Use when requesting EAMA approval for agent lifecycle ops (spawn, terminate, hibernate, wake, plugin install). Trigger with permission requests.
npx claudepluginhub emasoft/emasoft-plugins --plugin emasoft-chief-of-staffThis skill uses the workspace's default tool permissions.
Permission management is a critical governance function of the Chief of Staff. Before performing certain operations that affect agent resources or system state, ECOS must request approval from the Assistant Manager (EAMA), who serves as the user's representative. This skill teaches you how to request approvals, track pending approvals, handle timeouts, and maintain audit trails.
references/approval-escalation.mdreferences/approval-request-procedure.mdreferences/approval-tracking.mdreferences/approval-types-detailed.mdreferences/approval-workflow-engine.mdreferences/examples.mdreferences/op-handle-approval-timeout.mdreferences/op-request-approval.mdreferences/op-track-pending-approvals.mdreferences/rule-14-enforcement.mdEnforces orchestrator boundaries, rules, and delegation patterns in AI Maestro. Validates RULE 14/15 compliance, detects violations, and generates checklists/reports.
Implements hooks for permission control, blocking dangerous operations, and audit trails in custom Claude Code agents.
Mandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.
Share bugs, ideas, or general feedback.
Permission management is a critical governance function of the Chief of Staff. Before performing certain operations that affect agent resources or system state, ECOS must request approval from the Assistant Manager (EAMA), who serves as the user's representative. This skill teaches you how to request approvals, track pending approvals, handle timeouts, and maintain audit trails.
Before using this skill, ensure:
| Permission Type | Output |
|---|---|
| Grant access | Permission added, agent notified |
| Revoke access | Permission removed, agent notified |
| Escalate | Request forwarded to EAMA for approval |
Permission management is the process of obtaining authorization before executing privileged operations. The Chief of Staff must not unilaterally spawn agents, terminate agents, hibernate agents, wake agents, or install plugins without proper approval from the manager (EAMA) unless operating under an explicit autonomous directive.
Key principle: ECOS proposes, EAMA approves. The user (via EAMA) maintains control over resource-consuming operations.
+-------------------------------------------------------------+
| APPROVAL REQUIRED OPERATIONS |
+-------------------------------------------------------------+
| AGENT SPAWN - Creating new agent instances |
| AGENT TERMINATE - Permanently stopping agent execution |
| AGENT HIBERNATE - Suspending agent to conserve resources |
| AGENT WAKE - Resuming hibernated agent |
| PLUGIN INSTALL - Installing new Claude Code plugins |
+-------------------------------------------------------------+
Exception: If the manager has issued an autonomous operation directive, ECOS may proceed without approval but must notify EAMA after the operation completes.
ECOS EAMA USER
| | |
| 1. Request approval | |
|----------------------------->| |
| | 2. Present to user |
| |----------------------------->|
| | |
| | 3. User decides |
| |<-----------------------------|
| 4. Receive response | |
|<-----------------------------| |
| | |
| 5. Execute or abort | |
| 6. Log to audit trail | |
For ACK timeout policy and message retry procedures, see the ecos-notification-protocols skill.
When to use: Before executing any agent lifecycle operation or plugin installation.
Steps: Identify operation type, compose approval request, send via AI Maestro, await response, handle decision.
See references/approval-request-procedure.md for complete documentation:
When to use: When managing multiple operations requiring approval, when checking status of pending requests.
Steps: Register new requests, monitor response status, handle multiple concurrent requests, update tracking on resolution.
See references/approval-tracking.md for complete documentation:
When to use: When no response received within timeout period, when urgent operation is blocked.
Steps: Send reminder notifications, send urgent notification, determine proceed or abort, log escalation event.
See references/approval-escalation.md for complete documentation:
| Type | Request When | EAMA Options |
|---|---|---|
| Agent Spawn | Creating new agent | Approve, Reject, Modify |
| Agent Terminate | Stopping agent | Approve, Reject, Delay |
| Agent Hibernate | Suspending idle agent | Approve, Reject, Terminate Instead |
| Agent Wake | Resuming hibernated agent | Approve, Reject, Spawn Fresh Instead |
| Plugin Install | Installing plugin | Approve, Reject, Request Security Review |
See references/approval-types-detailed.md for justification requirements and detailed decision options.
All approval operations must be logged:
audit_trail:
- timestamp: "ISO-8601"
operation: "spawn|terminate|hibernate|wake|plugin_install"
target: "agent_name_or_plugin_name"
request_id: "uuid"
requested_at: "ISO-8601"
decision: "approved|rejected|modified|timeout_proceed|timeout_abort"
decided_at: "ISO-8601"
decided_by: "eama|autonomous|timeout"
justification: "reason provided"
modifications: null | {changes}
escalation_count: 0|1|2|3
Audit file location: docs_dev/audit/ecos-approvals-{date}.yaml
Copy this checklist and track your progress:
For complete examples with expected responses, see references/examples.md:
Step-by-step runbooks for executing each permission management operation. Use these when performing the actual procedures described above.
Detailed step-by-step runbook for requesting approval from EAMA before executing privileged operations (spawn, terminate, hibernate, wake, plugin install).
Detailed step-by-step runbook for maintaining tracking of all outstanding approval requests to manage multiple concurrent operations.
Detailed step-by-step runbook for handling situations where approval requests do not receive timely responses, including reminders, escalation, and proceed/abort decisions.
| Issue | Resolution |
|---|---|
| EAMA offline | See approval-escalation.md Section 3.6 |
| Request format rejected | See approval-request-procedure.md Section 1.6 |
| Audit write failure | Ensure docs_dev/audit/ exists and is writable |
| Conflicting responses | Use response with latest decided_at timestamp, log conflict |
| Role | Prefix | Plugin Name |
|---|---|---|
| Chief of Staff | ecos- | Emasoft Chief of Staff |
| Assistant Manager | eama- | Emasoft Assistant Manager Agent |
| Architect | eaa- | Emasoft Architect Agent |
| Orchestrator | eoa- | Emasoft Orchestrator Agent |
| Integrator | eia- | Emasoft Integrator Agent |
Version: 1.0 Last Updated: 2025-02-03 Target Audience: Chief of Staff Agents Difficulty Level: Intermediate