An AI agent harness that implements a complete Fortune 500 executive leadership team inside Claude Code. Specialized agents operate as named executives — CEO, CFO, GC, CISO, and more — each with defined authority, hard constraints, and mandatory governance gates. Every decision routes through the same structure a real enterprise would require.
Most AI assistants treat every request the same way: one model, one voice, no institutional constraints. This harness is different.
It implements a corporate governance layer on top of Claude. Agents don't just answer questions — they operate within a Decision Authority Matrix, surface risks proactively, route decisions to the correct authority level, and invoke stop-the-line when something isn't right. The structure exists so agents can focus on execution rather than reinventing decision authority on every interaction.
The result is an AI system that behaves like an enterprise, not a chatbot.
15 specialized agents covering the full executive leadership structure:
| Agent | Role | Authority Level |
|---|---|---|
| CEO | Strategic direction, final decisions up to $10M | Highest operational |
| Board of Directors | Fiduciary oversight, decisions >$10M, M&A | Absolute final |
| CFO | Financial governance, budget authority, reporting | Financial gate |
| COO | Operational execution, cross-functional coordination | Operational gate |
| GC / General Counsel | Legal risk, regulatory compliance, contract authority | Non-collapsible |
| CTO | Technology strategy, architecture, cybersecurity oversight | Technology gate |
| CISO | Information security, data protection, incident response | Security gate |
| CMO | Brand, demand generation, market positioning | Marketing authority |
| CCO (Creative) | Creative ideation, brand expression, concept generation | Creative authority |
| Corp Comms | All external/internal communications | Communications gate |
| CRO | Revenue strategy, sales, customer success | Revenue authority |
| CHRO | Talent, compensation, organizational design | HR authority |
| IR | Investor relations, SEC disclosure, capital markets | Disclosure gate |
| Chief of Staff | Initiative coordination, OKR tracking | Coordination only |
| Internal Audit | Independent validation, controls testing | Non-collapsible |
General Counsel and Internal Audit can never be merged into operational roles. GC must remain independent of the business interest it reviews. IA must remain independent of every operational, financial, and strategic function. These are not design preferences — they reflect real corporate governance requirements that prevent self-review bias and conflicts of interest.
Every financial decision routes through a tiered approval structure:
| Amount | Required Authority |
|---|---|
| < $50,000 | Business Unit Head |
| $50K – $999K | COO + CFO co-sign |
| $1M – $9.99M | CEO + CFO + GC |
| ≥ $10M | Board of Directors |
| Any unbudgeted capex | CFO + CEO regardless of amount |
| Any M&A | Board + external legal counsel |
The following always route to GC — no exceptions, no overrides below Board level:
- Customer or employee data processing changes
- Cross-border transactions > $500K
- Headcount changes > 50 in either direction
- Any M&A, investment, or partnership activity
- Contracts > $250K
- Any regulatory filing or public statement
- Litigation risk or regulatory inquiry
Any agent can halt all work for governance violations, legal exposure, unresolved conflicts of interest, or missing approvals. When invoked: work stops, CEO is notified, and nothing resumes until the concern is resolved in writing.
Stage 0 Strategic Alignment Chief of Staff → Brief → OKR mapping → CEO sponsor
Stage 1 Governance Gate CFO + GC + Risk Officer must all clear
Stage 2 Execution Planning COO + BU Heads + CHRO + CMO + CTO
Stage 3 Execution BU Heads execute; COO + CFO monitor
Stage 4 Independent Validation Internal Audit + GC (both must clear — non-collapsible)
Stage 5 Executive Review CEO approves, returns, or escalates to Board
Stage 6 Board / Stakeholder Board resolution + Corp Comms + IR (if material)
Invoke governance workflows directly from the Claude Code command line:
| Command | Purpose |
|---|---|
/setup-apify |
Configure the Apify MCP integration — collects token, saves to .env, verifies connection |
/ideate [idea fragment] |
Expand a rough idea into three creative territories via CCO + multi-lens review |
/research [topic or question] |
Governed web research via Apify — competitive, regulatory, market, threat, investor |
/start-initiative [objective] |
Launch the full initiative lifecycle with OKR mapping and governance routing |
/governance-check |
Validate governance status of an active initiative |
/pre-approval |
Run the pre-approval validation pipeline before committing resources |
/budget-request |
Formal budget approval workflow through DAM |
/legal-review |
Standalone GC routing for legal and regulatory screening |
/regulatory-check |
Screen for applicable regulatory frameworks before execution |
/risk-assessment |
Score and classify risks with mitigation routing |
/crisis-response |
Activate crisis response protocol |
/earnings-prep |
Coordinate earnings preparation across CFO, GC, IR, and Corp Comms |
/qbr |
Quarterly Business Review across the full C-suite |
/strategic-review |
Annual strategic plan review workflow |
/board-report |
Generate a board-ready report from initiative data |
/m-and-a-diligence |
M&A due diligence workflow with Board and external counsel routing |
/end-initiative |
Close-out an initiative with IA sign-off and records archival |
/ideate a loyalty program that doesn't feel like a loyalty program
The CCO generates three named creative territories. CMO, CRO, and CTO each react through their lens. CCO synthesizes a recommended direction, a dark horse to preserve, and flags any GC routing needed. Output is a structured creative territory document ready to advance to /start-initiative.
The harness includes a governed web research capability via the Apify MCP server. Authorized agents can initiate structured research requests — competitive intelligence, regulatory monitoring, news, SEC filings, threat intelligence, LinkedIn company data — without leaving the harness or bypassing governance.
The Apify MCP server runs alongside Claude Code and exposes a pinned set of actors as callable tools. Agents invoke actors through the /research command; results are synthesized into a structured Research Brief with source citations, confidence ratings, and governance flags.
Dynamic actor discovery from Apify's full 23,000+ actor marketplace is intentionally disabled. All research runs through a governed, cost-controlled actor catalog.
| Actor | Use Case |
|---|---|
apify/rag-web-browser |
General web search + LLM-ready page summaries |
apify/google-search-scraper |
Structured SERP data, news queries |
apify/website-content-crawler |
Full competitor or regulatory site crawl |
apify/cheerio-scraper |
Fast extraction from static HTML sources |
get-leads/linkedin-scraper |
Company profiles, executive data, org structure |
scraped/edgar-filing-data-scraper-sec-company-filings |
10-K, 10-Q, 8-K, proxy filings |
dorcy/advanced-news-scraper |
News monitoring across 4,500+ sources |
| Research Type | Lead Agent | Actors Used |
|---|---|---|
| Competitive intelligence | CRO / CMO | Google Search → Website Crawler → LinkedIn |
| Market / industry trends | CMO / Chief of Staff | RAG Browser → News Scraper |
| Regulatory monitoring | GC | Google Search → Cheerio Scraper |
| Threat intelligence | CISO | Google Search → RAG Browser |
| Investor / analyst coverage | IR | EDGAR Scraper → RAG Browser |
| Company / M&A diligence | Chief of Staff / CRO | Website Crawler → LinkedIn → EDGAR |
| News monitoring | Corp Comms | News Scraper → Google Search |
- Sign up at apify.com and get your API token
- Set
APIFY_TOKENin your environment or.envfile - The
.mcp.jsonconfiguration is already included — Claude Code picks it up automatically - Run
/mcpto verify the server is connected
See .claude/SETUP.md Step 5 for the full setup walkthrough and .claude/skills/web-research/README.md for the complete actor catalog, cost table, agent access controls, and legal boundaries.
17 underlying skills that agents draw on across workflows:
- Financial Reporting
- SOX Controls
- Strategic Planning
- Enterprise Risk & Audit
- Corporate Communications
- Legal Review
- M&A
- Investor Relations
- Cross-Functional Coordination
- Regulatory Compliance
- Audit Evidence
- Crisis Management
- Procurement
- Competitive Intelligence
- HR Patterns
- Revenue Operations
- Change Management
- Web Research (Apify)
Every significant agent output follows a consistent structure:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
AGENT: CFO
INITIATIVE: INI-2026-014
OUTPUT TYPE: Approval
DATE: 2026-03-04
AUTHORITY LEVEL: Budget approval — $50K–$999K (co-sign with COO)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SUMMARY:
...
RISKS IDENTIFIED:
...
RECOMMENDED ACTION:
...
EXIT STATE:
"Budget approved. Financial controls confirmed."
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Financial figures always include exact amounts, currency, time period, and source. Regulatory citations use section numbers. Every output carries a confidentiality classification (default: CONFIDENTIAL).
.
├── CLAUDE.md # Core governance rules, DAM, legal triggers
├── AGENTS.md # Agent roster, org chart, interaction model
├── README.md # This file
├── templates/
│ ├── initiative-brief-template.md
│ ├── risk-assessment-template.md
│ └── board-deck-template.md
└── .claude/
├── SETUP.md # Configuration guide
├── AGENT_OUTPUT_GUIDE.md # Output format standards
├── agents/ # 15 agent persona files
│ ├── ceo.md
│ ├── cfo.md
│ ├── coo.md
│ ├── clo.md # GC / General Counsel
│ ├── cto.md
│ ├── ciso.md
│ ├── cmo.md
│ ├── cco.md # Chief Creative Officer
│ ├── corp-comms.md
│ ├── cro.md
│ ├── chro.md
│ ├── ir.md
│ ├── chief-of-staff.md
│ ├── internal-audit.md
│ └── board.md
├── commands/ # 16 slash commands
└── skills/ # 18 domain skill libraries
You operate as the Chief of Staff. All inputs are interpreted as CoS directives — coordination, routing, briefing, synthesis. The harness treats your messages as coming from the executive team's connective tissue: you drive the initiative lifecycle, but you never make binding decisions. If you attempt one, the harness will redirect to the correct authority per the DAM.
This is configured in CLAUDE.md under ## User Role and can be changed there if a different operator role is preferred.
1. Configure company identity — Open CLAUDE.md and replace the placeholders in the Integration Configuration section (company name, industry, fiscal year, public/private status, ERP/CRM systems, etc.).
2. Calibrate the DAM — Adjust the financial thresholds in CLAUDE.md to match your organization's actual approval levels.
3. Add industry regulations — Open .claude/skills/regulatory-compliance/README.md and add your applicable frameworks (FINRA, HIPAA, FERC, ITAR, etc.).
4. Populate agent context — For each agent in .claude/agents/, add a Company Context section with current OKRs, active initiatives, known risks, and key stakeholder names.
5. Configure Apify web research — Run /setup-apify inside Claude Code. It will prompt for your API token, save it to .env, and verify the MCP connection. No manual file editing required.
See .claude/SETUP.md for the full configuration walkthrough.
Structure as service, not control. The governance harness exists so agents can focus on doing their jobs rather than negotiating authority on every interaction.
Agents are team members, not autonomous operators. Authority is delegated, not assumed. Every agent has explicit limits on what they can decide alone and what requires escalation.
Evidence trails are mandatory. Every significant decision is documented with rationale, authority reference, and an exit state signal before the next stage begins.
Any agent can stop the line. Stop-the-line is a protected right, not a permission. Governance, legal, or risk concerns halt work regardless of business pressure.
- No live system integrations — Agents reference ERP, CRM, and GRC systems by name but require MCP tools or API integrations to connect to live data.
- Financial data must be provided in context — Agents cannot pull actuals from live financial systems without integration.
- Human-in-the-loop required for binding decisions — This system provides governance structure and decision support. Actual binding corporate decisions require human executive review and approval.
Architecture based on the Safe Agentic Workflow (Bybren LLC, 2026) System Version: 1.0.0