π€ AI Agent Enhancement (Post-MVP)¶
Scope: Post-MVP Enhancement Stage Status: Deferred until after MVP validation Principle: "Prove governance value first, then enhance with AI"
Why Deferred from MVP¶
Decision: Remove all AI/agent infrastructure from MVP to focus on delivering board-ready governance value through deterministic, rule-based processes.
Rationale:
- Prove core governance value with simpler, more reliable approach first
- Reduce development timeline to predictable 8-12 weeks
- Lower operational costs (no LLM API usage during validation)
- Build structured data foundation that AI will enhance later
- Boards prefer transparent, auditable calculations over AI "black boxes"
When to Add: After MVP validates core value proposition and customer feedback demonstrates need for AI enhancement.
Original Vision: Single AI Agent¶
GetCimple's future AI enhancement will use a single AI agent handling 4 core workflows, based on Anthropic's recommendation to avoid premature multi-agent complexity.
Why Single Agent for Future Enhancement¶
Anthropic's Guidance¶
"Start with a single agent that can handle your core use cases well. Only move to multi-agent when you have clear bottlenecks or specialized needs."
- Building Effective Agents
Our Reality¶
- 3-person team = focus on simplicity
- 8-12 week MVP timeline
- Prove core value first
- Scale when metrics demand it
The Single Agent Design¶
Agent Capabilities¶
class ComplianceAgent:
"""Single agent handling all compliance workflows"""
def __init__(self):
self.capabilities = [
"question_answering", # Answer compliance questions
"document_extraction", # Extract from policies/forms
"report_generation", # Create board reports
"task_prioritization" # Identify critical tasks
]
async def handle_request(self, request_type, context):
# Route to appropriate workflow
if request_type == "insurance_form":
return await self.fill_insurance_form(context)
elif request_type == "board_report":
return await self.generate_board_report(context)
# ... other workflows
The 4 Core Workflows¶
1. Insurance Form Completion¶
User: "Help me complete Chubb cyber insurance renewal"
β
Agent: Retrieves questions from unified bank
β
Agent: Pre-fills known answers (80% complete)
β
Agent: Asks only missing information
β
Agent: Generates completed form
2. Board Report Generation¶
User: "Create quarterly board security update"
β
Agent: Gathers compliance scores
β
Agent: Identifies critical changes
β
Agent: Writes executive summary
β
Agent: Formats board-ready PDF
3. Compliance Assessment¶
User: "What's our Essential Eight maturity?"
β
Agent: Reviews current evidence
β
Agent: Maps to E8 requirements
β
Agent: Identifies gaps
β
Agent: Provides improvement roadmap
4. Policy Extraction¶
User: Uploads existing policies
β
Agent: Extracts key information
β
Agent: Maps to frameworks
β
Agent: Updates question bank
β
Agent: Suggests improvements
Technical Implementation¶
Technology Stack¶
Core:
- Framework: LangGraph (Anthropic recommended)
- LLM: Claude 3 Opus/Sonnet
- Validation: Pydantic AI
- Memory: PostgreSQL + pgvector
Tools:
- Document parsing: pdf-parse, mammoth
- Report generation: React PDF
- Task queue: Bull (Redis)
- Monitoring: OpenTelemetry
Agent Architecture¶
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β Single Compliance Agent β
ββββββββββββββββββββ¬ββββββββββββββββ¬ββββββββββββββββ€
β Input Handler β Workflow β Output β
β - Parse request β Router β Generator β
β - Load context β - Choose β - Format β
β - Validate β workflow β - Validate β
ββββββββββββββββββββ΄ββββββββββββββββ΄ββββββββββββββββ€
β Shared Components β
β - Question Bank - Document Store - Templates β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
LangGraph Implementation¶
from langgraph.graph import StateGraph, END
from typing import TypedDict, Literal
class ComplianceState(TypedDict):
request_type: str
context: dict
intermediate_results: list
final_output: dict
def route_request(state: ComplianceState) -> Literal[
"insurance", "board", "assessment", "extraction"
]:
"""Route to appropriate workflow based on request"""
return state["request_type"]
# Build the graph
workflow = StateGraph(ComplianceState)
# Add nodes for each workflow
workflow.add_node("router", route_request)
workflow.add_node("insurance", handle_insurance_form)
workflow.add_node("board", generate_board_report)
workflow.add_node("assessment", assess_compliance)
workflow.add_node("extraction", extract_policies)
# Connect the graph
workflow.set_entry_point("router")
workflow.add_conditional_edges(
"router",
route_request,
{
"insurance": "insurance",
"board": "board",
"assessment": "assessment",
"extraction": "extraction"
}
)
# All workflows end
for node in ["insurance", "board", "assessment", "extraction"]:
workflow.add_edge(node, END)
app = workflow.compile()
Prompt Management¶
class PromptTemplates:
"""Centralized prompt management"""
INSURANCE_FORM = """
You are a compliance expert helping complete insurance forms.
Context:
- Company: {company_name}
- Form: {form_type}
- Previous answers: {answer_history}
Task: Help complete the following questions...
"""
BOARD_REPORT = """
You are preparing a board-level security report.
Audience: Non-technical board directors
Tone: Professional, concise, action-oriented
Include:
- Executive summary (3 bullets max)
- Key risks and mitigations
- Compliance scores with trends
- Recommended board actions
"""
Performance Considerations¶
MVP Targets¶
- Response time: <5 seconds for simple queries
- Form completion: <30 seconds for 50-question form
- Report generation: <60 seconds for board report
- Concurrent users: Support 10 simultaneous
Scaling Triggers¶
Move to Multi-Agent When:
- Average latency > 2 seconds
- Queue depth > 100 requests
- Specialized expertise needed
- User feedback demands it
- Revenue supports complexity
Monitoring & Observability¶
Key Metrics¶
class AgentMetrics:
# Performance
response_time_p95: float
queue_depth: int
success_rate: float
# Usage
requests_per_workflow: dict
unique_users_daily: int
# Quality
user_satisfaction: float
accuracy_score: float
completion_rate: float
Health Checks¶
@app.get("/health")
async def health_check():
return {
"agent": "healthy",
"queue_depth": get_queue_depth(),
"avg_response_time": get_avg_response_time(),
"workflows_available": [
"insurance", "board", "assessment", "extraction"
]
}
Security & Compliance¶
Data Handling¶
- All requests logged (no PII)
- Tenant isolation enforced
- No cross-tenant data access
- Audit trail for all operations
Rate Limiting¶
RATE_LIMITS = {
"insurance_form": "10 per hour per tenant",
"board_report": "5 per day per tenant",
"assessment": "20 per day per tenant",
"extraction": "50 per day per tenant"
}
Evolution Path¶
Phase 1: MVP (Current)¶
- Single agent, 4 workflows
- Basic prompt templates
- Simple routing logic
- Manual quality checks
Phase 2: Enhanced Single Agent¶
- Improved prompts from usage
- Better context handling
- Workflow optimizations
- Automated quality scoring
Phase 3: Specialized Agents (When Triggered)¶
- Insurance specialist agent
- Board reporting agent
- Technical assessment agent
- Orchestrator agent
Implementation Checklist¶
- Set up LangGraph project structure
- Implement ComplianceAgent class
- Create workflow routing logic
- Build prompt templates
- Add Pydantic validation
- Implement each workflow
- Add monitoring/metrics
- Create health endpoints
- Add rate limiting
- Write integration tests
Integration with n8n¶
The Single Agent works in tandem with n8n for a complete automation solution:
- n8n handles: WhatsApp routing, scheduling, notifications (deterministic)
- Agent handles: Compliance logic, Q&A, reports, extraction (AI-powered)
For detailed integration architecture, see Agent and n8n Integration.
Related Documents: