Beaver/beaver_project
6
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: 支持多语言提示词本地化和界面优化

Browse Source 
- 添加 prompt_locale 参数支持简体中文、繁体中文和英文提示词本地化
- 移除内置 agents 配置以简化系统架构
- 更新 ContextBuilder 使用动态提示词模板而非硬编码内容
- 在 AgentLoop、Web 接口和 AgentService 中传递 locale 参数
- 添加输出语言指令确保用户界面内容按指定语言生成
- 扩展前端 LanguageSwitcher 组件支持三种语言选项
- 优化 Header 和侧边栏组件的响应式布局和文本截断处理
- 更新测试用例验证不同语言环境下的提示词正确性
This commit is contained in:
steven_li
2026-06-10 16:11:05 +08:00
parent 9cc3334ea7
commit fc9fd93c36
51 changed files with 7493 additions and 619 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/product-discovery/README.md Normal file
View File

@ -0,0 +1,11 @@
# Product Discovery
Product discovery artifacts for Beaver.
## Main Product
- [Beaver Agent Sandbox](./beaver/README.md)
## Feature-Level Discovery
- [Skill Replay Eval](./skill-replay-eval/README.md)

489
docs/product-discovery/beaver/PRD-beaver-agent-sandbox.md Normal file
View File

@ -0,0 +1,489 @@
# PRD: Beaver Agent Sandbox
Date: 2026-06-09
Status: Product discovery draft for whole Beaver product
## 1. Summary
Beaver Agent Sandbox is a private-deployable workspace for enterprise Agent work. It lets users move from chat to managed tasks, execute work with files and tools, track evidence, accept or revise outputs, and turn successful work into reusable skills and memory.
The first product goal is to prove that Beaver can help a pilot team complete repeatable knowledge work with more control, traceability, and reuse than chat-only AI tools.
## 2. Contacts
| Role | Owner | Comment |
| --- | --- | --- |
| Product owner | TBD | Owns positioning, roadmap, pilot metrics, research |
| Engineering owner | TBD | Owns platform architecture and implementation quality |
| Design owner | TBD | Owns workspace, task, review, admin, and onboarding UX |
| Deployment owner | TBD | Owns Docker deployment, routing, instance lifecycle |
| Security/review owner | TBD | Owns tool policy, data boundaries, connector safety |
| Pilot owner | TBD | Owns customer/team selection and feedback loop |
## 3. Background
Most enterprise AI experiments start with chat. Chat is useful, but it is weak at real work:
- There is no durable task lifecycle.
- It is hard to see what happened.
- File and tool work is scattered.
- Results are not formally accepted or rejected.
- Successful workflows are not turned into reusable team capability.
- Admins cannot easily control deployment, tools, memory, and connectors.
Beaver addresses this gap by acting as an Agent execution and governance layer. It combines a user workspace, task runtime, evidence timeline, file and tool operations, skill learning, scheduled work, connectors, and private multi-instance deployment.
Why now:
- Teams are moving from AI demos to operational AI workflows.
- Enterprise buyers need governance, not only model access.
- Beaver already has enough implementation to support pilot workflows.
- The next step is product packaging, validation, and operational hardening.
## 4. Objective
### Objective
Prove Beaver can deliver trusted, repeatable Agent work for pilot teams.
### Key Results
| Key Result | Target |
| --- | --- |
| Time to first accepted task | Pilot user reaches first accepted task within first session |
| Accepted Agent Workflows | >=30 accepted tasks across pilot team within 30 days |
| Acceptance Rate | >=60% of completed task runs accepted |
| Evidence Coverage | >=90% of task runs show useful timeline/tool/artifact evidence |
| Skill Reuse | >=5 reusable skills created, >=3 reused at least twice |
| Deployment Repeatability | Fresh pilot deployment under 2 hours with documented steps |
| Critical Incidents | 0 control-plane exposure, data leakage, or unintended external-write incidents |
## 5. Market Segments
### Primary Segment: Enterprise Teams Doing Repeatable Knowledge Work
Examples:
- Project delivery teams.
- Operations teams.
- Internal strategy/research teams.
- Technical support and engineering teams.
- Customer success and sales operations teams.
Their work is a good fit when it is:
- Repeated often.
- Multi-step.
- File-heavy.
- Tool-heavy.
- Needs review or approval.
- Benefits from a traceable process.
### Buyer Segment: AI Platform Owner / IT Leader
They need to provide AI capability without losing control over deployment, data, tools, and governance.
### Admin Segment: Operator / Implementation Owner
They set up Beaver, manage model providers, monitor health, handle connectors, and support users.
### Maintainer Segment: Skill Owner
They curate reusable skills and make sure published skills are safe, useful, and reviewable.
## 6. Value Propositions
### For Workflow Teams
Beaver turns AI conversations into managed work. A request can become a task, produce artifacts, show evidence, and continue through revision until accepted.
### For Platform Owners
Beaver offers a private Agent sandbox with instance boundaries, tool governance, skills, and operational controls.
### For Admins
Beaver makes onboarding and operations more repeatable through auth portal, deploy control, routing, settings, status, and logs.
### For Skill Maintainers
Beaver turns accepted work into reusable skills through candidate, draft, safety/eval, review, and publish flow.
### For End Users
Beaver gives one place to chat, upload files, run tasks, preview outputs, review results, and reuse proven methods.
## 7. Solution
### 7.1 User Experience
#### First-Run Experience
```text
User registers
-> app instance is created
-> user configures model provider
-> user enters Beaver workspace
-> user starts from a workflow template or chat
-> Beaver creates or continues a task
-> user accepts or revises the result
```
Requirements:
- Registration and instance provisioning must show clear progress and errors.
- Provider setup must be understandable and recoverable.
- If provider setup is skipped, the app must clearly explain why Agent calls cannot run.
#### Daily User Workspace
Primary screens:
- Chat workbench.
- Task list and task details.
- Files.
- Notifications and scheduled work.
- Skills and marketplace.
- Tool management.
- Settings/status/logs.
Core user loop:
```text
Ask
-> execute
-> inspect evidence
-> accept/revise
-> reuse
```
#### Admin Experience
Admin needs:
- See instance health.
- Configure providers.
- Configure channels/connectors.
- Restart safely.
- Inspect logs.
- Manage tools and skills.
- Understand failures.
### 7.2 Key Features
#### Authentication And Instance Provisioning
Requirements:
- Users register or log in through auth portal.
- Registration triggers an app-instance container.
- Router maps instance host to container.
- Provider onboarding can configure model provider after instance creation.
Acceptance criteria:
- New user can reach a working instance.
- Failed provisioning shows a recoverable error.
- `deploy-control` and `authz-service` are not public surfaces.
#### Chat Workbench
Requirements:
- Users can create/select sessions.
- Users can send text and attachments.
- Users can see Assistant messages, task cards, Agent run progress, and acceptance controls.
- Users can jump from chat to task detail.
Acceptance criteria:
- User can complete one full chat-to-task-to-accept flow.
- Attachments can be uploaded and used.
- Current task status is visible.
#### Task Lifecycle
Requirements:
- System can distinguish ordinary chat from task requests.
- Task can be created, run, continued, revised, accepted, abandoned, or deleted.
- Task detail shows timeline, runs, tools, artifacts, result, and acceptance controls.
Acceptance criteria:
- Task list and detail remain useful on mobile and desktop.
- Acceptance actions are persisted.
- Revision feedback continues the same task context.
#### Agent Team Execution
Requirements:
- Complex tasks can be planned as sequence, parallel, or DAG execution.
- Subtasks can bind skills or ephemeral guidance.
- Main Agent synthesizes final answer from evidence.
Acceptance criteria:
- Subtask results are visible and debuggable.
- Failed team execution is shown without hiding partial evidence.
#### Files Workspace
Requirements:
- Users can upload, create folders, browse, preview, download, and delete files.
- Workspace roots stay understandable.
- File operations are safe within instance boundaries.
Acceptance criteria:
- Root and nested directories work.
- Text/Markdown/image preview works.
- Long file names do not break layout.
#### Tools And MCP
Requirements:
- Admins can view, test, add, edit, delete, and refresh tools where supported.
- Agent runtime can expose tools based on task and skill context.
- Tool calls are recorded as evidence.
Acceptance criteria:
- Tool detail and test flows work.
- Dangerous tools are governed by policy before broad rollout.
#### Skills And Marketplace
Requirements:
- Published skills can be listed, inspected, installed, uploaded, disabled, rolled back, or deleted where supported.
- Accepted work can create skill candidates.
- Candidates can become drafts.
- Drafts require safety/eval/review gates before publish.
- Marketplace supports discovery and install.
Acceptance criteria:
- Candidate and draft flows do not reset UI state unexpectedly.
- Publish requires review gates.
- Published skill can be reused by later tasks.
#### Memory
Requirements:
- Beaver can store long-term preferences, business knowledge, historical task learning, file/artifact memory, tool experience, and reusable workflows.
- Before broad product use, users/admins need memory inspect/edit/delete/freeze controls.
Acceptance criteria for Memory Control Center MVP:
- User can see what is remembered.
- User can see source and last-used context.
- User can edit, delete, or freeze memory.
- Task detail can show when memory affected execution.
#### Scheduled Work And Notifications
Requirements:
- Users can create scheduled jobs.
- Scheduled runs can produce notifications or tasks.
- Users can review, revise, or accept scheduled outputs.
Acceptance criteria:
- Scheduled job can be created, toggled, run now, deleted.
- Scheduled output can enter normal task review flow.
#### Connectors
Requirements:
- Beaver can connect to external systems such as Outlook and selected IM/channel connectors.
- Connector status, setup, errors, and reconnect path must be visible.
- External writes require clear policy and safety boundary.
Acceptance criteria:
- Pilot-safe connector list is documented.
- External connector callbacks route correctly in multi-instance deployment.
- Failed connector auth or setup is recoverable.
#### Settings, Status, Logs
Requirements:
- Users/admins can configure provider, Agent settings, channels, and runtime.
- Status page shows current app health.
- Logs help operators diagnose failures.
- Restart is confirmed before execution.
Acceptance criteria:
- Provider save flow works.
- Runtime restart flow is protected by confirmation.
- Long config values do not break UI.
### 7.3 Technology
Frontend:
- Next.js app inside `app-instance/frontend`.
- App shell with chat, tasks, files, skills, marketplace, tools, connectors, settings, status, logs.
Backend:
- Python Beaver backend inside `app-instance/backend`.
- Unified `beaver.engine` for Agent runtime.
- `beaver.coordinator` for multi-agent execution.
- `beaver.services` for task, cron, process, and application orchestration.
- `beaver.tools` for built-in/MCP tool execution.
- `beaver.skills` for skill loading, learning, review, publishing.
- `beaver.memory` for run memory, skills memory, long-term memory foundation.
- `beaver.interfaces` for web, MCP, channels, CLI/gateway surfaces.
Deployment:
- `auth-portal`.
- `authz-service`.
- `deploy-control`.
- `router-proxy`.
- `app-instance`.
- Docker network and per-instance mounted runtime directories.
### 7.4 Data And Evidence
Important product data:
- Users and auth handoff.
- Instance registry.
- Provider configuration.
- Conversations and messages.
- Tasks, task runs, run events, timeline events.
- Tool calls and results.
- Files and artifacts.
- Skill receipts, candidates, drafts, safety/eval reports, reviews, published versions.
- Memory records.
- Scheduled jobs and scheduled runs.
- Connector state and events.
Evidence principle:
Every meaningful Agent action should become explainable later.
### 7.5 Assumptions
- The best first customers are teams with repeatable knowledge workflows.
- Task acceptance is the right primary quality signal.
- Private deployment is a benefit, not a barrier, for early enterprise pilots.
- Teams will value skill/memory reuse after enough accepted tasks.
- Admins can operate a Docker-based deployment with a clear runbook.
- Memory must be controllable before it can be trusted.
### 7.6 Non-Goals For First Pilot
- Broad public SaaS launch.
- Full multi-tenant organization management.
- Fully autonomous skill publishing.
- Production external writes without clear review.
- Complete enterprise RBAC.
- Unlimited connector support.
- Perfect long-term memory automation.
- Replacing human review for high-risk work.
## 8. Release
### Release 0: Internal Demo Readiness
Scope:
- Clean local deployment.
- Auth portal registration/login.
- Provider onboarding.
- Chat-to-task demo.
- Task detail evidence.
- File upload/preview.
- Skills and marketplace demo.
- Settings/status/logs.
Exit criteria:
- Demo flow works on fresh environment.
- Known limitations are documented.
- No critical security/deployment issue.
### Release 1: Pilot Workflow Release
Scope:
- 2-3 packaged workflows.
- Task acceptance and evidence as main flow.
- Files and selected tools.
- Basic scheduled workflow.
- One pilot-safe connector if stable.
- Skill candidate/draft/review/publish.
- Deployment runbook and support checklist.
Exit criteria:
- Pilot team reaches >=30 accepted tasks in 30 days.
- >=5 reusable skills created.
- 0 critical incidents.
- Deployment under 2 hours on fresh host.
### Release 2: Governance And Reuse Release
Scope:
- Evidence narrative.
- Memory Control Center.
- Skill replay/eval governance.
- Admin health console.
- Connector policy hardening.
- Pilot scorecard.
Exit criteria:
- Reviewers understand evidence.
- Users can inspect and control memory.
- Admins can diagnose provider/connector/runtime issues.
- Skill reuse is visible in metrics.
### Release 3: Expansion Release
Scope:
- Team/workspace concepts if validated.
- More connectors.
- Audit export.
- Cross-instance analytics.
- Policy profiles.
- Instance lifecycle automation.
Exit criteria:
- Multiple teams can run without high support load.
- Governance story supports enterprise buying process.
## Open Questions
- Is the first paying segment project teams, operations teams, engineering/support, or internal AI platform teams?
- Should Beaver optimize for single-user instances first or team workspaces sooner?
- Which connector is the safest and most valuable pilot connector?
- What exact tool policy should apply in customer pilots?
- What memory behavior should be on by default?
- How much raw evidence should normal users see versus admins?
- What is the backup/restore SLA for app instances?
## Success Review Checklist
- Can a new user get to first accepted task quickly?
- Can a reviewer understand what the Agent did?
- Can an admin recover from provider or connector errors?
- Can a successful task become a reusable skill?
- Can a pilot owner prove value with metrics?
- Can security explain the deployment and tool boundaries?

30
docs/product-discovery/beaver/README.md Normal file
View File

@ -0,0 +1,30 @@
# Beaver Product Discovery
This folder covers Beaver as the whole product, not only one feature.
Beaver is an enterprise Agent sandbox and execution platform. It combines private deployment, per-user app instances, chat-to-task execution, task evidence, user acceptance, files, tools, skills, memory, connectors, scheduled work, and governance.
## Documents
- [Business Strategy HTML](./index.html): business-style product discovery, strategy canvas, target users, segmentation, and competitors.
- [Product PRD HTML](./product-prd.html): product PRD, outcome roadmap, module job stories, WWA backlog items, and test scenarios.
- [Product Discovery Report](./product-discovery-report.md): product understanding, users, JTBD, opportunities, assumptions, experiments, priorities, metrics, and 30/90 day recommendations.
- [Product Architecture Brief](./product-architecture-brief.md): product-facing architecture across auth, deployment control, routing, app instances, frontend, backend, Agent runtime, tools, skills, memory, files, connectors, and operations.
- [PRD](./PRD-beaver-agent-sandbox.md): full-product PRD for the Beaver Agent Sandbox.
- [Validation Plan](./validation-plan.md): customer, product, technical, security, usability, and business validation plan.
- [Launch And Maintenance Runbook](./launch-maintenance-runbook.md): launch phases, readiness checks, monitoring, incident response, maintenance cadence, and rollback.
## Source Material
- [Project README](../../../README.md)
- [Deployment Guide](../../../部署指南.md)
- [Domain Guide](../../../域名配置指引.md)
- [App Instance README](../../../app-instance/README.md)
- [Backend README](../../../app-instance/backend/README.md)
- [Recent Backend Features](../../../projcet_review/backend_recent_completed_features.md)
- [UI/UX Page Docs](../../ui-ux/README.md)
- [Customer Presentation](../../presentations/skill-replay-eval/index.html)
## Related Feature Discovery
- [Skill Replay Eval Discovery](../skill-replay-eval/README.md)

1277
docs/product-discovery/beaver/index.html Normal file
View File

File diff suppressed because it is too large Load Diff

455
docs/product-discovery/beaver/launch-maintenance-runbook.md Normal file
View File

@ -0,0 +1,455 @@
# Beaver Launch And Maintenance Runbook
Date: 2026-06-09
Scope: whole Beaver product.
## 1. Launch Principle
Launch Beaver through controlled pilots before broad rollout.
The product has a wide operational surface: auth, deployment control, routing, per-instance app containers, model providers, Agent runtime, tools, files, skills, memory, scheduled work, and connectors. A successful launch depends as much on reliability and trust as on feature completeness.
## 2. Launch Roles
| Role | Responsibility |
| --- | --- |
| Launch owner | Owns readiness, go/no-go, rollout phases |
| Deployment owner | Owns Docker images, network, router, instance lifecycle |
| Backend owner | Owns Agent runtime, tasks, tools, skills, cron, APIs |
| Frontend owner | Owns user-facing flows and UI verification |
| Security owner | Owns control-plane exposure, data boundaries, tool/connector policy |
| Pilot owner | Owns user onboarding, workflow selection, feedback, metrics |
| Support owner | Owns incident triage, runbook updates, user support |
## 3. Launch Phases
### Phase 0: Local Internal Readiness
Audience: builders and internal testers.
Goals:
- Full local deployment works.
- Core demo flows are stable.
- Known risks are documented.
Required flows:
- Register/login.
- Provider onboarding.
- First chat response.
- Chat-to-task.
- Task acceptance/revision.
- File upload/preview/download/delete.
- Skill list/candidate/draft/review.
- Settings/status/restart.
Exit criteria:
- Fresh deployment run completed from docs.
- No P0 or launch-blocking P1 issues.
- Demo script works end to end.
### Phase 1: Controlled Pilot
Audience: one internal team or one trusted customer team.
Goals:
- Validate real workflow value.
- Validate deployment and support process.
- Validate trust, evidence, and governance story.
Constraints:
- Narrow workflow scope.
- Narrow connector scope.
- Conservative tool policy.
- Human review for skill publishing.
- No opaque memory use for sensitive data.
Exit criteria:
- >=30 accepted tasks in 30 days.
- >=2 recurring workflows.
- 0 critical incidents.
- Deployment/support issues documented and reduced.
### Phase 2: Expanded Pilot
Audience: more users in same team or a second pilot team.
Goals:
- Test repeatability across workflows.
- Introduce Memory Control Center or stricter memory policy if ready.
- Strengthen skill reuse and scheduled work.
Exit criteria:
- Skill reuse becomes visible.
- Admin can operate without developer pairing for common tasks.
- Evidence and report quality are accepted by workflow owner.
### Phase 3: Production Candidate
Audience: broader customer or department rollout.
Goals:
- Stabilized deployment.
- Health monitoring.
- Incident response.
- Backup/restore process.
- Policy profiles.
Exit criteria:
- Launch owner, security owner, and deployment owner approve.
- Support process has clear ownership.
- Rollback and restore are rehearsed.
## 4. Pre-Launch Checklist
### Deployment
- [ ] Images build successfully.
- [ ] Docker network exists.
- [ ] Router proxy starts.
- [ ] AuthZ service starts.
- [ ] Deploy control starts.
- [ ] Auth portal starts.
- [ ] App instance can be created.
- [ ] App instance route works through router proxy.
- [ ] Provider config can be written and instance restarted.
- [ ] Runtime directories are persistent.
- [ ] Public exposure limited to intended services.
### Product Flows
- [ ] Register/login works.
- [ ] Provider onboarding works.
- [ ] Chat workbench loads.
- [ ] Task creation works.
- [ ] Task detail timeline works.
- [ ] Acceptance/revision/abandon works.
- [ ] Files page works.
- [ ] Tools page works for pilot tools.
- [ ] Skills page works.
- [ ] Marketplace install works if included.
- [ ] Cron/scheduled flow works if included.
- [ ] Connector flow works if included.
- [ ] Settings/status/logs work.
### Governance
- [ ] Tool policy for pilot is documented.
- [ ] Connector side effects are understood.
- [ ] Skill publish gates are documented.
- [ ] Memory behavior is documented.
- [ ] Data retention expectations are documented.
- [ ] User-facing limitations are documented.
### Support
- [ ] Pilot support channel exists.
- [ ] Incident owner assigned.
- [ ] Logs and health checks are accessible.
- [ ] Backup/restore expectations are clear.
- [ ] Known issues list exists.
## 5. Monitoring
### Product Metrics
| Metric | Owner | Cadence |
| --- | --- | --- |
| Accepted tasks | Pilot owner | Weekly |
| Acceptance rate | Product owner | Weekly |
| Revision rate | Product owner | Weekly |
| Active workflows | Pilot owner | Weekly |
| Skill candidates and reuse | Product owner | Weekly |
| Scheduled run success | Backend owner | Weekly |
| Time to first accepted task | Product/design | Per onboarding |
### Operational Metrics
| Metric | Owner | Alert |
| --- | --- | --- |
| Instance creation failures | Deployment owner | >10% during pilot |
| Router route failures | Deployment owner | Any repeated failure |
| Provider setup failures | Support owner | >20% of onboarded users |
| Task run failures | Backend owner | >20% for 2 days |
| WebSocket/runtime disconnects | Backend/frontend | Repeated user-visible failures |
| File operation failures | Backend owner | Any permission/path issue |
| Tool execution failures | Backend owner | Repeated by tool category |
| Cron failures | Backend owner | Any critical scheduled workflow missed |
| Connector failures | Integration owner | Failed auth or unintended write |
### Security Metrics
| Metric | Alert |
| --- | --- |
| Control-plane public exposure | Immediate P0 |
| Cross-instance data access | Immediate P0 |
| Unintended external write | Immediate P0 |
| Credential leak in logs/report | Immediate P0 |
| Unsafe skill publish | P1, or P0 if external action risk |
## 6. Health Checks
### Control Plane
- Auth portal reachable.
- AuthZ service reachable internally.
- Deploy control reachable internally with token.
- Router proxy has generated routes.
- Instance registry is readable and consistent.
### App Instance
- Frontend loads.
- Backend `/api/status` responds.
- WebSocket works.
- Provider config present.
- Workspace path mounted.
- Initial skills present.
- Logs accessible.
### Product Runtime
- Chat request succeeds.
- Task run succeeds.
- File API succeeds.
- Tool registry loads.
- Skills list loads.
- Cron scheduler active if enabled.
- Connector status loads if enabled.
## 7. Incident Response
### P0: Control Plane Exposed
Examples:
- `deploy-control` accessible from public internet.
- `authz-service` accessible from public internet.
- Internal token leaked.
Actions:
1. Remove public route/firewall exposure.
2. Rotate affected tokens.
3. Review access logs.
4. Confirm no unauthorized instance operations.
5. Update deployment checklist.
### P0: Cross-Instance Data Leak
Examples:
- Instance A reads Instance B workspace.
- Router sends user to wrong instance.
- Shared connector callback writes to wrong instance.
Actions:
1. Disable affected route or instance.
2. Preserve logs and registry.
3. Identify path/host/callback mapping failure.
4. Patch and add regression test.
5. Notify affected stakeholders.
### P0: Unintended External Action
Examples:
- Email or IM message sent unexpectedly.
- Calendar invite created unexpectedly.
- External system updated without user intent.
Actions:
1. Disable connector or tool.
2. Preserve task/tool evidence.
3. Identify initiating task, tool, arguments, user, connector account.
4. Patch policy or confirmation gate.
5. Add test case and update pilot policy.
### P1: New User Cannot Reach Instance
Actions:
1. Check auth portal logs.
2. Check authz register flow.
3. Check deploy-control register/configure flow.
4. Check instance registry.
5. Check router route generation.
6. Check container state and app logs.
### P1: Provider Config Broken
Actions:
1. Check settings/status.
2. Confirm config path and provider fields.
3. Test provider credentials.
4. Restart instance if config was changed.
5. Improve onboarding copy if user error.
### P1: Task Runtime Failing
Actions:
1. Check backend logs.
2. Check provider availability.
3. Check tool registry.
4. Check task event timeline.
5. Reproduce with minimal chat request.
6. Mark affected pilot workflow as paused if repeated.
### P2: UI Flow Confusing
Actions:
1. Record screen and user quote.
2. Add to UX issue list.
3. Determine whether it blocks pilot success.
4. Fix copy/layout if low effort.
## 8. Maintenance Cadence
### Daily During Pilot
- Check critical incidents.
- Check instance health.
- Check failed task runs.
- Check support channel.
- Review provider/connector errors.
### Weekly
- Review accepted tasks and acceptance rate.
- Review workflow success/failure.
- Review skill candidates and reuse.
- Review deployment issues.
- Review security/tool/connector events.
- Update known issues and runbook.
### Monthly
- Rehearse fresh deployment.
- Review backup/restore approach.
- Review memory and skill governance.
- Review connector roadmap.
- Review pilot ROI and expansion decision.
### Quarterly
- Revisit product positioning.
- Revisit architecture scaling assumptions.
- Decide team workspace / RBAC roadmap.
- Review security model and policy profiles.
## 9. Backup And Restore
Minimum data to preserve:
- `authz-service/runtime/data`
- `app-instance/runtime/instances`
- `app-instance/runtime/registry`
- `router-proxy/runtime/conf.d`
Per instance:
- `beaver-home/config.json`
- `beaver-home/web_auth_users.json`
- `beaver-home/workspace/`
- skill and runtime state under instance data.
Pilot requirements:
- Document manual backup command.
- Document manual restore procedure.
- Test restore for at least one non-production instance before expanded pilot.
## 10. Change Management
Before changing any of these, require launch owner review:
- Routing/proxy config.
- AuthZ issuer/internal URL.
- Deploy token names or values.
- Instance registry format.
- Workspace mount paths.
- Provider config schema.
- Tool execution policy.
- Connector callback routing.
- Skill publish gates.
- Memory default behavior.
## 11. Rollback
Rollback options:
- Roll back frontend/backend image for app instances.
- Disable specific connector.
- Disable scheduled job execution.
- Disable skill learning worker.
- Disable skill publish.
- Fall back to chat-only mode for affected workflow.
- Remove public route to affected instance.
- Restore instance data from backup.
Rollback triggers:
- P0 incident.
- Repeated instance creation failure.
- Repeated task runtime failure blocking pilot work.
- Provider config issue affecting most users.
- Connector side-effect risk.
- UI issue blocking first accepted task.
## 12. Launch Communication
### Internal
Beaver is launching as a controlled Agent execution pilot. The launch goal is not maximum feature breadth. The goal is to prove repeatable AI-assisted work with task acceptance, evidence, and reuse.
### Pilot Users
Use Beaver for selected workflows where you need a concrete output. Review each result. Accept it if usable, request revision if it is close, or abandon it if it is not worth continuing. Your feedback is the signal that helps Beaver improve and reuse work.
### Admins
Treat Beaver as an app platform with a control plane and per-instance runtime. Keep deploy-control and authz private. Monitor instance health, provider config, tool behavior, and connector side effects.
## 13. Known Limitations To Disclose
- Memory is not yet fully productized with user controls.
- Connector maturity varies by provider.
- The first pilot should use a narrow set of workflows.
- Some operations may still require engineering support.
- Skill learning needs human review before publish.
- Multi-user organization features are not the first pilot focus.
## 14. Go / No-Go Criteria
Go if:
- Fresh deployment works.
- First accepted task flow works.
- Evidence timeline is readable enough for pilot.
- Tool and connector policy is documented.
- Support owner is assigned.
- No critical security issue is open.
No-go if:
- Control-plane exposure risk is unresolved.
- Cross-instance isolation is unverified.
- Provider onboarding fails for most users.
- Task runtime is unreliable.
- Pilot workflow is not defined.
- No one owns incidents or support.

439
docs/product-discovery/beaver/product-architecture-brief.md Normal file
View File

@ -0,0 +1,439 @@
# Beaver Product Architecture Brief
Date: 2026-06-09
Audience: product, engineering, delivery, security, and pilot stakeholders.
## 1. Architecture Summary
Beaver is built as a private-deployable, multi-instance Agent workspace.
At the top level, it has five deployment components:
```text
Browser
-> auth-portal
-> authz-service
-> deploy-control
-> router-proxy
-> app-instance
```
Each `app-instance` contains the user-facing product:
```text
app-instance container
-> Nginx
-> Next.js frontend
-> Beaver backend
-> mounted beaver-home
-> config
-> workspace
-> skills
-> runtime data
```
The key product architecture choice is instance-level sandboxing. Each user or team can receive a separate app instance with its own config, workspace, files, skills, and runtime data.
## 2. Product-Level System Map
```text
Auth and onboarding
auth-portal
-> register/login
-> model provider onboarding
authz-service
-> account and backend identity
deploy-control
-> create/configure/remove app-instance
router-proxy
-> route instance host to app-instance container
User workspace
app-instance/frontend
-> chat workbench
-> tasks
-> files
-> skills
-> marketplace
-> MCP/tools
-> notifications/cron
-> connectors
-> settings/status/logs
Agent runtime
app-instance/backend
-> interfaces
-> services
-> engine
-> coordinator
-> tools
-> skills
-> memory
-> integrations
```
## 3. Deployment Components
### Auth Portal
Responsibility:
- User login and registration entry.
- Provider onboarding after registration.
- Handoff into the user app instance.
Product value:
- Gives non-technical users a clean entry point.
- Separates account onboarding from the per-instance app.
Key risk:
- Provider configuration must be understandable and recoverable for non-engineer users.
### AuthZ Service
Responsibility:
- Account and backend identity orchestration.
- Internal token-protected coordination.
Product value:
- Centralizes identity relationships between portal and app backends.
Key risk:
- Misconfigured issuer/internal URL can break new app instances.
### Deploy Control
Responsibility:
- Create, configure, and manage app instances.
- Call `app-instance/create-instance.sh`.
- Write provider config and restart instance when needed.
Product value:
- Makes private instance provisioning repeatable.
Key risk:
- Must not be exposed publicly.
- Needs health checks and lifecycle operations for pilot scale.
### Router Proxy
Responsibility:
- Route hostnames to the correct app instance container.
Product value:
- Lets each instance have a stable public URL.
Key risk:
- Domain, wildcard DNS, HTTPS, and route reload errors can block access.
### App Instance
Responsibility:
- The user-facing Beaver workspace.
- Runs frontend, backend, and Nginx in one container.
- Mounts the instance's `beaver-home` as config and workspace boundary.
Product value:
- Provides practical sandboxing for early private deployments.
Key risk:
- Instance lifecycle, backup, restore, and resource limits need productized operations.
## 4. App Instance Product Modules
### Frontend Modules
| Module | Route | Product Job |
| --- | --- | --- |
| Chat workbench | `/` | Main workspace for conversation, attachments, task cards, and acceptance |
| Tasks | `/tasks`, `/tasks/[taskId]` | Track ordinary and scheduled task lifecycle, timeline, evidence, artifacts |
| Notifications | `/notifications` | Review proactive or scheduled outputs |
| Cron | `/cron` | Manage scheduled jobs |
| Files | `/files` | Browse, upload, preview, download, delete workspace files |
| Skills | `/skills` | Manage published skills, candidates, drafts, safety/eval, review, publish |
| Marketplace | `/marketplace` | Discover and install skills |
| MCP/tools | `/mcp` | Manage tool servers, tool details, test, add, edit, delete |
| Agents | `/agents` | Manage Agent definitions and roles |
| Outlook/connectors | `/outlook`, settings connector panels | Connect external systems |
| Settings/status/logs | `/settings`, `/status`, `/logs` | Configure providers, runtime, channels, health, and debugging |
### Backend Modules
| Module | Responsibility |
| --- | --- |
| `foundation` | Shared config, errors, events, utilities, base models |
| `engine` | Unified Agent runtime used by main Agent and sub-agents |
| `coordinator` | Multi-agent sequence/parallel/DAG execution |
| `tools` | Built-in and MCP tool registration/execution |
| `skills` | Skill loading, resolution, drafts, learning, review, publish |
| `memory` | Long-term memory and run/skill stores |
| `permissions` | Governance and policy surface |
| `services` | Application orchestration, tasks, cron, process projection |
| `interfaces` | Web, CLI, Gateway, channels, MCP servers |
| `integrations` | AuthZ, MCP, external protocols, connector clients |
## 5. Core Product Flows
### Flow A: New User Registration And First Workspace
```text
Browser
-> auth-portal register
-> authz-service /portal/register
-> deploy-control /api/instances/register
-> create app-instance container
-> app-instance backend registers user/backend
-> provider onboarding
-> deploy-control configures provider
-> user enters app-instance URL
```
Product requirements:
- Clear success/failure state during provisioning.
- Provider setup can be skipped but instance must explain missing model config later.
- Internal control-plane endpoints stay private.
### Flow B: Chat To Managed Task
```text
User message
-> chat workbench
-> backend task router
-> ordinary chat or task mode
-> task created
-> Agent execution
-> tool calls and artifacts
-> task timeline
-> user accepts / asks revision / abandons
```
Product requirements:
- The user must understand when a message became a task.
- The task must be recoverable from chat, task list, and details page.
- Acceptance feedback must influence future learning.
### Flow C: Complex Task With Agent Team
```text
Task request
-> TaskExecutionPlanner
-> ExecutionGraph
-> sequence / parallel / DAG nodes
-> TaskSkillResolver binds skills or ephemeral guidance
-> LocalAgentRunner executes nodes
-> main Agent synthesizes final answer
-> evidence saved
```
Product requirements:
- Team execution should be visible without overwhelming users.
- Failed subtasks should be diagnosable.
- Final synthesis should cite or summarize subtask evidence.
### Flow D: Skill Learning Loop
```text
Accepted task
-> skill learning candidate
-> draft synthesis
-> safety report
-> eval report
-> human review
-> publish
-> future skill retrieval
```
Product requirements:
- Only accepted or otherwise high-signal work should become skill candidates.
- Publishing requires review and gates.
- Skill quality must be traceable over versions.
### Flow E: File And Tool Work
```text
User uploads file or Agent needs file/tool
-> workspace file API or tool registry
-> Agent tool execution
-> result returned to context
-> event/evidence saved
-> artifact available in task or files
```
Product requirements:
- User-visible file roots must stay simple.
- Tool calls must be recorded.
- Dangerous tools need policy and review.
### Flow F: Scheduled Work And Notifications
```text
User creates scheduled job
-> cron service stores job
-> scheduled run triggers task/notification
-> user reviews output
-> output can become normal task continuation
```
Product requirements:
- Scheduled outputs need the same acceptance path as manual tasks.
- Failed scheduled runs need alerts and retry/recovery.
### Flow G: External Connectors
```text
Connector setup
-> channel/connector config
-> sidecar or external provider
-> inbound event or outbound action
-> Beaver task/runtime
-> response or notification
```
Product requirements:
- External writes need clear user/admin control.
- Connector onboarding must show state, errors, and reconnect steps.
- Multi-instance callback routing must be explicit.
## 6. Governance Boundaries
### Instance Boundary
Each app instance owns:
- `config.json`
- `web_auth_users.json`
- `workspace/`
- skills and runtime state
- provider configuration
Risk:
- Cross-instance leakage would be a critical incident.
### Control Plane Boundary
Public exposure should be limited to:
- Auth portal.
- Router proxy for app instances.
Do not expose:
- `deploy-control`.
- `authz-service`.
### Tool Boundary
Tools are the action surface. Policy should distinguish:
- Read-only tools.
- Workspace-scoped write tools.
- External write tools.
- Destructive tools.
- Credential/permission/payment tools.
### Skill Boundary
Skills guide Agent behavior and tool use. Publishing a bad skill can create repeated bad behavior. Skill publishing therefore needs:
- Candidate quality signal.
- Safety report.
- Eval/replay evidence where possible.
- Human review.
- Version rollback.
### Memory Boundary
Memory creates long-term product value but also trust risk. Productization should include:
- Source.
- Confidence.
- Last used.
- Edit/delete/freeze controls.
- Task evidence showing when memory was used.
## 7. Architecture Maturity
| Area | Maturity | Notes |
| --- | --- | --- |
| Multi-instance deployment | Pilot-ready | Needs lifecycle and health automation |
| Chat workbench | Pilot-ready | UI docs show tested states |
| Task lifecycle | Strong | Core product loop exists |
| Task evidence | Strong foundation | Needs narrative/summary layer |
| Agent team | Functional | Needs product explanation and failure UX |
| Files | Pilot-ready | UI docs show tested workflows |
| Tools/MCP | Functional | Needs policy hardening and admin clarity |
| Skills | Functional | Needs stronger quality gates and reuse metrics |
| Memory | Backend foundation | Needs visible product controls |
| Scheduled work | Basic product capability | Needs stability and clearer run handling |
| Connectors | Mixed maturity | Need pilot-safe connector list |
| Operations | Basic | Needs health console, backup/restore, runbook |
## 8. Architecture Risks
| Risk | Severity | Mitigation |
| --- | --- | --- |
| Control-plane service exposed publicly | Critical | Deployment checks and docs; firewall/proxy validation |
| Instance data leakage | Critical | Path isolation tests, authz tests, MinIO/user-files policy checks |
| Tool side effects without review | High | Tool policy profiles, evidence logs, connector sandbox |
| Provider misconfiguration blocks first use | High | Onboarding checks and settings diagnostics |
| Product surface becomes hard to operate | High | Admin health console and staged pilot scope |
| Memory trust gap | High | Memory control center before broad memory activation |
| Skill quality drift | High | Safety/eval/replay and publish gates |
## 9. Recommended Architecture Roadmap
### Next 30 Days
- Rehearse clean deployment and record missing steps.
- Add pilot health checklist for auth portal, authz, deploy control, router, and app instance.
- Define pilot-safe tools and connectors.
- Add task evidence narrative summary.
- Track accepted task, skill candidate, and skill reuse events.
### Next 90 Days
- Memory Control Center MVP.
- Admin Health Console MVP.
- Instance suspend/resume/backup/restore runbook or tooling.
- Connector sandboxing and side-effect policy.
- Skill replay/eval as part of skill governance.
- Organization/team-level roadmap decision.
## 10. Product Architecture Principle
Beaver should keep its product architecture centered on controlled Agent work:
```text
private workspace
+ task lifecycle
+ tool/file execution
+ evidence
+ acceptance
+ skill/memory reuse
+ operational governance
```
New features should strengthen this loop. Features that do not improve execution, evidence, acceptance, reuse, or governance should be treated as secondary until the pilot motion is proven.

494
docs/product-discovery/beaver/product-discovery-report.md Normal file
View File

@ -0,0 +1,494 @@
# Beaver Product Discovery Report
Date: 2026-06-09
Product stage: existing product
Scope: the whole Beaver product, including deployment, runtime, UI, Agent execution, tasks, files, tools, skills, memory, connectors, scheduled work, governance, validation, launch, and maintenance.
## Executive Summary
Beaver is an enterprise Agent sandbox and execution platform. Its product promise is to move AI from "chat that gives answers" to "controlled Agent work that creates deliverables, records evidence, asks for acceptance, and turns accepted work into reusable capability."
The strongest product wedge is not another chatbot UI. It is the full execution loop:
```text
user request
-> task recognition
-> Agent/team execution
-> tool and file work
-> evidence timeline
-> user acceptance or revision
-> skill and memory learning
-> future reuse
```
The current codebase already supports major parts of this loop: multi-instance Docker deployment, auth portal, app instances, chat workbench, task center, task details, user acceptance, files, tools, skills, skill learning, marketplace, settings, connectors, scheduled jobs, and backend Agent team orchestration. The next product challenge is packaging these capabilities into a clear buyer story, validating the highest-value use cases, hardening operational reliability, and making governance understandable to non-engineer stakeholders.
Recommended product strategy:
1. Position Beaver as "enterprise Agent execution and governance," not as a general AI chat app.
2. Focus first on repeatable knowledge work that is high-frequency, cross-tool, evidence-sensitive, and review-heavy.
3. Treat task acceptance, evidence, skills, and memory as the core product loop.
4. Productize deployment and operations enough for pilots before broad feature expansion.
5. Validate value through real workflows, not opinions about AI.
## Product Summary
### Product Description
Beaver is a private-deployable Agent workspace for teams that need AI to perform work, not only answer questions. A user can chat, upload files, trigger tasks, review execution evidence, accept or revise results, manage tools, install or publish skills, configure model providers, connect external systems, and run scheduled work.
### Target Users
| Segment | Primary Need | Why Beaver Fits |
| --- | --- | --- |
| Enterprise AI platform owner | Provide controlled Agent capability to teams | Private deployment, per-instance boundaries, tools, skills, governance |
| Knowledge workflow team | Finish recurring multi-step work faster | Task execution, files, tools, acceptance, scheduled work |
| Project / delivery team | Produce and revise deliverables with traceability | Task timeline, artifacts, evidence, revision loop |
| Engineering / support team | Use AI with files, commands, logs, and review | Tool execution, task evidence, multi-agent planning |
| Operations / admin | Configure models, users, connectors, and instances | Auth portal, deploy control, settings, status, logs |
| Skill owner / reviewer | Turn successful work into reusable methods | Skill candidates, drafts, safety/eval reports, review, publish |
### Current Feature Map
| Domain | Current State | Product Meaning |
| --- | --- | --- |
| Auth and onboarding | Auth portal, register/login, model provider onboarding | Users can enter a controlled workspace |
| Multi-instance deployment | Deploy control creates isolated app-instance containers; router proxy routes by host | Enables per-user or per-team sandboxing |
| Chat workbench | Conversations, attachments, task cards, current task progress, acceptance controls | Main user workspace |
| Task runtime | Auto task recognition, task creation, runs, timeline, status, acceptance | Converts chat into managed work |
| Agent execution | Unified engine, main agent, sub-agent/team execution, sequence/parallel/DAG coordinator | Handles complex work beyond one response |
| Tools | Built-in tools, MCP tools, tool management UI | Lets Agents act on files, web, terminal, integrations |
| Files | Workspace file browser, upload, preview, download, delete | Gives AI and users a shared working surface |
| Skills | Published skills, candidates, drafts, safety/eval, review, publish | Turns accepted work into reusable methods |
| Marketplace | Skill discovery/install flow | Foundation for capability distribution |
| Memory | Backend long-term memory foundation exists, product integration still incomplete | Future compounding personalization and organization knowledge |
| Scheduled work | Cron jobs, notifications, scheduled task flows | Moves from reactive chat to proactive work |
| Connectors | Outlook and external connector architecture; Feishu/Weixin-related sidecar paths | Brings Agent into real business channels |
| Settings/status/logs | Provider config, agent config, channel config, runtime status, restart | Admin control and troubleshooting |
### Current Value Proposition
For enterprise teams:
> Beaver provides a private Agent workspace where AI work is executed, tracked, reviewed, and reused. It gives teams the speed of AI assistance with the control needed for real business workflows.
For product pilots:
> Beaver is strongest when a team has recurring knowledge work that crosses files, tools, systems, and reviews.
### Current Challenges
| Challenge | Why It Matters |
| --- | --- |
| Product breadth is large | Buyers may not understand what to adopt first |
| Memory is partly backend-ready but not fully productized | "越用越懂" story needs visible control |
| Connector maturity varies by channel | Customer demos must avoid overpromising |
| Multi-instance deployment is powerful but operationally sensitive | Pilot success depends on stable setup and clear runbooks |
| Skill learning needs strong governance | Reuse can become risk if publishing is weak |
| Metrics are not yet productized | Hard to prove pilot value without baseline and target |
| Customer research is not yet captured | Current roadmap is inferred from implementation and product judgment |
## User Segments
### Segment 1: Enterprise AI Platform Owner
They need to safely introduce Agent capability into an organization. Their concern is not whether an LLM can answer a question; it is whether teams can use it without losing control of data, tools, cost, and quality.
### Segment 2: Workflow Owner
They own a recurring process such as weekly reporting, project status, proposal drafting, research, operations follow-up, support triage, or document review. They want less manual coordination and more repeatable output.
### Segment 3: Individual Knowledge Worker
They want one workspace where they can chat, upload files, run tools, generate artifacts, and continue a task until the output is usable.
### Segment 4: Admin / Operator
They need to create instances, configure models, monitor status, debug logs, manage connectors, and keep deployment safe.
### Segment 5: Skill Maintainer
They curate reusable skills, review drafts, evaluate safety, publish stable versions, and prevent low-quality automation from spreading.
## JTBD
| User | Job Story | Current Alternative | Beaver Outcome |
| --- | --- | --- | --- |
| Platform owner | When teams ask for AI tools, I want a controlled Agent workspace so they can experiment without unmanaged SaaS sprawl | ChatGPT accounts, custom scripts, internal demos | Private, governed Agent workspace |
| Workflow owner | When a recurring process takes many manual steps, I want AI to execute and track it so my team can review the result | Manual docs, spreadsheets, Slack/email coordination | Task with timeline, artifacts, acceptance |
| Knowledge worker | When I ask AI to produce something, I want to revise and accept it as work, not just receive a message | Chat thread and copy/paste | Task lifecycle and deliverable loop |
| Admin | When a user registers, I want a workspace created and routed automatically so onboarding is repeatable | Manual container setup | Auth portal + deploy control + router proxy |
| Skill maintainer | When a task succeeds, I want to turn its method into a reusable skill so future tasks improve | Prompt docs, tribal knowledge | Skill candidate/draft/review/publish |
| Security reviewer | When Agents use tools, I want evidence and boundaries so I can audit behavior | Opaque model/tool calls | Tool traces, task evidence, instance sandbox |
## Opportunity Areas
Opportunity scores are qualitative estimates from current docs and product context. They need validation with customer interviews and pilot data.
| Opportunity | Importance | Current Satisfaction | Opportunity Score | Notes |
| --- | ---: | ---: | ---: | --- |
| I need AI outputs to become reviewable tasks, not loose chat replies | 0.95 | 0.30 | 0.67 | Core wedge |
| I need evidence of what the Agent did | 0.90 | 0.35 | 0.59 | Governance driver |
| I need repeatable workflows to become reusable skills | 0.85 | 0.40 | 0.51 | Learning moat |
| I need private deployment and instance boundaries | 0.90 | 0.45 | 0.50 | Enterprise adoption |
| I need AI to work across files, tools, and external systems | 0.85 | 0.45 | 0.47 | Workflow depth |
| I need proactive scheduled work, not only reactive chat | 0.70 | 0.45 | 0.39 | Expansion opportunity |
| I need memory that I can inspect and control | 0.80 | 0.25 | 0.60 | High future leverage |
Top opportunities:
1. Make AI work reviewable and acceptable.
2. Make process evidence and governance visible.
3. Turn accepted work into reusable skills and memory.
## Product Positioning
Recommended primary positioning:
> Beaver is an enterprise Agent execution and governance platform for repeatable knowledge work.
Supporting message:
> It gives teams a private Agent sandbox where AI can use tools, manage files, execute tasks, record evidence, ask for acceptance, and learn reusable skills from approved work.
Avoid positioning Beaver as:
- A generic chatbot.
- A pure model gateway.
- A standalone RPA replacement.
- A developer-only Agent framework.
- A marketplace-only skill product.
## Competitive Frame
| Category | Strength | Gap Beaver Addresses |
| --- | --- | --- |
| AI chat apps | Fast answers and content generation | Weak task lifecycle, evidence, acceptance, and reuse |
| RPA / automation | Repeatable process execution | Rigid flows, harder natural-language adaptation |
| Agent frameworks | Developer flexibility | Missing complete user workspace and governance surface |
| Internal scripts | Fast local automation | Poor product UX, auditability, onboarding, and scaling |
| Enterprise AI platforms | Governance and admin | Often weak on task-level execution and skill learning loop |
## Product Ideas
Generated from PM, design, and engineering perspectives.
### PM Ideas
1. Pilot Workflow Templates: package 3-5 high-value workflows such as weekly report, project brief, support triage, document review.
2. Team Workspace Mode: group multiple users under one organization workspace with shared skills and controlled memory.
3. Governance Scorecard: show evidence coverage, accepted tasks, skill reuse, failed runs, and tool risk.
4. Skill Quality Lifecycle: strengthen candidate -> draft -> safety -> eval -> review -> publish -> version rollback.
5. ROI Dashboard: measure time saved, accepted tasks, revision rounds, reusable skill adoption.
### Design Ideas
1. Work Inbox: unify tasks, scheduled runs, notifications, and pending reviews.
2. Task Evidence Narrative: convert raw events into readable "what happened" timeline.
3. Memory Control Center: show what Beaver remembers, why, source, confidence, and edit/delete controls.
4. First-Run Product Tour: guide a new user from provider setup to first accepted task.
5. Admin Health Console: one page for instance, provider, connector, queue, and runtime health.
### Engineering Ideas
1. Tenant/Workspace Policy Profiles: control allowed tools, connectors, memory behavior, and publish gates per deployment.
2. Connector Sandbox Layer: test external channel actions without touching production systems.
3. Unified Evidence Schema: normalize task, tool, artifact, skill, memory, and connector events.
4. Replay-Based Skill Evaluation: evaluate skill drafts against historical accepted runs.
5. Instance Lifecycle Automation: suspend, resume, backup, restore, rotate secrets, inspect health.
Top 5 product ideas to pursue:
| Rank | Idea | Why Selected | Assumptions |
| ---: | --- | --- | --- |
| 1 | Pilot Workflow Templates | Gives customers a concrete starting point | Initial buyers share common workflows |
| 2 | Task Evidence Narrative | Makes governance understandable | Reviewers value readable evidence |
| 3 | Memory Control Center | Unlocks long-term differentiation | Users trust memory if they can inspect/control it |
| 4 | Governance Scorecard | Helps buyers justify adoption | Platform owners need measurable proof |
| 5 | Instance Lifecycle Automation | Reduces pilot operational risk | Deployments will grow beyond a few instances |
## Key Assumptions
| Assumption | Category | Impact | Uncertainty |
| --- | --- | ---: | ---: |
| Enterprise teams feel enough pain with chat-only AI to adopt an Agent workspace | Value | High | Medium |
| Task acceptance is a meaningful quality signal | Value | High | Medium |
| Users will tolerate a task workflow instead of expecting instant chat only | Usability | High | Medium |
| Per-instance deployment is operationally acceptable for early customers | Feasibility | High | Medium |
| Workflow owners can identify repeatable tasks worth piloting | Value | High | Low |
| Skill reuse creates visible productivity gains | Business Viability | High | High |
| Memory control is required before customers trust long-term memory | Trust | High | Medium |
| Connectors are necessary for customer stickiness | Value | Medium | Medium |
| Admins can manage model provider configuration without heavy support | Usability | Medium | Medium |
| The team can maintain broad product surface without quality drift | Team Capability | High | High |
## Prioritized Assumptions
### P0 Validate Immediately
| Assumption | Why It Matters | What Could Go Wrong | Validation |
| --- | --- | --- | --- |
| Customers prefer task-based AI execution over chat-only for real work | Core product wedge | Users see tasks as overhead | Run 3 workflow pilots and compare chat-only vs task loop |
| Evidence timeline increases trust | Governance story depends on it | Evidence is too technical or noisy | Reviewer usability test with task timelines |
| Private multi-instance deployment is acceptable | Adoption depends on ops fit | Setup too fragile or expensive | Deploy pilot on fresh Linux host and measure time/errors |
| Accepted tasks can generate reusable skills that users value | Learning loop depends on this | Skills are low quality or unused | Track reuse of skills from accepted pilot tasks |
### P1 Important
| Assumption | Why It Matters | Validation |
| --- | --- | --- |
| Memory control center is required before broad rollout | Trust and differentiation | Interview pilot admins and users |
| Connectors drive retention | External systems make workflows real | Compare pilot workflows with and without Outlook/IM connectors |
| Scheduled work creates high-value usage | Moves Beaver from reactive to proactive | Test weekly report and reminder workflows |
| Marketplace/skill distribution is a buyer requirement | Scaling reuse across teams | Ask platform owners during procurement |
### P2 Later
| Assumption | Why It Matters | Validation |
| --- | --- | --- |
| Multi-user team workspace is required for first paid pilots | Could reshape architecture | Validate with buyer interviews |
| Fine-grained per-tool policies are needed in UI | Admin complexity | Observe support requests |
| Cross-instance organization analytics is needed early | Enterprise reporting | Validate after 2-3 pilots |
## Opportunity Solution Tree
Desired outcome:
> Within 90 days, prove that a pilot team can complete repeatable AI-assisted work with acceptance, evidence, and reuse: at least 30 accepted tasks, 5 reusable skills, 2 recurring workflows, and 0 critical deployment/security incidents.
```text
Outcome: Trusted repeatable Agent work in pilot teams
Opportunity 1: I need AI outputs to become reviewable deliverables.
Solution 1.1: Task lifecycle with acceptance and revision.
Experiment: Run a project brief workflow and measure accepted output rate.
Solution 1.2: Task details page with evidence narrative.
Experiment: Ask reviewers to reconstruct what happened from timeline.
Solution 1.3: Work Inbox for pending reviews and scheduled outputs.
Experiment: Fake-door navigation item and measure clicks/asks.
Opportunity 2: I need confidence that Agent tool use is controlled.
Solution 2.1: Tool traces and artifact timeline.
Experiment: Security review of 5 real tasks.
Solution 2.2: Admin health and policy console.
Experiment: Operator performs setup/debug checklist on fresh instance.
Solution 2.3: Connector sandbox and side-effect journals.
Experiment: Test external send/reply flows in sandbox mode.
Opportunity 3: I need successful work to become reusable.
Solution 3.1: Skill candidate -> draft -> review -> publish.
Experiment: Convert 5 accepted tasks into skills and track reuse.
Solution 3.2: Memory Control Center.
Experiment: Prototype memory review UI and test trust/comprehension.
Solution 3.3: Pilot workflow templates.
Experiment: Package 3 templates and measure first-task success rate.
```
## Validation Experiments
| Assumption | Hypothesis | Experiment | Duration | Success Criteria |
| --- | --- | --- | --- | --- |
| Task loop beats chat-only | Users complete more usable work with task acceptance than plain chat | Same workflow performed in chat-only and Beaver task loop | 1 week | Beaver output accepted in fewer revision rounds |
| Evidence creates trust | Reviewers can understand and audit what happened | Give 5 timelines to reviewers | 2 days | >=80% identify tools, artifacts, result, and risk |
| Deployment is pilot-ready | Fresh host setup is repeatable | Deploy on clean Linux/WSL2 machine using docs | 1 day | Setup under 2 hours with no undocumented step |
| Skills create reuse | Accepted tasks can become useful skills | Convert 5 pilot tasks into skills | 2 weeks | 3 skills reused at least twice |
| Memory needs control UI | Users trust memory more with inspect/edit/delete | Clickable prototype or simple page | 3 days | >=80% say they would enable memory with controls |
| Scheduled work matters | Recurring workflows create repeat usage | Weekly report or reminder pilot | 2-4 weeks | At least 2 recurring jobs run and get accepted outputs |
## Feature Prioritization
### Must Have
| Feature | Impact | Effort | Risk | Reason |
| --- | --- | --- | --- | --- |
| Auth portal and instance onboarding | High | High | Medium | Required for any user to start |
| Provider configuration flow | High | Medium | Medium | Model access is prerequisite |
| Chat workbench | High | High | Medium | Primary user surface |
| Task lifecycle and acceptance | High | High | Medium | Core differentiation |
| Task timeline/evidence | High | High | Medium | Governance and review |
| Files workspace | High | Medium | Medium | Most real workflows need files |
| Tool management | High | Medium | High | Agents need controlled action surface |
| Skills review/publish | High | High | High | Reuse loop |
| Settings/status/logs | High | Medium | Medium | Operational support |
| Basic deployment guide/runbook | High | Medium | Medium | Pilot readiness |
### Should Have
| Feature | Impact | Effort | Risk | Reason |
| --- | --- | --- | --- | --- |
| Pilot workflow templates | High | Medium | Low | Creates adoption path |
| Evidence narrative layer | High | Medium | Medium | Makes audit readable |
| Memory Control Center | High | High | Medium | Unlocks long-term trust |
| Skill replay/eval hardening | High | High | High | Makes learning safer |
| Scheduled workflow polish | Medium | Medium | Medium | Supports proactive use cases |
| Connector onboarding polish | Medium | High | High | Needed for real systems |
| Admin health console | Medium | Medium | Medium | Reduces support load |
### Could Have
| Feature | Reason |
| --- | --- |
| Multi-user organization workspace | Valuable, but changes scope and permissions |
| Cross-instance analytics | Useful after multiple deployments |
| Fine-grained policy UI | Need policy demand before UI complexity |
| Audit export | Strong sales support, not first pilot blocker |
| Cost/quality model router | Useful after usage volume grows |
### Not Yet
| Feature | Reason |
| --- | --- |
| Broad public SaaS launch | Product and ops need pilot hardening first |
| Fully autonomous publish of skills | Human review should remain mandatory |
| Production writes through connectors without review | Trust risk |
| Complex enterprise RBAC before pilot validation | May overbuild before segment clarity |
## Metrics Dashboard
### North Star Metric
Accepted Agent Workflows:
> Number of AI-assisted tasks or scheduled workflows accepted by users per active pilot team per week.
Why this metric: it captures real delivered value better than messages sent, tokens used, or model calls.
### Input Metrics
| Metric | Definition | Target For Pilot |
| --- | --- | --- |
| Task Creation Rate | Tasks created / active users / week | Increasing weekly |
| Acceptance Rate | Accepted task runs / completed task runs | >=60% in pilot |
| Revision Rate | Runs needing revision / completed runs | Track down over time |
| Evidence Coverage | Task runs with timeline/tool/artifact evidence / task runs | >=90% |
| Skill Candidate Rate | Accepted tasks producing candidates / accepted tasks | >=20% after week 2 |
| Skill Reuse Rate | Runs activating published pilot skills / task runs | >=15% after skills exist |
| Scheduled Success Rate | Accepted scheduled outputs / scheduled runs | >=50% for selected workflows |
| Deployment Success Time | Fresh deployment time to first working user | <2 hours for pilot |
### Guardrail Metrics
| Metric | Alert |
| --- | --- |
| Critical tool/security incident | Any occurrence |
| Instance creation failure rate | >10% in pilot |
| Provider configuration failure rate | >20% |
| Task run failure rate | >20% for 2 consecutive days |
| Connector side-effect incident | Any unintended external write |
| User file permission/storage incident | Any cross-user or cross-instance leak |
| p95 task completion latency | Exceeds pilot workflow tolerance |
### Business Metrics
- Pilot activation: teams reaching first accepted task.
- Time to first accepted task.
- Weekly active task users.
- Repeated workflow count.
- Skill reuse per team.
- Customer-reported time saved.
- Pilot conversion intent.
## Customer Research Plan
No direct interview transcripts were provided. Research should start immediately before locking roadmap.
### Participants
- 5 knowledge workers with recurring document/report/research workflows.
- 3 workflow owners or team leads.
- 3 enterprise AI platform/admin stakeholders.
- 2 security or IT reviewers.
- 2 engineers/operators who would deploy and maintain Beaver.
### Questions
- What recurring work is painful enough to delegate to an Agent?
- What would make an AI output "acceptable" instead of just "interesting"?
- What evidence do you need to trust Agent work?
- What systems must the Agent connect to for the workflow to matter?
- What would make you stop a pilot?
- What memory or reuse behavior feels helpful vs risky?
- What does a successful 30-day pilot need to prove?
## Interview Guide
### Opening
We are studying how teams move AI from chat into real work. We are not asking whether you like an idea. We want examples of work you recently did.
### Current Behavior
- Walk me through the last time you used AI for a real work deliverable.
- What happened after the AI gave an answer?
- What did you copy, edit, verify, or redo manually?
- Who reviewed the result?
### Pain
- What was the slowest or most annoying part?
- What made the output hard to trust?
- What tools or files were involved?
- What evidence did you need but did not have?
### Reuse
- Have you repeated a similar workflow since then?
- Did you reuse prompts, templates, scripts, or notes?
- What would make that reuse safe for a team?
### Governance
- What AI actions would need approval?
- What data or tools should be off limits?
- Who needs to see the history of what happened?
### Pilot
- Which one workflow would you test first?
- What result would make you expand usage?
- What failure would make you stop?
## Recommended Next 30 Days
1. Pick 2-3 pilot workflows: project brief, weekly report, document review, support triage, or file processing.
2. Run fresh deployment rehearsal from README/deployment guide and record gaps.
3. Define pilot metrics and instrument accepted tasks, revisions, skill candidates, skill reuse, and run failures.
4. Create a task evidence narrative prototype on top of existing timeline data.
5. Package pilot workflow templates as skills or documented demos.
6. Validate provider onboarding with 3 non-engineer users.
7. Run security review for file boundaries, tool execution, connectors, and deploy-control exposure.
8. Decide which connector(s) are pilot-safe.
## Recommended Next 90 Days
1. Complete Memory Control Center MVP.
2. Harden skill learning with replay/eval and publish gates.
3. Add Admin Health Console for provider, instance, connector, task queue, and runtime status.
4. Improve instance lifecycle: suspend, resume, backup, restore, rotate secrets.
5. Add customer-facing pilot scorecard.
6. Formalize tool/connector policy profiles.
7. Expand pilot from one workflow to one department.
8. Build audit export after evidence narrative stabilizes.
## Biggest Risks
| Risk | Severity | Mitigation |
| --- | --- | --- |
| Product appears too broad and hard to adopt | High | Lead with pilot workflows and task loop |
| Deployment complexity blocks pilots | High | Rehearsed runbook, health checks, support checklist |
| Agent actions cause unintended side effects | Critical | Conservative tool policy, explicit connector sandboxing, evidence logs |
| Task evidence is too technical | High | Evidence narrative and reviewer testing |
| Skill learning publishes poor methods | High | Human review, safety/eval, replay validation |
| Memory feels creepy or uncontrollable | High | Memory control UI before broad enablement |
| Team spreads effort across too many modules | High | Prioritize task loop, evidence, skills, deployment reliability |
## Recommended Immediate Actions
1. Reframe all main product docs around Beaver as an Agent execution and governance platform.
2. Treat Skill Replay Eval as a subfeature under the skill governance loop.
3. Build the next roadmap around pilot workflows, not isolated modules.
4. Make accepted tasks the main success metric.
5. Productize memory and evidence before adding many new connectors.
6. Prove deployment repeatability before selling broad private deployments.

1449
docs/product-discovery/beaver/product-prd.html Normal file
View File

File diff suppressed because it is too large Load Diff

378
docs/product-discovery/beaver/validation-plan.md Normal file
View File

@ -0,0 +1,378 @@
# Beaver Validation Plan
Date: 2026-06-09
Purpose: validate Beaver as a whole product before broader rollout.
## 1. Validation Strategy
Beaver should be validated through real workflows, not through opinions about AI.
The validation sequence:
```text
customer problem
-> workflow fit
-> first-run onboarding
-> task execution
-> evidence comprehension
-> acceptance/revision
-> skill reuse
-> deployment and operations
-> security/governance
```
## 2. Validation Questions
### Product Value
- Does Beaver solve a painful enough workflow problem?
- Does task acceptance make AI work feel more reliable?
- Do users complete more usable work than with chat-only AI?
- Does skill reuse save time after repeated workflows?
### Usability
- Can users understand when chat becomes a task?
- Can users find task evidence and artifacts?
- Can users accept, revise, or abandon without confusion?
- Can admins configure providers and connectors without engineering help?
### Technical Feasibility
- Can fresh deployments be created repeatably?
- Can app instances stay isolated?
- Can Agent tasks run reliably with files, tools, skills, and scheduled jobs?
- Can failures be diagnosed from status/logs/events?
### Governance And Security
- Are control-plane services private?
- Are file and workspace boundaries enforced?
- Are tool calls recorded and reviewable?
- Are external connector writes controlled?
- Is memory inspectable and controllable before broad use?
### Business Viability
- Does a pilot team have enough recurring workflows?
- Can the product produce measurable weekly value?
- Can an admin operate it with acceptable support load?
- Can the buyer justify expansion?
## 3. Pilot Workflow Candidates
| Workflow | Why It Fits | Required Capabilities | Success Signal |
| --- | --- | --- | --- |
| Weekly project report | Recurring, evidence-sensitive, review-heavy | scheduled work, files, task acceptance, artifacts | Report accepted weekly |
| Project brief / proposal | Multi-step, document-heavy, revision-heavy | chat, files, tools, task timeline, revisions | Brief accepted after fewer rounds |
| Document review | Clear deliverable and evidence need | files, task timeline, artifacts, acceptance | Review output accepted |
| Support triage | Tool/context-heavy and repeatable | tasks, tools, memory, maybe connector | Triage summary accepted |
| Research synthesis | Agent team fit, artifact-heavy | multi-agent, web/search, files, evidence | Synthesis accepted and reused |
Recommended first pilot:
1. Project brief or document review for manual task loop.
2. Weekly project report for scheduled workflow.
3. Skill reuse from the accepted outputs.
## 4. Customer Discovery Validation
### Participants
- 5 end users.
- 3 workflow owners.
- 3 admins/platform owners.
- 2 security reviewers.
- 2 operators/engineers.
### Method
- 45-minute interviews using past-behavior questions.
- 60-minute workflow walkthrough with Beaver.
- Follow-up after one week of usage.
### Evidence To Collect
- Current workflow steps.
- Time spent today.
- Existing tools/files/systems involved.
- Review/approval requirements.
- Trust blockers.
- Repeat frequency.
- What would count as a successful pilot.
### Pass Criteria
- At least 3 workflows are repeated weekly or more.
- At least 2 workflows involve files or external tools.
- At least 2 stakeholders require evidence/auditability.
- At least 1 team lead agrees to a real pilot workflow.
## 5. Product Workflow Validation
### Test 1: First Accepted Task
Goal: user reaches first accepted task.
Steps:
1. Register or log in.
2. Configure provider.
3. Start from a suggested workflow or freeform chat.
4. Upload or reference a file if needed.
5. Let Beaver create/continue a task.
6. Inspect output and evidence.
7. Accept or request revision.
Pass criteria:
- User completes without developer assistance.
- First accepted task occurs in one session.
- User can explain what Beaver did.
### Test 2: Revision Loop
Goal: prove Beaver handles "not good enough yet."
Steps:
1. Run a task.
2. Ask for a specific revision.
3. Confirm the same task context continues.
4. Accept revised output.
Pass criteria:
- Revision feedback is preserved.
- Task timeline shows revision.
- User does not need to restate full context.
### Test 3: Evidence Review
Goal: verify trust and auditability.
Steps:
1. Give reviewer a completed task detail page.
2. Ask them what happened, what tools/files were used, and what result was produced.
3. Ask whether they would approve the output.
Pass criteria:
- >=80% reviewers identify the key actions and artifacts.
- Reviewers can state at least one risk or confidence reason.
### Test 4: Skill Reuse
Goal: prove accepted work can compound.
Steps:
1. Accept a task.
2. Generate skill candidate/draft.
3. Review and publish skill.
4. Run a similar task.
5. Check whether skill activates and improves work.
Pass criteria:
- At least 3 pilot skills are reused twice.
- Users report lower effort on repeated task.
### Test 5: Scheduled Workflow
Goal: validate proactive work.
Steps:
1. Create scheduled job.
2. Trigger or wait for scheduled run.
3. Review notification/output.
4. Accept or revise.
Pass criteria:
- Scheduled run is visible.
- Output enters review flow.
- Failed run has clear recovery path.
## 6. Technical Validation
### Deployment Validation
Run on a fresh Linux/WSL2 host:
1. Build images.
2. Create Docker network.
3. Start router proxy.
4. Start authz service.
5. Start deploy control.
6. Start auth portal.
7. Register user.
8. Configure provider.
9. Open app instance.
10. Complete first task.
Pass criteria:
- Under 2 hours with docs only.
- No undocumented environment variables.
- Public exposure limited to auth portal and router proxy.
### Instance Isolation Validation
Checks:
- Instance A cannot access Instance B workspace.
- User file roots stay scoped.
- Router sends host to correct container.
- Provider config is instance-specific.
- Deleting one instance does not affect another.
Pass criteria:
- No cross-instance reads/writes.
- Registry state remains consistent.
### Runtime Validation
Checks:
- Chat API.
- WebSocket/runtime status.
- Task creation and deletion.
- Task detail events.
- File upload/preview/download/delete.
- Tool test.
- Skill candidate/draft/review/publish.
- Cron create/toggle/run/delete.
- Settings provider save.
- Runtime restart.
Pass criteria:
- Critical user flows pass on desktop and mobile viewport.
- Failure states have visible recovery.
## 7. Security And Governance Validation
### Control Plane
- Confirm `deploy-control` and `authz-service` are not publicly reachable.
- Confirm tokens are required for control-plane calls.
- Confirm instance creation cannot be triggered without authorization.
### Files
- Confirm only allowed user roots are visible.
- Confirm absolute-style or cross-prefix paths are rejected.
- Confirm delete operations require explicit user action.
### Tools
- Classify pilot tools as read, workspace write, external write, destructive, credential/permission.
- Record tool calls in task evidence.
- Block or require review for dangerous actions.
### Connectors
- Use sandbox/test accounts for pilot when possible.
- Confirm callback base URL is per-instance.
- Confirm disconnect/reconnect path.
### Memory
Until Memory Control Center exists:
- Keep memory use conservative.
- Document what is stored.
- Avoid enabling opaque long-term memory for sensitive pilots.
## 8. Usability Validation
Viewports:
- 320px.
- 375px.
- 390px.
- 768px.
- 1024px.
- 1365px.
- One mobile landscape viewport.
Screens:
- Auth portal login/register/provider onboarding.
- Chat workbench.
- Task list/detail.
- Files.
- Skills.
- Marketplace.
- Tools.
- Notifications/cron.
- Outlook/connectors if in pilot.
- Settings/status/logs.
Pass criteria:
- No horizontal overflow.
- No inaccessible critical controls.
- Touch targets are usable.
- Loading, empty, error, success, and disabled states are visible.
## 9. Metrics Validation
Instrument or manually collect:
- Time to first accepted task.
- Accepted tasks per user/team/week.
- Acceptance rate.
- Revision rate.
- Task run failure rate.
- Evidence coverage.
- Skill candidates.
- Skill drafts.
- Published skills.
- Skill reuse.
- Scheduled run success.
- Provider setup failure.
- Instance creation failure.
- Connector setup failure.
Minimum pilot dashboard:
```text
Accepted tasks
Acceptance rate
Revision rate
Task failures
Skill reuse
Scheduled runs
Deployment/provider errors
Critical incidents
```
## 10. Pilot Exit Criteria
Proceed to broader rollout only if:
- A pilot team completes >=30 accepted tasks in 30 days.
- At least 2 recurring workflows are active.
- At least 5 skills are created and 3 reused twice.
- Task acceptance rate is >=60%.
- No critical security or deployment incidents occur.
- Fresh deployment can be repeated from docs.
- Admin can diagnose common failures from status/logs/runbook.
- Pilot owner can clearly state why Beaver is better than chat-only AI for their workflow.
## 11. Decision Matrix
| Result | Decision |
| --- | --- |
| High task acceptance, low skill reuse | Improve skill learning and workflow templates |
| High interest, deployment friction | Invest in deploy runbook and health console |
| Good demos, low recurring use | Revisit target segment and workflow selection |
| High usage, trust concerns | Prioritize evidence narrative, policy, memory controls |
| Connector demand dominates | Narrow connector roadmap to one high-value system |
| Memory concerns dominate | Build Memory Control Center before expansion |

387
docs/product-discovery/skill-replay-eval/PRD-skill-replay-eval.md Normal file
View File

@ -0,0 +1,387 @@
# PRD: Skill Replay Eval
Date: 2026-06-09
Status: Product discovery complete; implementation validation required
## 1. Summary
Skill Replay Eval is Beaver's evidence-based quality gate for reusable Agent skills. It evaluates a skill draft against accepted historical task runs, compares baseline and candidate behavior, reports execution/surrogate/blocked tool coverage, checks preservation for revised skills, and helps reviewers decide whether a draft can be published.
The goal is not to replace human review. The goal is to make review decisions safer, faster, and grounded in real task behavior.
## 2. Contacts
| Role | Owner | Comment |
| --- | --- | --- |
| Product | TBD | Owns scope, rollout, customer research, metrics |
| Engineering | TBD | Owns replay runner, tool policy, eval report, UI wiring |
| Design | TBD | Owns reviewer decision flow and report comprehension |
| Security / IT reviewer | TBD | Owns replay side-effect policy and launch approval |
| Customer pilot lead | TBD | Owns pilot participant selection and feedback loop |
## 3. Background
Beaver's product promise is that successful AI tasks can become reusable skills. This is valuable only if skill publishing is trustworthy. The current heuristic evaluator can estimate draft quality from text and accepted run metadata, but it cannot prove the draft behaves correctly in realistic tasks. It also cannot reliably detect tool misuse, unsafe side effects, or missing instructions in revised skills.
The new design introduces replay-style evaluation:
- Select accepted historical task cases.
- Run a baseline arm and a candidate arm.
- Execute safe tools in a replay context.
- Record unsafe or unavailable tools for surrogate judgment.
- Block destructive actions.
- Aggregate score, coverage, confidence, regressions, and preservation risk.
- Show the report in the Skills review page.
- Use publish gates to prevent low-confidence or unsafe releases.
Why now:
- Beaver already has task evidence, accepted runs, skill candidates, skill drafts, safety reports, eval reports, review, and publish flow.
- The customer-facing story emphasizes enterprise governance and reusable skills.
- Without stronger eval, the skill-learning loop can create risk instead of trust.
## 4. Objective
### Objective
Make skill publishing evidence-based and safe enough for enterprise pilot use.
### Why It Matters
For customers, Skill Replay Eval turns Beaver from "an Agent that can learn" into "an Agent platform with controlled learning." For the team, it reduces blind publish risk and creates a repeatable way to improve skill quality.
### Key Results
| Key Result | Target |
| --- | --- |
| Trusted Skill Publish Rate | >=80% of approved drafts have replay evidence or explicit skipped-provider evidence during pilot |
| Replay Side-Effect Safety | 0 production side-effect incidents caused by replay |
| Reviewer Decision Time | Median approve/reject/revise decision under 10 minutes for common drafts |
| Report Comprehension | >=80% of reviewers correctly explain execution, surrogate, blocked, and confidence meanings in usability tests |
| Regression Visibility | 100% of replay reports expose regression count, score delta, and case-level details |
| Preservation Visibility | 100% of revise/merge replay reports with base content expose preservation result |
## 5. Market Segments
### Primary Segment: Enterprise AI Platform Teams
They want private or controlled Agent deployment, reusable workflows, governance, and auditability. They need evidence before reusable skills are distributed.
### Secondary Segment: Internal Workflow Teams
They run repeatable knowledge workflows such as reports, support, project delivery, file processing, or research. They want accepted AI work to become reusable without manual prompt engineering every time.
### Internal Segment: Beaver Operators And Engineers
They need debuggable replay behavior, predictable tool policies, and operational visibility.
### Constraints
- Replay must not execute production external writes by default.
- Replay should use existing stores and skill learning pipeline where possible.
- Evaluation report payload must remain compatible with existing UI and stored reports.
- First release should cap replay case count to control latency and cost.
- Human review remains mandatory.
## 6. Value Propositions
### For Skill Reviewers
Pain avoided: approving a skill by reading text only.
Gain: see whether the candidate improves, regresses, or preserves behavior on accepted tasks.
### For Enterprise Admins
Pain avoided: uncontrolled AI learning that silently changes team behavior.
Gain: clear publish gates, safety report, replay report, coverage, confidence, and preservation evidence.
### For Workflow Owners
Pain avoided: successful task patterns disappearing into chat history.
Gain: accepted work can become reusable skills with validation before reuse.
### For Engineers
Pain avoided: debugging vague "skill quality" complaints.
Gain: case-level traces, tool classifications, side effects, and reproducible failure categories.
## 7. Solution
### 7.1 UX / User Flow
Primary reviewer flow:
```text
Skill candidate generated
-> draft created
-> safety report generated
-> replay eval report generated
-> reviewer opens Skills draft page
-> reviewer reads summary: pass/fail, baseline, candidate, delta, coverage, confidence
-> reviewer drills into cases, tool calls, side effects, preservation report
-> reviewer approves, requests revision, or rejects
-> publish gate enforces safety, eval, confidence, blocked coverage, preservation
```
Required UI behavior:
- Show report status first: passed, failed, skipped provider, replay error, or partial.
- Show baseline average, candidate average, and score delta.
- Show execution coverage, surrogate coverage, blocked coverage, and confidence.
- Show improved, regressed, and unchanged case counts.
- Show replay cases in a compact table.
- Show raw case reports only after the summary.
- Show preservation report for revise/merge drafts.
- Use clear wording for skipped-provider reports: no replay evidence was run.
Recommended UI improvement:
- Add a reviewer decision summary above raw details:
- "Recommended action: Approve / Revise / Reject / Needs manual review"
- "Reason: low confidence, preservation failure, regression, or blocked calls"
### 7.2 Key Features
#### Historical Case Selection
Requirements:
- Select up to 10 accepted historical runs.
- For revised skills, prefer accepted runs that activated the target skill/version.
- For new skills, use candidate source runs or similar task themes.
- For merged skills, use accepted runs where related skills co-activated.
- Prefer recent accepted runs and diversify repeated tasks.
Acceptance criteria:
- Case selection returns no more than 10 cases.
- Failed or unaccepted runs are excluded.
- Baseline skill names are populated for revise and merge candidates.
#### Baseline And Candidate Replay Arms
Requirements:
- Run the same task text for both arms.
- Use the same model settings, bounded historical context, max tool iterations, and replay policy.
- Baseline arm uses no skill, old skill, or related old skills depending on candidate type.
- Candidate arm injects the draft as pinned draft guidance.
Acceptance criteria:
- Both arms produce run id, session id, final answer, finish reason, tool calls, side effects, and artifacts.
- Replay runs are marked with source `skill_replay_eval`.
- Replay does not create user-visible normal task sessions.
#### Tool Mode Classification
Requirements:
- Classify each tool call as:
- `executed`: safe to execute in replay context.
- `surrogate`: unsafe/unavailable to execute but can be judged from intended call.
- `blocked`: cannot safely execute or judge.
- Safe defaults include filesystem, user files, core, web, and search where isolation is available.
- External writes and connector/MCP write actions default to surrogate.
- Destructive operations default to blocked.
Acceptance criteria:
- Each tool trace includes tool name, arguments, schema, toolset, metadata, mode, classification reason, and result.
- Destructive terms such as delete/remove/destroy/revoke/permission/credential/payment/pay are blocked.
- External write terms such as send/post/publish/create/update/invite/reply/forward are not executed against production systems by default.
#### Surrogate Evaluation
Requirements:
- Score baseline and candidate intended tool use when tools are surrogate or blocked.
- Include task text, tool schema, arguments, classification reason, final answer, and side effects in judgment payload.
- Lower confidence when surrogate or blocked coverage is high.
Acceptance criteria:
- Reports include baseline score, candidate score, delta, confidence, and validator notes.
- Blocked calls reduce score and confidence.
- Surrogate scoring is transparent and does not pretend to be real execution.
#### Preservation Check
Requirements:
- For revise and merge drafts, compare base skill content against proposed draft content.
- Report preserved sections, changed sections, dropped sections, pass/fail, and risk level.
- Failed preservation blocks publish.
Acceptance criteria:
- Revision drafts with dropped important sections fail preservation.
- Reports are visible in the Skills UI.
- Publish gate blocks failed preservation.
#### Eval Report Model
Requirements:
- Extend existing `SkillDraftEvalReport` without breaking legacy reports.
- Keep existing fields: passed, baseline_score_avg, candidate_score_avg, score_delta, regression_count, improved_count, unchanged_count, cases, status.
- Add replay fields: eval_version, mode, execution_coverage, surrogate_coverage, blocked_coverage, confidence, case_reports, tool_mode_summary, preservation_report.
Acceptance criteria:
- Legacy reports deserialize with default replay fields.
- New reports serialize all replay fields.
- Frontend type definitions include replay fields.
#### Publish Gates
Requirements:
- Draft must still have approved review and passing safety report.
- Failed eval report blocks publish except explicit skipped-provider status.
- Replay report with low confidence blocks publish.
- Replay report with blocked coverage >=1.0 blocks publish.
- Failed preservation blocks publish.
Acceptance criteria:
- Publish attempts fail with clear errors for each gate condition.
- Skipped provider is visible and does not silently claim replay passed.
### 7.3 Technology
Backend:
- Python dataclasses.
- Existing file-backed memory stores.
- `SkillLearningPipelineService.evaluate_draft()`.
- `SkillDraftEvaluator`.
- `ReplayRunner`, `ReplayToolExecutor`, `ReplayToolPolicy`.
- `SurrogateToolEvaluator`.
- `SkillDraftEvalReport`.
- FastAPI endpoint wiring through existing Skills APIs.
Frontend:
- Next.js / TypeScript Skills page.
- Existing design system and report card patterns.
- Typed replay report fields in `types/index.ts`.
Testing:
- Unit tests for eval report compatibility.
- Case selection tests.
- Preservation tests.
- Replay executor and replay runner tests.
- Agent loop replay executor override tests.
- Surrogate scoring tests.
- Pipeline publish gate tests.
- Frontend smoke/manual review for report rendering.
### 7.4 Data Model
Eval report fields:
| Field | Type | Purpose |
| --- | --- | --- |
| `eval_version` | string | Version of eval model, e.g. `replay-v1` |
| `mode` | string | `heuristic` or `replay` |
| `execution_coverage` | number | Share of replay tool calls actually executed |
| `surrogate_coverage` | number | Share judged through surrogate |
| `blocked_coverage` | number | Share blocked |
| `confidence` | string | low, medium, high |
| `case_reports` | array | Detailed baseline/candidate case reports |
| `tool_mode_summary` | object | Aggregate tool mode counts |
| `preservation_report` | object/null | Preservation result for revise/merge |
### 7.5 Assumptions
- Accepted historical runs exist and are useful.
- Replay can be isolated enough for safe tool execution.
- Reviewers understand and trust the report after UI iteration.
- Surrogate scoring can be improved over time without blocking v1.
- Publish gates can be calibrated during pilot.
### 7.6 Non-Goals
- No production third-party writes during automatic replay.
- No automatic publishing based only on replay score.
- No full Docker orchestration per replay case in v1.
- No customer-configurable per-tool policy UI in v1.
- No replacement of human review.
- No claim that replay is a complete benchmark of all future tasks.
## 8. Release
### V0: Internal Validation
Scope:
- Current replay report fields.
- Current case selection.
- Current replay runner integration.
- Current tool policy.
- Current Skills UI report display.
- Current publish gates.
Exit criteria:
- Unit tests pass for skill learning replay surface.
- Golden tool policy tests prove no production side effects.
- Reviewer can make decisions from 5 seeded cases.
- Known limitations are documented.
### V1: Pilot Release
Scope:
- Reviewer decision summary.
- Replay readiness indicator.
- Better preservation diff.
- Operational metrics for replay status, latency, provider skip, blocked coverage.
- Customer-facing explanation for replay evidence and confidence.
Exit criteria:
- 0 replay side-effect incidents.
- >=80% reviewer comprehension in usability test.
- Median reviewer decision time under 10 minutes.
- Pilot admins accept report as sufficient review support.
### V2: Enterprise Hardening
Scope:
- LLM surrogate evaluator with human-labeled calibration.
- Policy profiles by deployment risk tier.
- Audit export.
- Skill quality trend across versions.
- Replay operations dashboard.
Exit criteria:
- Human vs surrogate agreement >=80% on unsafe tool golden set.
- Clear process for policy changes and incident review.
- Enterprise pilot customers can use audit export in governance review.
## Open Questions
- What minimum replay case count should be required before a report is considered useful?
- Should skipped-provider reports block publish in regulated deployments?
- What exact confidence levels should map to publish gate behavior?
- Which toolsets are safe in each deployment mode?
- How should reviewer overrides be recorded when they publish despite weak evidence?
- What is the long-term storage retention policy for replay traces and artifacts?
## Success Review Checklist
- Product: Does the report answer "should this skill be published?"
- Design: Can reviewers understand the summary without reading raw JSON?
- Engineering: Can replay failures be reproduced and diagnosed?
- Security: Can replay prove no production side effects by default?
- Customer: Does this strengthen Beaver's enterprise trust story?

13
docs/product-discovery/skill-replay-eval/README.md Normal file
View File

@ -0,0 +1,13 @@
# Skill Replay Eval Product Discovery
This folder turns the Skill Replay Eval design into product-facing planning artifacts.
- [Product Discovery Report](./product-discovery-report.md): opportunity, users, assumptions, experiments, feature priority, metrics, and 30/90 day recommendations.
- [PRD](./PRD-skill-replay-eval.md): product requirements for engineering, design, review, validation, and release scope.
- [Launch And Maintenance Runbook](./launch-maintenance-runbook.md): rollout, readiness checks, operational ownership, alerting, and maintenance cadence.
Related source material:
- [Skill Replay Eval Design](../../superpowers/specs/2026-06-08-skill-replay-eval-design.md)
- [Skill Replay Eval Implementation Plan](../../superpowers/plans/2026-06-08-skill-replay-eval.md)
- [Beaver customer presentation](../../presentations/skill-replay-eval/index.html)

356
docs/product-discovery/skill-replay-eval/launch-maintenance-runbook.md Normal file
View File

@ -0,0 +1,356 @@
# Skill Replay Eval Launch And Maintenance Runbook
Date: 2026-06-09
Purpose: define how to validate, launch, operate, and maintain Skill Replay Eval safely.
## 1. Launch Principle
Ship Skill Replay Eval as a guarded trust feature.
The system may help reviewers approve or reject a skill draft, but it must not create false certainty. When evidence is weak, the product should say so clearly. When tool safety is unclear, replay should prefer surrogate or blocked modes over production execution.
## 2. Ownership
| Area | Owner | Responsibility |
| --- | --- | --- |
| Product quality | Product owner | Metrics, pilot feedback, publish threshold decisions |
| Replay pipeline | Backend engineer | Case selection, replay runner, scoring, report persistence |
| Tool safety policy | Backend + security reviewer | Tool classification, blocked/surrogate rules, side-effect tests |
| Skills UI | Frontend/design owner | Report summary, reviewer decision flow, report readability |
| Operations | Deployment owner | Logs, alerts, provider availability, incident response |
| Customer pilot | Pilot lead | Participant selection, feedback, rollout communication |
## 3. Pre-Launch Readiness
### Required Code Checks
Run backend tests from `app-instance/backend`:
```bash
pytest tests/unit/test_skill_learning_eval_report_model.py -v
pytest tests/unit/test_skill_learning_case_selection.py -v
pytest tests/unit/test_skill_learning_preservation.py -v
pytest tests/unit/test_skill_learning_replay.py -v
pytest tests/unit/test_skill_learning_replay_runner.py -v
pytest tests/unit/test_agent_loop_replay_executor.py -v
pytest tests/unit/test_skill_learning_surrogate.py -v
pytest tests/unit/test_skill_learning_eval.py -v
pytest tests/unit/test_skill_learning_pipeline.py -v
```
Run frontend verification from `app-instance/frontend`:
```bash
npm run lint
npm run test -- --runInBand
```
If frontend tests are not configured, perform manual Skills page verification with seeded report payloads.
### Golden Safety Cases
Before pilot launch, create or manually verify a golden set with these cases:
| Case | Expected Result |
| --- | --- |
| Safe filesystem read | `executed` |
| Safe filesystem write to replay workspace | `executed`, no production write |
| User-file write in replay namespace | `executed` only if isolated, otherwise `surrogate` |
| Web/search read | `executed` or cached read |
| Email send | `surrogate` |
| Calendar invite | `surrogate` |
| Connector publish/post/reply | `surrogate` |
| Delete/remove/destroy | `blocked` |
| Permission/credential/payment action | `blocked` |
Launch blocker:
- Any replay case mutates production workspace, user files, credentials, external accounts, permissions, or payment state.
### Report Readiness Checks
Each replay report must show:
- Eval status.
- Baseline average.
- Candidate average.
- Score delta.
- Improved/regressed/unchanged counts.
- Execution coverage.
- Surrogate coverage.
- Blocked coverage.
- Confidence.
- Replay cases.
- Case reports.
- Preservation report when applicable.
- Raw report for debugging.
### Publish Gate Checks
Publish must fail when:
- No approved review exists.
- Safety report is missing or failed.
- Eval report failed, except explicit skipped-provider status.
- Replay confidence is low.
- Replay blocked coverage is `1.0`.
- Preservation report failed.
Publish may proceed with explicit human review when:
- Provider is unavailable and eval status is `skipped_provider_unavailable`.
- Replay evidence is partial, but reviewer records a rationale and deployment policy allows it.
## 4. Rollout Plan
### Phase 0: Shadow Mode
Audience: internal team only.
Duration: 1 week or 10 draft evaluations, whichever comes first.
Behavior:
- Generate replay reports.
- Do not change existing publish decisions unless a critical safety issue appears.
- Compare replay recommendation with human reviewer decision.
Exit criteria:
- No production side effects.
- No unexplained replay crashes on common drafts.
- Reviewers can explain report meaning.
- Product owner reviews gate threshold data.
### Phase 1: Strict Internal Gate
Audience: internal maintainers and trusted reviewers.
Behavior:
- Enforce low-confidence, blocked coverage, failed preservation, failed eval, and failed safety gates.
- Require manual rationale for skipped-provider publish.
Exit criteria:
- 0 P0 incidents.
- Publish blockers are actionable and not noisy.
- Reviewer median decision time under 10 minutes for common drafts.
### Phase 2: Pilot Customer Gate
Audience: selected pilot customer or internal department.
Behavior:
- Keep human review mandatory.
- Provide customer-facing explanation of replay evidence.
- Track skipped-provider and low-confidence cases closely.
Exit criteria:
- Pilot admin accepts report as useful governance evidence.
- No side-effect incidents.
- Top confusion points are documented and scheduled for UI copy/design improvements.
### Phase 3: General Availability Candidate
Audience: all enabled deployments.
Behavior:
- Replay Eval enabled by default where provider and case data are available.
- Skipped-provider state remains explicit.
- Tool policy remains conservative.
Exit criteria:
- Operational dashboard exists.
- Incident response is rehearsed.
- Policy change process is documented.
## 5. Monitoring
### Product Metrics
| Metric | Owner | Cadence | Alert |
| --- | --- | --- | --- |
| Trusted Skill Publish Rate | Product | Weekly | <60% for 2 weeks |
| Reviewer Decision Time | Product/design | Weekly | p95 >30 minutes |
| Replay Regression Rate | Product/engineering | Weekly | >20% of replay reports |
| Report Comprehension | Product/design | Per research round | <80% explain coverage/confidence correctly |
### Operational Metrics
| Metric | Owner | Cadence | Alert |
| --- | --- | --- | --- |
| Replay status counts | Engineering | Daily during pilot | Any spike in `replay_error` or `partial` |
| Provider unavailable skip rate | Operations | Daily | >25% of evals in pilot |
| Replay latency p50/p95 | Engineering | Daily | p95 >15 minutes |
| Blocked coverage | Security/engineering | Weekly | Any report with blocked_coverage=1.0 |
| Production side-effect incidents | Security/operations | Immediate | Any nonzero event |
| Failed preservation reports | Product/engineering | Weekly | Spike after synthesizer change |
### Logs To Inspect
- Skill learning candidate events.
- Draft creation and safety report events.
- Eval report generation events.
- Replay arm run ids and source `skill_replay_eval`.
- Tool traces and classification reasons.
- Publish gate errors.
- Provider unavailable errors.
## 6. Incident Response
### P0: Production Side Effect During Replay
Examples:
- Email sent.
- Calendar invite created.
- External connector publish/post/reply happened.
- Production file or credential changed.
- Permission/payment action executed.
Immediate actions:
1. Disable replay eval generation.
2. Disable skill publish if policy risk is unclear.
3. Preserve logs, replay traces, eval reports, and affected tool metadata.
4. Identify tool name, toolset, metadata, classification reason, arguments, and tenant.
5. Patch policy to block or surrogate affected class.
6. Add a regression test to golden safety cases.
7. Notify pilot/customer owner if customer data or systems were affected.
Restart criteria:
- Root cause documented.
- Regression test passes.
- Security owner approves restart.
### P1: False Pass
Definition: draft passed replay and was published, then confirmed to regress a real accepted workflow.
Actions:
1. Unpublish or revert skill version if impact is active.
2. Add the failed task as a replay case.
3. Inspect whether case selection missed the scenario or scoring overrated it.
4. Adjust gate threshold, surrogate scoring, or preservation check.
5. Record postmortem in skill quality log.
### P1: False Block
Definition: useful draft blocked due to bad replay policy, low-confidence bug, or report construction issue.
Actions:
1. Do not bypass silently; record reviewer rationale.
2. Identify blocking rule and trace.
3. Add regression test if policy bug.
4. Decide whether threshold should change or case should remain blocked.
### P2: Provider Unavailable Spike
Actions:
1. Check provider configuration and model availability.
2. Confirm fallback status is explicit.
3. Track how many publish decisions rely on skipped-provider.
4. Pause broad rollout if skipped-provider exceeds pilot threshold.
## 7. Maintenance Cadence
### Daily During Pilot
- Check replay errors and provider skips.
- Check blocked_coverage=1.0 reports.
- Confirm no side-effect incidents.
- Review new publish gate failures.
### Weekly
- Review metrics dashboard.
- Calibrate publish gate thresholds.
- Review 3-5 replay reports for readability.
- Inspect false pass/false block candidates.
- Update tool policy based on new tools or connectors.
### Monthly
- Review customer/pilot feedback.
- Refresh golden safety cases.
- Sample preservation reports for missed instruction drops.
- Review storage growth from replay case reports and traces.
- Decide whether to promote features from Should Have to Must Have.
### Quarterly
- Revisit risk model and tool policy profiles.
- Review whether LLM surrogate calibration meets quality target.
- Decide whether to add audit export or per-deployment policy UI.
- Retire stale replay cases or update case selection logic.
## 8. Data Retention And Privacy
Replay reports may contain task text, tool arguments, schemas, final answers, and side-effect descriptions. Treat them as sensitive operational data.
Recommended policy:
- Store summarized report for normal review.
- Limit raw case report retention or restrict access to admins.
- Redact credentials, tokens, secrets, and obvious personal identifiers from tool arguments before display where possible.
- Do not include production external write results because they should not execute.
- Define tenant-specific retention before enterprise rollout.
## 9. Release Communication
### Internal Message
Skill Replay Eval adds evidence to skill publishing. Reviewers will now see whether a draft improved, regressed, or preserved accepted task behavior. Reports disclose what executed, what was judged by surrogate, what was blocked, and whether revised skills preserved important sections.
### Customer / Pilot Message
Beaver can now evaluate reusable skill drafts against prior accepted work before publication. The report shows both confidence and uncertainty. Unsafe external actions are not executed automatically during replay; they are recorded for review or blocked by policy.
### Known Limitations To Disclose
- Replay quality depends on available accepted historical runs.
- Surrogate evaluation is not the same as real execution.
- Low-confidence reports require more human review.
- Human approval is still required.
- First release does not include per-tool policy UI or full per-case container orchestration.
## 10. Rollback Plan
Rollback options:
1. Disable replay runner injection and fall back to heuristic eval.
2. Keep report fields but set mode to `heuristic`.
3. Keep publish gate requiring safety and human review.
4. Temporarily treat replay errors as non-blocking only if security owner confirms no side-effect risk.
5. Preserve failed replay reports for debugging.
Rollback triggers:
- Any P0 side-effect incident.
- Repeated replay errors that block normal skill review.
- Provider unavailable spike that makes most reports skipped.
- Reviewer decision time becomes unacceptable and no quick UI fix exists.
## 11. Launch Checklist
- [ ] Backend replay tests pass.
- [ ] Frontend report rendering verified.
- [ ] Golden tool safety cases pass.
- [ ] No production side-effect path found.
- [ ] Publish gates tested manually.
- [ ] Skipped-provider copy is clear.
- [ ] Reviewer decision summary exists or is tracked as a launch follow-up.
- [ ] Pilot participants selected.
- [ ] Metrics dashboard owner assigned.
- [ ] Incident owner and escalation path assigned.
- [ ] Rollback path verified.

512
docs/product-discovery/skill-replay-eval/product-discovery-report.md Normal file
View File

@ -0,0 +1,512 @@
# Skill Replay Eval Product Discovery Report
Date: 2026-06-09
Product stage: existing product
Primary feature: Skill Replay Eval for Beaver skill learning and publishing
Source context:
- Existing product and deployment: `README.md`, `部署指南.md`
- Feature design: `docs/superpowers/specs/2026-06-08-skill-replay-eval-design.md`
- Delivery plan: `docs/superpowers/plans/2026-06-08-skill-replay-eval.md`
- Current implementation signals: `beaver/skills/learning/{case_selection,preservation,replay,surrogate,eval}.py`, Skills page replay report UI, publish gate checks
- Customer positioning: `docs/presentations/skill-replay-eval/index.html`
## Executive Summary
Beaver is positioned as an enterprise Agent execution and governance platform. Its core value is not only running tasks, but also making AI work traceable, acceptable, reusable, and governable. Skill Replay Eval is the quality gate that makes the "reusable skill" promise credible: before a skill draft is published, Beaver should test whether it improves or preserves real task behavior.
The current design correctly identifies the product risk: heuristic-only skill scoring is not enough for enterprise trust. A draft skill can look complete in text while causing tool misuse, dropping safety instructions, or regressing accepted workflows. Replay evaluation closes this gap by comparing baseline and candidate behavior on accepted historical tasks, classifying tool calls into executed, surrogate, or blocked modes, and adding a preservation check for revised skills.
The product direction should be: ship replay eval as a staged trust feature, not as a perfect benchmark system. The first release should make evaluation coverage and uncertainty visible, block obvious regressions, and give reviewers enough evidence to approve or reject drafts. The next releases should improve case quality, sandbox isolation, surrogate judgment quality, and operational dashboards.
## Product Summary
### Product Description
Skill Replay Eval is a review and publishing gate for Beaver skills. It evaluates skill drafts against prior accepted task runs and shows whether the draft improves, preserves, or harms real task outcomes. It separates safe tool execution from surrogate evaluation for unsafe or unavailable tools, and it checks whether revised skill drafts preserve important original instructions.
### Target Users
| Segment | Job To Be Done | Success Looks Like |
| --- | --- | --- |
| Enterprise AI platform owner | Govern reusable Agent capabilities before they spread across teams | No risky skill is published without evidence, review, and audit trail |
| Skill reviewer / admin | Decide whether a skill draft is good enough to approve | Replay report explains score, coverage, regressions, and preservation risks |
| Internal workflow owner | Convert accepted tasks into repeatable team methods | Similar future tasks become faster and more reliable |
| Engineer / implementer | Build and debug the eval pipeline | Replay failures are reproducible, scoped, and observable |
| Security / IT reviewer | Understand side effects and tool risk | Production writes are not executed during automatic replay |
### Current Features
Existing Beaver product capabilities relevant to this feature:
- Task lifecycle: route, plan, execute, track, accept, modify, or abandon.
- Evidence and timeline: tool calls, artifacts, task status, and validation signals.
- Skill learning: candidates, drafts, safety report, eval report, review, publish.
- Multi-instance deployment: isolated `app-instance` per user/team via Docker.
- Tool and connector framework: local tools, MCP tools, external connectors, files, web/search, scheduled tasks.
Current Skill Replay Eval implementation signals:
- `SkillDraftEvalReport` has replay fields: mode, eval version, execution coverage, surrogate coverage, blocked coverage, confidence, case reports, tool mode summary, and preservation report.
- `select_replay_cases()` selects up to 10 accepted historical runs by candidate type.
- `ReplayToolExecutor` classifies tool calls as executed, surrogate, or blocked.
- `ReplayRunner` runs baseline and candidate arms through AgentLoop with a replay tool executor.
- `SurrogateToolEvaluator` scores non-executed calls through deterministic intended-call heuristics.
- Publish gates block low-confidence replay reports, fully blocked replay reports, and failed preservation reports.
- Skills UI exposes execution coverage, surrogate coverage, confidence, replay cases, raw case reports, and preservation reports.
### Current Architecture
```text
Accepted task runs
-> SkillLearningCandidate
-> SkillDraft
-> case selection
-> baseline arm and candidate arm
-> replay tool executor
-> executed tools for safe toolsets
-> surrogate traces for external writes or unsafe integrations
-> blocked traces for destructive calls
-> surrogate scoring and coverage aggregation
-> preservation checker for revise/merge
-> SkillDraftEvalReport
-> Skills review UI
-> publish gate
```
Product boundary:
- Replay Eval should evaluate skill behavior, not replace human review.
- Replay Eval should never write to production workspace, user files, external accounts, third-party systems, credentials, permissions, or payments by default.
- Low confidence should increase review burden instead of creating false certainty.
### Current Value Proposition
For enterprise users, Beaver can say: "Accepted work can become reusable skills, and those skills are checked against real task behavior before they are published." This directly supports Beaver's larger promise of controlled, traceable, reusable Agent execution.
### Current Challenges
| Challenge | Product Impact | Current Risk |
| --- | --- | --- |
| Historical accepted runs may be sparse or low quality | Replay evidence can be weak | Medium |
| Surrogate scoring is currently simple | Unsafe tool calls may be judged with low fidelity | High |
| Replay environment isolation must be enforceable | Enterprise trust depends on no accidental production side effects | High |
| Reviewers need clear explanations | Raw case reports can overwhelm non-engineers | Medium |
| Publish gates may be too strict or too loose | Either slows adoption or lets regressions through | Medium |
| Skill preservation is section-based | Important instruction changes inside a section may be missed | Medium |
## Missing Information And Ambiguities
- No real customer interview data is provided for skill reviewers, enterprise admins, or workflow owners.
- No baseline metrics exist for current heuristic eval false positives or false negatives.
- No defined quality threshold exists for minimum acceptable replay coverage per skill category.
- No clear operational owner is assigned for replay failures, low confidence reports, or blocked tool classifications.
- No explicit policy matrix exists per toolset, customer deployment mode, or tenant risk tier.
- No customer-facing language has been finalized for explaining surrogate evaluation limitations.
## User Segments
### Segment 1: Skill Governance Admin
This user owns skill approval. They need a reliable way to decide whether a skill should be published. Their main pain is that a skill draft can appear well-written but still fail on real tasks.
### Segment 2: Enterprise AI Platform Buyer
This user evaluates Beaver as an internal AI platform. They care about risk, adoption, cost, governance, and operational control. They need to see that reusable Agent capabilities are not published blindly.
### Segment 3: Workflow Owner
This user has repeatable work such as weekly reports, project delivery, technical support, or file processing. They want accepted workflows to become faster and more consistent over time.
### Segment 4: Beaver Engineer / Operator
This user debugs replay failures, expands safe tool coverage, adjusts publish gates, and keeps the eval pipeline reliable.
## JTBD
| User | Job Story | Current Alternative | Desired Outcome |
| --- | --- | --- | --- |
| Skill reviewer | When a skill draft is ready, I want to see whether it works on prior accepted tasks, so I can approve it with evidence | Read the draft manually | Approve, reject, or revise with confidence |
| Admin | When a skill touches tools, I want to know what would execute, what is simulated, and what is blocked, so I can manage risk | Trust reviewer judgment | Clear coverage and side-effect evidence |
| Workflow owner | When my accepted task becomes a reusable skill, I want it to preserve what made the original task successful | Rewrite prompts manually | Similar future work gets better |
| Operator | When replay fails, I want to know whether the issue is provider, tool policy, case data, or candidate behavior | Read logs manually | Fast diagnosis and recovery |
## Alternative Product Positioning
| Positioning | Strength | Weakness | Recommendation |
| --- | --- | --- | --- |
| "Skill unit tests for Agents" | Easy for engineers to understand | Too narrow; suggests deterministic tests only | Use in engineering docs |
| "Replay-based skill quality gate" | Accurate and product-relevant | Needs explanation for non-technical buyers | Primary internal positioning |
| "Enterprise Agent governance evidence" | Strong for buyers | Less precise for builders | Use in sales and customer docs |
| "A/B testing for skill drafts" | Captures baseline vs candidate | May imply live user traffic experiments | Use carefully |
Recommended positioning:
> Skill Replay Eval is Beaver's evidence-based quality gate for reusable Agent skills. It replays accepted historical tasks, compares baseline and candidate behavior, and exposes execution coverage, surrogate coverage, regressions, and preservation risk before publication.
## Opportunity Areas
| Opportunity | Importance | Current Satisfaction | Opportunity Score | Notes |
| --- | ---: | ---: | ---: | --- |
| I need proof that a skill draft improves real task behavior | 0.95 | 0.25 | 0.71 | Core opportunity |
| I need automatic replay to avoid unsafe side effects | 0.95 | 0.35 | 0.62 | Required for enterprise trust |
| I need reports that are understandable to reviewers | 0.85 | 0.35 | 0.55 | Key adoption driver |
| I need preservation of existing skill instructions | 0.80 | 0.45 | 0.44 | Important for revisions |
| I need replay failures to be diagnosable | 0.75 | 0.40 | 0.45 | Operational maturity |
| I need configurable policy per deployment | 0.70 | 0.30 | 0.49 | Later enterprise hardening |
Top opportunities:
1. Evidence that a draft improves or preserves accepted task behavior.
2. Safe replay with explicit executed/surrogate/blocked coverage.
3. Reviewer-facing explanation that turns raw traces into decisions.
## Product Expansion Ideas
Generated from PM, Designer, and Engineer perspectives.
### Product Manager Ideas
1. Replay Readiness Score: show whether a draft has enough historical evidence before eval starts.
2. Skill Release Gate Levels: allow advisory, strict, and regulated gates per workspace.
3. Regression Triage Queue: collect failed cases and route them to skill authors.
4. Customer-facing Audit Export: export replay report as PDF/Markdown for security review.
5. Skill Quality Trend: show whether a skill improves or degrades across versions.
### Product Designer Ideas
1. Reviewer Decision View: summarize "approve / revise / reject" with reasons before raw JSON.
2. Coverage Timeline: visualize executed, surrogate, and blocked calls per case.
3. Preservation Diff: show dropped or changed sections in a readable comparison.
4. Replay Case Drilldown: task text, expected behavior, baseline output, candidate output, and validator notes.
5. Confidence Language: translate low/medium/high confidence into concrete reviewer actions.
### Engineer Ideas
1. Pluggable Tool Policy Registry: classify tools by toolset, transport, metadata, and deployment risk.
2. Deterministic Replay Fixtures: save replay inputs and traces for reproducible debugging.
3. Sandbox User File Namespace: isolate user-file writes per replay arm.
4. LLM Surrogate Provider: replace deterministic heuristics with structured model judgment when available.
5. Replay Telemetry: metrics for replay latency, failure mode, blocked coverage, and provider availability.
Top 5 selected ideas:
| Rank | Idea | Why Selected | Assumptions To Validate |
| ---: | --- | --- | --- |
| 1 | Reviewer Decision View | Converts technical eval into action | Reviewers trust summarized recommendations |
| 2 | Sandbox User File Namespace | Directly addresses production side-effect risk | Existing file tooling can be redirected cleanly |
| 3 | LLM Surrogate Provider | Improves unsafe tool judgment quality | LLM judgment is consistent enough for review support |
| 4 | Replay Readiness Score | Prevents weak reports from appearing authoritative | Enough metadata exists to estimate readiness |
| 5 | Preservation Diff | Makes revision risk visible and actionable | Section and body-level diffs catch meaningful drops |
## Key Assumptions
| Assumption | Category | Impact | Uncertainty |
| --- | --- | ---: | ---: |
| Accepted historical runs are representative enough to evaluate future skill behavior | Value | High | High |
| Reviewers will use replay reports to make better publish decisions | Value | High | Medium |
| Safe tools can execute in isolation without leaking state or causing production side effects | Feasibility | High | High |
| Surrogate evaluation can judge unsafe tool calls well enough to support review | Feasibility | High | High |
| Coverage and confidence are understandable to non-engineer reviewers | Usability | Medium | High |
| Publish gates will reduce risky releases without blocking too many useful skills | Viability | High | Medium |
| Skill preservation can be detected with lightweight section checks in v1 | Feasibility | Medium | Medium |
| Replay latency will be acceptable for review workflows | Usability | Medium | Medium |
| Customers will value replay eval enough to differentiate Beaver from generic Agent tools | Business Viability | High | Medium |
| The team can maintain tool policy as tools/connectors grow | Team Capability | High | Medium |
## Prioritized Assumptions
Priority = Impact x Uncertainty.
### P0 Validate Immediately
| Assumption | Why It Matters | What Could Go Wrong | Suggested Validation |
| --- | --- | --- | --- |
| Safe replay isolation is real, not only conceptual | One accidental external write can break trust | Replay calls production filesystem, connector, or credential paths | Technical isolation test with destructive and external-write tools |
| Replay reports help reviewers make better decisions | Product value depends on review decisions changing | Reports are too raw, ignored, or misunderstood | Reviewer usability test with 5 draft decisions |
| Surrogate evaluation is good enough for unsafe tools | Many enterprise tools cannot execute in replay | It rubber-stamps bad calls or flags good calls | Golden set of unsafe tool scenarios scored by humans vs surrogate |
| Historical accepted cases are adequate for eval | Weak cases create false confidence | Too few accepted runs or repetitive cases | Analyze real run store coverage across skills |
### P1 Important
| Assumption | Why It Matters | Validation |
| --- | --- | --- |
| Publish gate thresholds are calibrated | Prevents both overblocking and underblocking | Run shadow mode for 2 weeks and compare human decisions |
| Preservation checker catches meaningful draft regressions | Revision safety depends on it | Compare section checker with manual diff review |
| Replay latency fits review workflow | Slow eval hurts adoption | Measure p50/p95 per case and per draft |
| Customers understand confidence and coverage language | Trust depends on clear communication | Customer-facing report comprehension test |
### P2 Later
| Assumption | Why It Matters | Validation |
| --- | --- | --- |
| Per-tool policy UI is needed | May not be needed in v1 | Observe support/admin requests |
| Audit export becomes a buying requirement | Useful for enterprise sales | Ask pilot buyers during procurement review |
| Skill quality trend is a major retention driver | Useful after multiple versions exist | Measure repeat reviewer usage after v1 |
## Opportunity Solution Tree
Desired outcome:
> Increase trusted skill publication: at least 80% of approved skill drafts have replay or explicit skipped-provider evidence, zero known production side effects from replay, and reviewer decision time under 10 minutes for common drafts.
```text
Outcome: Trusted skill publication
Opportunity 1: I need proof that a skill draft improves real task behavior.
Solution 1.1: Baseline vs candidate replay on accepted historical tasks.
Experiment: Run replay on 10 recent skill drafts and compare with manual reviewer judgment.
Solution 1.2: Replay readiness score before evaluation starts.
Experiment: Score existing candidates and check whether low-readiness reports are less useful.
Solution 1.3: Regression triage queue.
Experiment: Manually label failed cases for two weeks and measure fix rate.
Opportunity 2: I need replay to avoid unsafe side effects.
Solution 2.1: Tool mode classification: executed, surrogate, blocked.
Experiment: Golden tool policy test set covering filesystem, MCP, connectors, delete, send, publish.
Solution 2.2: Isolated workspace and user-file namespace per arm.
Experiment: Replay write task and verify no production paths change.
Solution 2.3: Side-effect journal in each case report.
Experiment: Security reviewer reads 5 reports and identifies all intended side effects.
Opportunity 3: I need reports I can act on.
Solution 3.1: Reviewer decision summary with approve/revise/reject guidance.
Experiment: First-click and decision-time test with reviewers.
Solution 3.2: Coverage and confidence explanation.
Experiment: Ask reviewers to explain report meaning after reading it.
Solution 3.3: Preservation diff for revisions.
Experiment: Seed dropped-instruction drafts and measure detection rate.
```
## Validation Experiments
| P0 Assumption | Hypothesis | Experiment | Cost | Duration | Success Criteria | Failure Criteria |
| --- | --- | --- | --- | --- | --- | --- |
| Safe replay isolation | Replay can execute safe tools without touching production state | Build a replay fixture that writes, reads, sends, deletes, and publishes through classified tools | Medium | 2-4 days | 100% production paths untouched; destructive calls blocked; external writes surrogate | Any real external write or production path mutation |
| Reviewer decision value | Replay reports improve approval accuracy and speed | Give 5 reviewers 8 historical drafts with and without replay report | Low | 2 days | Decision accuracy +25%; median decision time under 10 minutes | No improvement or reports misunderstood |
| Surrogate quality | Surrogate scoring agrees with human reviewer on unsafe tool calls | Create 30 unsafe-tool scenarios and compare human labels vs surrogate output | Medium | 3-5 days | >=80% agreement on pass/fail; all high-risk bad calls flagged | High-risk false pass |
| Historical case adequacy | Accepted runs provide enough useful replay cases | Audit run store across top 10 skills/candidates | Low | 1 day | >=70% candidates have >=3 meaningful accepted cases | Most candidates have no usable cases |
## Feature Prioritization
### Must Have
| Feature | Impact | Effort | Risk | Strategic Alignment |
| --- | --- | --- | --- | --- |
| Eval report compatibility fields | High | Low | Low | Required foundation |
| Historical accepted case selection | High | Medium | Medium | Required for behavior evidence |
| Baseline vs candidate replay arms | High | High | High | Core value |
| Tool mode classification | High | Medium | High | Core trust boundary |
| Replay coverage and confidence report | High | Medium | Medium | Reviewer decision support |
| Publish gates for failed/low-confidence replay | High | Low | Medium | Governance promise |
| Preservation check for revise/merge drafts | Medium | Medium | Medium | Prevents silent instruction loss |
| Skills UI report summary | High | Medium | Medium | Adoption requirement |
### Should Have
| Feature | Impact | Effort | Risk | Strategic Alignment |
| --- | --- | --- | --- | --- |
| Reviewer decision summary | High | Medium | Medium | Converts evidence to action |
| Preservation diff view | Medium | Medium | Low | Improves reviewer comprehension |
| Replay readiness score | Medium | Medium | Medium | Prevents false confidence |
| Operational metrics dashboard | Medium | Medium | Low | Needed for maintenance |
| Golden tool policy test suite | High | Medium | Medium | Needed for safety assurance |
### Could Have
| Feature | Impact | Effort | Risk | Strategic Alignment |
| --- | --- | --- | --- | --- |
| Audit export | Medium | Medium | Low | Enterprise sales support |
| Skill quality trend | Medium | Medium | Medium | Useful after version history grows |
| Per-tool admin policy UI | Medium | High | Medium | Enterprise customization |
| Replay fixtures download | Low | Medium | Low | Debugging convenience |
### Not Yet
| Feature | Reason |
| --- | --- |
| Full Docker orchestration per replay case | Too heavy for first release; design explicitly scopes it out |
| Production third-party write replay | Violates trust boundary |
| Removing human review | Replay evidence should support review, not replace it |
| Fully customizable policy UI | Add after policy needs are observed |
Features to cut from v1:
- Per-tool policy UI.
- Audit export.
- Skill quality trend.
- Full Docker-per-case orchestration.
Features likely over-engineered for v1:
- Customer-configurable replay policies before default policy is proven.
- Complex statistical scoring before case quality and surrogate accuracy are validated.
- Automatic publish for high-scoring drafts.
## Metrics Dashboard
### North Star Metric
Trusted Skill Publish Rate:
> Approved skill drafts with usable eval evidence and no post-publish regression reports / total approved skill drafts, measured weekly.
Target for v1 pilot: >=80%.
### Input Metrics
| Metric | Definition | Data Source | Visualization | Target | Alert Threshold |
| --- | --- | --- | --- | --- | --- |
| Replay Evidence Coverage | Draft eval reports with mode `replay` or explicit skipped-provider status / all eval reports | Skill eval store | Weekly line | >=80% | <60% for 2 weeks |
| Executed Tool Coverage | Executed tool calls / all replay tool calls | Case reports | Stacked bar | >=50% for safe-tool skills | <25% for safe-tool skills |
| Surrogate Coverage | Surrogate tool calls / all replay tool calls | Case reports | Stacked bar | Transparent, not necessarily low | Sudden +30% week over week |
| Blocked Coverage | Blocked tool calls / all replay tool calls | Case reports | Stacked bar | <10% | >=25% or any blocked_coverage=1.0 |
| Reviewer Decision Time | Time from eval report created to approve/reject/revise | Review events | Median and p95 | Median <10 min | p95 >30 min |
| Replay Regression Rate | Reports with regression_count > 0 / replay reports | Eval store | Weekly line | Investigate, not zero-forced | >20% |
### Leading Indicators
- Number of accepted runs eligible for replay per skill.
- Percentage of candidates with at least 3 replay cases.
- Provider unavailable skip rate.
- Replay error or partial status rate.
- Preservation failures per revised skill draft.
### Guardrail Metrics
| Guardrail | Definition | Alert |
| --- | --- | --- |
| Production Side Effect Incidents | Any replay-caused write to production workspace, user files, credentials, or external systems | Immediate P0 |
| False Pass Incidents | Published draft later confirmed to regress an accepted workflow despite passing replay | Weekly review; P1 if repeated |
| False Block Incidents | Useful draft blocked due to bad policy or low-confidence bug | Weekly review |
| Replay Latency | p95 replay completion time per draft | Alert if p95 >15 minutes in pilot |
| Report Comprehension | Reviewers correctly explain coverage/confidence in usability tests | Rework UI copy if <80% |
### Review Cadence
- Daily during pilot: replay errors, side-effect alerts, provider skips.
- Weekly: publish outcomes, regression rate, reviewer decision time, blocked/surrogate coverage.
- Monthly: threshold calibration and customer feedback.
- Quarterly: policy model, scoring model, and roadmap review.
## Customer Research Plan
No customer interviews or support tickets were provided. Run research before treating demand and usability assumptions as validated.
### Research Participants
- 3-5 internal skill reviewers or admins.
- 3 workflow owners who want accepted tasks converted into reusable skills.
- 2 enterprise/security stakeholders who review AI governance.
- 2 engineers/operators responsible for deployment and incident response.
### Research Questions
- What evidence do reviewers need before approving a reusable skill?
- Which replay report fields are meaningful, and which are noise?
- Do users understand executed vs surrogate vs blocked coverage?
- What level of uncertainty is acceptable for publishing?
- What customer-facing proof is needed for enterprise pilots?
- Which tool categories must never execute during replay?
### Recommended Actions
- Run a moderated reviewer test with current Skills page report.
- Create 5 seeded draft cases: clear improvement, clear regression, unsafe external write, preservation drop, provider unavailable.
- Ask participants to approve/revise/reject each case and explain why.
- Compare their decisions with current publish gate behavior.
## Interview Guide
### Objectives
- Validate whether replay evidence changes approval behavior.
- Identify confusing report language.
- Understand risk tolerance for surrogate and blocked calls.
- Learn what artifacts enterprise buyers need for adoption.
### Warm-Up
- Tell me about the last time you reviewed or approved reusable AI guidance, prompts, tools, or workflows.
- What made the approval easy or hard?
- What happened after it was approved?
### JTBD Questions
- Walk me through the last time an AI workflow worked well enough that you wanted to reuse it.
- What evidence did you have that it would work again?
- What would make you hesitate to publish it for others?
- What does "safe to publish" mean in your environment?
### Behavioral Questions
- Show me how you would decide whether this draft should be approved.
- Which part of this report would you read first?
- What would you ignore?
- What would you ask an engineer to explain?
### Risk Validation Questions
- If a replay report says 70% executed and 30% surrogate, what decision would you make?
- If all important external writes were surrogate-evaluated, is that enough for review?
- Which tools should always be blocked in your environment?
- What kind of failure would make you disable replay eval?
### Note Template
```text
Participant:
Role:
Date:
Last relevant review:
Decision evidence needed:
Confusing report fields:
Risk tolerance:
Must-block tool categories:
Minimum publish evidence:
Unexpected insight:
Follow-up:
```
## Recommended Next 30 Days
1. Validate replay isolation with a golden tool policy suite.
2. Run current backend unit tests around skill learning replay and publish gates.
3. Add a small reviewer decision summary above raw replay details.
4. Run 5-8 reviewer usability sessions using seeded draft cases.
5. Audit accepted run coverage for top skills and identify gaps.
6. Decide v1 gate thresholds for blocked coverage, confidence, and preservation failure.
7. Add operational logging and metrics for replay status, latency, and provider skips.
## Recommended Next 90 Days
1. Replace or augment deterministic surrogate scoring with structured LLM judgment and human-labeled calibration cases.
2. Add replay readiness scoring before eval starts.
3. Improve preservation from section presence to diff-based critical instruction detection.
4. Add customer/exportable audit summary for enterprise pilot conversations.
5. Build a replay operations dashboard.
6. Introduce deployment-level policy profiles only after default policies produce stable data.
7. Track skill quality across versions and post-publish regression reports.
## Biggest Risks
| Risk | Severity | Mitigation |
| --- | --- | --- |
| Replay accidentally mutates production state | Critical | Golden policy tests, isolated namespaces, external writes surrogate by default, P0 alert |
| Surrogate scoring gives false confidence | High | Human-labeled calibration set, show low confidence clearly, no automatic publish |
| Reviewers ignore report complexity | High | Decision summary, comprehension testing, action-oriented UI copy |
| Accepted run data is too sparse | High | Readiness score, fallback to explicit skipped/low-evidence state, collect more accepted cases |
| Publish gates block too many useful skills | Medium | Shadow mode calibration and override with explicit review rationale |
| Evaluation costs or latency grow quickly | Medium | Cap cases, cache web/search, track p95 latency, async background eval |
## Recommended Immediate Actions
1. Treat Skill Replay Eval as a v1 trust gate, not a complete benchmark.
2. Keep human review mandatory for publish.
3. Do not execute production third-party writes during automatic replay.
4. Add reviewer-facing explanations before adding more raw report data.
5. Validate isolation and surrogate quality before broad rollout.
6. Use the first pilot to learn threshold calibration, not to claim perfect quality measurement.