Skip to main content

SPEC 018 — Equanaut AI Assistant

FieldValue
StatusDRAFT
PriorityP1 — Core Platform
Backendequa-server/modules/agent/
Frontendequa-web/src/modules/equanaut/
Endpointsequa-server/modules/agent/src/endpoints/agent-endpoints.ts
Modelclaude-sonnet-4-20250514 (default, configurable via EQUANAUT_MODEL / AGENT_MODEL)
EnvANTHROPIC_API_KEY (required), AGENT_ENABLED (optional kill switch)

1. Feature Purpose

Equanaut is the AI assistant embedded in the Equa platform. It provides a conversational interface for users to query and manage their organizations, cap tables, members, documents, and equity plans. The assistant uses Claude with tool-calling to execute read and write operations on the user’s behalf, with a security layer that requires explicit confirmation for write/destructive operations. A secondary onboarding pipeline uses the same AI infrastructure to analyze uploaded documents and set up organizations for new users.

2. Current State (Verified)

2.1 Agent Service (Backend Core)

DetailValue
Fileequa-server/modules/agent/src/agent-service.ts
ClassAgentService
SDK@anthropic-ai/sdk
ModelConfigurable, default claude-sonnet-4-20250514
Max tokensConfigurable, default 4096
ComponentsContextAssembler, ToolExecutor, Guardrails, AuditLogger, PermissionProxy
Message flow1. Permission check → 2. Context assembly → 3. Tool filtering by permissions → 4. Claude API call → 5. Tool execution loop → 6. Response

2.2 Tool System

DetailValue
Fileequa-server/modules/agent/src/tools/definitions.ts
CategoriesToolCategory.Read, ToolCategory.Write, ToolCategory.Destructive
ConfirmationWrite tools require single confirmation; Destructive tools require double confirmation; Read tools execute immediately
Permission filteringfilterToolsByPermissions() — only shows tools the user has permission for
Tool catalogscatalog/organization.ts, catalog/members.ts, catalog/captable.ts, catalog/documents.ts, catalog/plans.ts, catalog/roles.ts
Executorequa-server/modules/agent/src/tools/executor.tsToolExecutor.execute()
Tool Categories (from source):
CategoryToolsConfirmation
OrganizationlistOrganizations, getOrganization, getOrganizationDashboard, updateOrganizationRead: none, Write: single
MemberslistMembers, getMember, addMember, updateMember, removeMemberRead: none, Write: single, Destructive: double
Cap TablegetCapTable, getSecurityTypes, createSecurityType, createShareholdingRead: none, Write: single
DocumentslistDocuments, getDocument, createFolder, moveDocumentRead: none, Write: single
PlanslistPlans, getPlan, createPlan, createGrantRead: none, Write: single
RoleslistRoles, getRole, createRole, updateRoleRead: none, Write: single

2.3 Security & Guardrails

DetailValue
Fileequa-server/modules/agent/src/security/guardrails.ts
Rate limits (defaults)30 tool calls/min, 10 write ops/min, 5 destructive ops/hour
Confirmation expiry5 minutes
Confirmation statesclaimed flag prevents race conditions (TOCTOU protection)
Permission proxyequa-server/modules/agent/src/security/permission-proxy.ts — validates org access and retrieves user permissions
Audit loggingEvery tool call logged with user, org, tool name, arguments, result status, execution time

2.4 Context Assembly

DetailValue
Fileequa-server/modules/agent/src/context/assembler.ts
ClassContextAssembler
BuildsUserContext (id, email, name, org list) + OrganizationContext (id, name, type, stats) + ContextSummaries (cap table, members, documents)
Summarizerequa-server/modules/agent/src/context/summarizer.ts — converts context to text for system prompt

2.5 Pending Confirmations

DetailValue
StorageIn-memory Map<string, PendingConfirmation> on AgentService
Confirmation flow1. Tool requires confirmation → 2. Store pending + return confirmation_required → 3. User confirms/cancels via /agent/confirm → 4. Execute or abort
Expiry cleanupcleanupExpiredConfirmations() runs on each confirmAction() call
Persistence caveatIn-memory only — lost on server restart (noted as TODO)

2.6 Onboarding Pipeline

DetailValue
Filesequa-server/modules/agent/src/onboarding/onboarding-service.ts, onboarding-repository.ts, organization-builder.ts, context-analyzer.ts, clarification-engine.ts, file-processor.ts
Parsersparsers/pdf-parser.ts, parsers/excel-parser.ts
Status flowpending_signuppending_setupsetting_upreadyfirst_logincompleted
AnalysisExtracts entities (founders, investors, employees), equity info, security types, confidence scores
ClarificationGenerates questions when confidence is below threshold; supports iterative Q&A
ShowcasePresents extracted data for user review with inline editing (corrections)

2.7 System Prompt

DetailValue
Identity”You are Equanaut, an AI assistant for the Equa platform”
Context injectionUser name, org name, org stats, cap table summary, member summary, document summary
GuidelinesRead ops: proactive data gathering. Write ops: explain before execute, require confirmation. Destructive: extra caution, impact explanation.
ConstraintsNever guess data, respect permissions, USD default, YYYY-MM-DD dates, precise share numbers

2.8 Frontend API Configuration

DetailValue
Fileequa-web/src/modules/equanaut/services/api/config.ts
Base URLwindow.__EQUANAUT_CONFIG__.apiUrlEQUANAUT_API_URL/equanaut-api (fallback)
Modelwindow.__EQUANAUT_CONFIG__.modelEQUANAUT_MODELclaude-sonnet-4-20250514
Webpack proxy/equanaut-apilocalhost:19792 or Hetzner server
Timeout60,000ms
Retry2 attempts, 1s initial delay, 10s max, 1.5x timeout multiplier

3. Data Model

AgentConfig

FieldTypeDefault
apiKeystringANTHROPIC_API_KEY env
modelstringclaude-sonnet-4-20250514
maxTokensnumber4096
maxToolCallsPerMinutenumber30
maxWriteOperationsPerMinutenumber10
maxDestructivePerHournumber5
confirmWriteOperationsbooleantrue

ToolDefinition

FieldTypeDescription
namestringTool identifier
descriptionstringHuman-readable description
categoryToolCategoryread, write, or destructive
inputSchemaToolInputSchemaJSON Schema for tool parameters
requiredPermissionstring?Permission needed to access tool
confirmationRequiredbooleanAuto-true for write/destructive
doubleConfirmRequiredboolean?Auto-true for destructive

PendingConfirmation (in-memory)

FieldTypeDescription
idstringUUID
toolCallToolCallTool name + input
userIdUuidRequesting user
organizationIdUuidTarget organization
conversationIdstringChat session ID
claudeMessagesany[]Message history for continuation
priorToolResultsany[]Results from batch tools before this confirmation
createdAtDate
expiresAtDate5 minutes from creation
claimedbooleanTOCTOU protection

AgentAuditLog

FieldTypeDescription
typestringAlways agent_action
userUuidActing user
organizationUuidTarget organization
data.toolstringTool name
data.argumentsobjectTool input
data.resultstringsuccess, failed, or cancelled
data.conversationIdstringChat session
data.timestampDate
data.executionTimeMsnumber?Execution duration

OnboardingContext

FieldTypeDescription
idstringUUID
userIdUuid?Linked after signup
emailstringUser email
initialPromptstringFree-text describing the organization
statusOnboardingStatusStatus enum
setupResultOnboardingSetupResult?Organization build result
analysisResultOnboardingAnalysisResult?AI analysis output
clarifyingQuestionsClarifyingQuestion[]?Generated questions
confidenceScoresobject?Per-category confidence
createdAt / updatedAt / expiresAtDateTimestamps

4. API Endpoints

Chat & Tools

MethodPathAuthDescription
GET/api/v1/agent/statusNoneHealth check — returns { enabled: true, version: '1.0.0' }
POST/api/v1/agent/chatSession + canViewOrganizationSend message, receive response or confirmation request
POST/api/v1/agent/confirmSessionConfirm or cancel a pending action
GET/api/v1/organization/:organization/agent/contextSession + canViewOrganizationGet assembled context for an organization
GET/api/v1/organization/:organization/agent/toolsSession + canViewOrganizationList available tools filtered by user permissions

Onboarding (Authenticated)

MethodPathAuthDescription
POST/api/v1/agent/onboarding/linkSessionLink authenticated user to pre-existing onboarding context
POST/api/v1/agent/onboarding/setupSessionTrigger organization setup from onboarding context
GET/api/v1/agent/onboarding/first-loginSessionCheck for pending onboarding on first login
POST/api/v1/agent/onboarding/completeSessionMark onboarding as completed
POST/api/v1/agent/onboarding/analyzeSessionTrigger AI analysis of onboarding context
POST/api/v1/agent/onboarding/buildSessionBuild organization from analysis results
POST/api/v1/agent/onboarding/clarifySessionSubmit answer to clarifying question
POST/api/v1/agent/onboarding/correctSessionSubmit correction to showcase item

Onboarding (Public)

MethodPathAuthDescription
POST/api/v1/agent/onboarding/createPublicCreate onboarding context (pre-registration)
GET/api/v1/agent/onboarding/:idPublicRetrieve onboarding context
GET/api/v1/agent/onboarding/analysis-status/:idPublicCheck analysis completion status
GET/api/v1/agent/onboarding/questions/:idPublicGet clarifying questions
GET/api/v1/agent/onboarding/showcase/:idPublicGet showcase data for review

5. Frontend Components

Module: equa-web/src/modules/equanaut/

Core Components:
ComponentFilePurpose
EquanautSidebarcomponents/EquanautSidebar.tsxMain sidebar container for the assistant
ChatContainercomponents/ChatContainer.tsxChat message list with scroll management
ChatInputcomponents/ChatInput.tsxMessage input with send button
ChatMessagecomponents/ChatMessage.tsxIndividual message bubble (user/assistant)
Headercomponents/Header.tsxSidebar header with title and controls
StatusBarcomponents/StatusBar.tsxConnection/loading status display
MarkdownRenderercomponents/MarkdownRenderer.tsxRenders assistant markdown responses
Iconscomponents/Icons.tsxSVG icon components
Tool Execution & Confirmation:
ComponentFilePurpose
ToolExecutionPanelcomponents/ToolExecutionPanel.tsxDisplays executing tool steps with status indicators
ConfirmationDialogcomponents/ConfirmationDialog.tsxConfirm/cancel dialog for write operations
ConfidenceBadgecomponents/ConfidenceBadge.tsxConfidence score indicator
Conversation Management:
ComponentFilePurpose
ConversationListcomponents/ConversationList.tsxList of past conversations
ConversationItemcomponents/ConversationItem.tsxSingle conversation entry
MessageFeedbackcomponents/MessageFeedback.tsxThumbs up/down feedback on messages
Onboarding Flow:
ComponentFilePurpose
OnboardingFlowcomponents/OnboardingFlow.tsxAI-guided onboarding experience
MVPShowcasecomponents/MVPShowcase.tsxPreview of extracted organization data
ShowcaseItemcomponents/ShowcaseItem.tsxIndividual item with confidence and edit
InlineEditorcomponents/InlineEditor.tsxIn-place editing for corrections
ClarifyingQuestionsFlowcomponents/ClarifyingQuestionsFlow.tsxQ&A flow for missing information
ClarifyingQuestioncomponents/ClarifyingQuestion.tsxSingle question with suggested answers
Services:
ServiceFilePurpose
agentServiceservices/api/agent/agent-service.tsAPI client for all agent endpoints (chat, confirm, context, tools, onboarding)
ActionExecutorservices/ActionExecutor.tsClient-side action execution orchestration
chat/messagesservices/api/chat/messages.tsMessage formatting utilities
Context Providers:
ProviderFilePurpose
EquanautProvidercontext/EquanautProvider.tsxTop-level provider for Equanaut state
AgentContextProvidercontext/AgentContextProvider.tsxAgent context (org, tools) management
PageContextProvidercontext/PageContextProvider.tsxCurrent page context for the agent
FormRegistrycontext/FormRegistry.tsxTracks active forms for context-aware assistance
Hooks:
HookFilePurpose
useAgentChathooks/useAgentChat.tsCore chat state management (messages, loading, pending actions, conversation ID)
useChathooks/useChat.tsChat session management
useMessageFeedbackhooks/useMessageFeedback.tsFeedback state for message ratings
useClickOutsidehooks/useClickOutside.tsClick-outside handler for closing sidebar

6. Business Rules

  1. Agent availability is gated by ANTHROPIC_API_KEY — if absent, isAgentEnabled() returns false and all endpoints return disabled status. Can also be explicitly disabled via AGENT_ENABLED=false.
  2. Permission enforcement: Users can only access tools they have permissions for. filterToolsByPermissions() strips unauthorized tools from the Claude tool list.
  3. Organization access: permissionProxy.hasOrganizationAccess() is checked before any chat request. Unauthorized users receive an error.
  4. Confirmation flow: All write operations require user confirmation before execution. Destructive operations require double confirmation. Confirmations expire after 5 minutes.
  5. Rate limiting: Per user-org pair — max 30 tool calls/min, 10 write ops/min, 5 destructive ops/hour (configurable via env).
  6. Audit trail: Every tool execution is logged with user, org, tool, arguments, result, and timing.
  7. Context injection: The system prompt includes organization stats, cap table summary, member summary, and document summary for grounded responses.
  8. Batch tool execution: When Claude requests multiple tools, read-only tools execute immediately. The first write/destructive tool in a batch triggers confirmation, preserving prior tool results for continuation.
  9. Onboarding public endpoints: create, get context, analysis-status, questions, and showcase are public (pre-registration). All mutation endpoints require authentication.
  10. Onboarding expiry: Contexts have an expiresAt field; expired contexts transition to expired status.
  11. Frontend retry: API calls retry up to 2 times with exponential backoff (1s initial, 10s max, 1.5x multiplier).

7. Acceptance Criteria

  • User can open the Equanaut sidebar and send a chat message
  • Agent responds with accurate information about the user’s organization
  • Read-only tool calls execute without confirmation prompts
  • Write operations display a confirmation dialog before execution
  • Destructive operations display a double-confirmation dialog
  • Confirmed actions execute and return results to the conversation
  • Cancelled actions abort cleanly with a cancellation message
  • Confirmation requests expire after 5 minutes
  • Rate-limited requests return a clear error with retry timing
  • Users without organization access receive a permission error
  • Tool list is filtered to only show tools the user has permission for
  • Onboarding flow: user can describe their company and get an AI-built organization
  • Onboarding analysis extracts entities, equity info, and security types with confidence scores
  • Clarifying questions flow works for ambiguous inputs
  • Showcase displays extracted data with inline editing for corrections
  • Agent audit log captures all tool executions
  • Agent gracefully handles Anthropic API errors

8. Risks

RiskImpactMitigation
Pending confirmations stored in memoryLost on server restart, potential data loss if user confirmed mid-restartPersist to database (noted as TODO in source)
Claude model costs per conversationUncontrolled spend with active usersRate limiting exists; add per-user/per-org spend caps
Tool execution errors not rolled backPartial state changes if multi-tool operation fails partwayImplement compensating transactions for critical write operations
Context assembly queries full DB on each messagePerformance degradation with large organizationsCache context with TTL; use buildWithSummaries (already summarizes)
Onboarding analysis confidence may be lowUsers may get incorrect organization setupShowcase review with inline corrections + clarifying questions mitigate this
Webpack proxy to localhost:19792 assumes local dev or HetznerProduction deployment requires proper proxy/routing configurationDocument production deployment path with reverse proxy
No conversation persistenceChat history lost on page refreshImplement conversation storage (backend or localStorage)
window.__EQUANAUT_CONFIG__ global injectionConfiguration scattered across webpack, env vars, and runtime globalsConsolidate to a single configuration source