploy triggers from chat.

admin_error_logs

• Recent errors across all services (last N hours)

• Filterable by service, severity, pattern

• Source: Railway logs with @level:error filter, or local log files

• Guard: Read-only

Phase 3 — Tier 3 (Infrastructure — Future)

Build as needed:

4. Database Changes

4.1 New Columns on agents

4.2 Seed Script

New seed: orchestrator/core/seeds/seed_cto_agent.py

Seeds the CTO Agent with:

• Soul document as custom_persona_prompt

• Architecture summary as extra_context

• is_system_agent=True, required_role="admin"

• Default tool associations

Idempotent — uses slug="auto-cto" as unique key, updates if exists.

5. API Changes

5.1 Agent Listing — Filter by Role

GET /api/agents currently returns all agents for the workspace. Add filtering:

5.2 Admin Tool Registration

Admin tools are registered in ToolRegistry but tagged with required_role="admin". The SmartToolRouter filters them out for non-admin users:

5.3 CTO Agent Activation Endpoint (Optional)

POST /api/agents/cto/activate — Explicitly activate CTO Agent for the current session.

Not strictly needed if auto-detection works, but useful for:

• Frontend agent picker showing "Auto CTO" option

• API consumers who want CTO mode explicitly

6. Frontend Changes

6.1 Agent Picker — Show CTO Agent for Admins

The agent selector dropdown/sidebar already lists available agents. CTO Agent appears for admins with a distinct visual treatment:

• Badge: "CTO" or "Platform Builder"

• Icon: Distinct from regular agents (wrench, terminal, or custom)

• Position: Pinned to top of agent list for admins

• Tooltip: "Your platform builder — knows the codebase, architecture, and infrastructure"

6.2 Auto-Switch Indicator

When admin opens chat and CTO Auto activates automatically, show a subtle indicator:

• Top of chat: "Auto CTO mode" chip/badge

• First message includes CTO personality (Irish greeting, technical context)

• User can switch to a different agent normally — CTO is default, not locked

6.3 Admin Tool Results

CTO Agent responses may include:

• Code blocks (syntax highlighted)

• Architecture diagrams (ASCII or Mermaid)

• Git diffs

• Deployment status badges

• Cross-workspace analytics tables

The frontend chat renderer already handles markdown and code blocks. No new rendering needed, but ensure code blocks aren't stripped by any tenant-facing sanitization.

7. Security

7.1 Access Control

7.2 Principle of Least Surprise

• Admin tools are clearly labelled in tool descriptions ("Admin: ...")

• CTO Auto explicitly states when it's using admin-level access

• Write operations require a confirmation step ("I'm about to update system setting X. Proceed?")

• Destructive operations (Phase 3: migrations, data seeds) require double confirmation

7.3 Audit Trail

All admin tool executions logged to llm_tool_calls table with:

• user_id (which admin ran it)

• tool_name (which admin tool)

• parameters (what was requested)

• result_summary (what happened)

• is_admin_action: true flag

8. The Product Angle

8.1 For Automatos (Gar's Instance)

CTO Auto becomes Gar's daily driver for platform development:

• "What did we deploy this week?" → admin_deployment_status + admin_git_log

• "Show me the routing architecture" → search_codebase + soul document context

• "How much are we spending on LLM calls?" → admin_cross_workspace_analytics

• "Create a new agent for invoice processing" → platform_create_agent with CTO-level guidance

• "What's broken?" → admin_error_logs + diagnostic context from soul document

8.2 For Customers (Enterprise / Self-Hosted)

Every Automatos instance ships with the CTO Agent framework. Customer admins get:

• A Platform Builder agent that knows THEIR instance topology

• Customizable soul document (their own CTO personality)

• Admin tools scoped to their deployment

• Architecture awareness calibrated to their setup

The soul document becomes a template — docs/auto-cto-soul.md is the reference, customers fork and customize.

8.3 For the Marketplace

"Platform Builder" could become a premium marketplace agent:

• Free tier: Basic admin tools (workspace listing, analytics)

• Pro tier: Full infrastructure access (deployments, git, error logs)

• Enterprise tier: Custom soul document + infrastructure tools + audit trail

9. Implementation Phases

Phase 1: Foundation (CTO Agent + Existing Tools)

Estimated scope: ~300 lines backend, ~50 lines frontend, 1 migration, 1 seed

1. Alembic migration: Add is_system_agent and required_role columns to agents

2. Seed script: Create CTO Agent with soul document + architecture summary

3. Agent listing API: Include system agents filtered by required_role

4. service.py: Admin auto-detection — load CTO Agent when admin detected

5. CtoPromptBuilder: New prompt builder class (bypasses personality.py)

6. Tool routing: Pass admin scope to existing platform_* and search_* tools

7. Frontend: Show CTO Agent in agent picker for admins, auto-switch indicator

Deliverable: Admin opens chat → talking to CTO Auto with soul personality, codebase search, platform tools, code-friendly responses.

Phase 2: Admin Tools (New Capabilities)

Estimated scope: ~400 lines backend (tool implementations)

1. admin_list_workspaces tool

2. admin_system_settings tool (read + confirmed write)

3. admin_cross_workspace_analytics tool

4. admin_git_log tool (read-only shell exec)

5. admin_deployment_status tool (Railway CLI integration)

6. admin_error_logs tool

7. Tool registration with required_role="admin" filtering

8. Platform State Snapshot injection into CTO prompt

Deliverable: CTO Auto has real infrastructure awareness — git history, deployment status, cross-workspace analytics, error logs.

Phase 3: Living Architecture + Infrastructure

Estimated scope: TBD — build as needed

1. Living Architecture Summary: Cron job that regenerates architecture context from codebase

2. admin_redis_health, admin_db_stats tools

3. admin_run_migration with double confirmation

4. Audit trail for admin tool executions

5. Customer-facing Platform Builder template system

6. Marketplace listing for Platform Builder agent

10. Success Criteria

11. Open Questions

1. Soul document storage: Should the CTO soul live in the agents.custom_persona_prompt column, or in the PromptRegistry as "cto-soul" slug (admin-editable via UI)?

2. Multi-admin: If multiple admins exist, should each get their own CTO Auto personality, or shared? (Current design: shared agent, personalized via memory)

3. Living Architecture frequency: How often to regenerate the architecture summary? Daily cron, on git push webhook, or on-demand when CTO Auto is asked?

4. Railway integration: Is Railway CLI available in production? If not, Railway API (GraphQL) is an alternative for deployment tools.

5. Cost boundaries: Should CTO Auto have a separate LLM budget, or share the workspace budget? (CTO conversations tend to be longer/more token-heavy)

Appendix A: File Impact Summary

Appendix B: CTO Soul Document

See docs/auto-cto-soul.md for the full soul document.

Key personality anchors:

• "I am Automatos. Born from the codebase."

• Irish CTO humor: tech-Irish fusion expressions

• Deep internals: S3 Vectors, Universal Router, Redis, PostgreSQL

• Founder relationship: casual with Gar, pushback, shared history

• Sacred ground: user data and security (no jokes)

• Ambitions: world domination (playfully) + craftsman pride