[FEATURE] SOSA Governance for Cowork — Treat each task as a governed agent with supervision, token budgeting, and security

Resolved 💬 2 comments Opened Mar 30, 2026 by msmobileapps Closed May 4, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Cowork sessions are effectively autonomous agents — each one consumes tokens, accesses external services (WhatsApp, Notion, Monday, Gmail, LinkedIn, X), and makes decisions independently. At scale (200+ sessions, 54 scheduled tasks), there is no centralized governance layer.

Today in Cowork:

  • No supervision hierarchy — a task sending WhatsApp messages gets the same oversight as one reading a file
  • No token budgeting — no way to set daily/weekly/monthly token ceilings, per-session budgets, or track cost-per-outcome
  • No cross-session governancelist_sessions + read_transcript exist but there's no governor pattern to use them for oversight
  • No pre-execution hooks — a session can't intercept another session's high-impact action before it executes

We developed SOSA™ (Supervised, Orchestrated, Secured, Agents) — a four-pillar methodology for production-grade autonomous AI operations — and are proposing first-class support for agent governance in Cowork.

Proposed Solution

SOSA Control Plane for Cowork

1. Supervised — Graduated Oversight

  • Each MCP tool gets an impact level (low/medium/high)
  • Low-impact actions (read Notion, search Gmail) run autonomously
  • High-impact actions (send WhatsApp, send email, post to X) require approval gates
  • Trust gradient: after N successful approvals of the same action type, auto-approve (earned autonomy)

2. Orchestrated — Token Budgeting & Active Optimization

  • Cascading token budgets: monthly → weekly → daily → per-session, with overage policies per agent category
  • Governor actively optimizes: rewrites bloated skill descriptions, consolidates overlapping scheduled tasks, kills stuck sessions, compresses context windows
  • Prioritization engine: ranks tasks by urgency × business_impact × efficiency_score; when budget runs low, low-priority tasks get throttled first
  • Plan → Act → Verify → Optimize loop: every task's token consumption feeds back into budget rebalancing

3. Secured — Zero-Trust Boundaries

  • Scan skills for hardcoded secrets
  • Prompt injection scanning on external data ingestion (WhatsApp, emails, web scrapes)
  • MCP connector version pinning and credential scope auditing

4. Agents — Formal Agent Model

Every Cowork task modeled as A = (Role, Tools, Memory, Planning) with declared boundaries, success criteria, escalation triggers, and token budgets.

What We Need from the Platform

Must-have:

  1. Pre-execution hooks — ability for a governor session to intercept tool calls from other sessions based on impact classification
  2. Token usage metadata — expose actual token counts per session (currently must estimate from transcript length)
  3. Session budget API — ability to set and enforce token ceilings per session

Nice-to-have:

  1. Session tagging — label sessions with metadata (agent category, compliance level, priority)
  2. Cross-session messaging — a governor session that can send instructions to other running sessions
  3. Scheduled task → session ID mapping — trace which session a scheduled task created

Full architecture spec: SOSA Control Plane Spec

Alternative Solutions

We're currently building a SOSA Governor as a Cowork skill + scheduled task that uses list_sessions and read_transcript to observe sessions after the fact. This works for auditing but cannot prevent high-impact actions — only detect them post-execution.

Other multi-agent frameworks (CrewAI, AutoGen, LangGraph) have built-in supervision and orchestration layers, but they don't integrate with the Cowork/Claude Code ecosystem. We need governance primitives native to the platform.

Priority

High - Significant impact on productivity

Feature Category

MCP server integration

Use Case Example

Real production scenario at MSApps (200+ Cowork sessions):

  1. I have 54 scheduled tasks running daily — invoicing, WhatsApp bot (Gali), lead management, health checks, social media outreach, employee monitoring
  2. The WhatsApp bot sends messages to real clients. A prompt injection in an incoming message could cause it to send something inappropriate — but there's no way to intercept that before it happens
  3. Low-priority health check tasks burn tokens even when the monthly budget is getting tight, because there's no way to set token ceilings or throttle by priority
  4. With SOSA governance, the Governor would: (a) classify the WhatsApp send as high-impact and require approval, (b) enforce a daily token budget per agent category, (c) throttle monitoring tasks when revenue tasks need the tokens, (d) scan incoming WhatsApp messages for injection attempts before the bot processes them
  5. This would save tokens, prevent costly mistakes, and give me confidence to let agents operate autonomously at scale

Additional Context

  • Full SOSA methodology spec: https://github.com/MSApps-Mobile/claude-plugins/blob/main/docs/SOSA.md
  • This comes from real production usage at MSApps running 200+ Cowork sessions across business functions (sales, communication, development, monitoring)
  • We're building the Governor as a skill/scheduled task workaround, but the platform needs native primitives (especially pre-execution hooks and token metadata) to make governance truly effective
  • Happy to collaborate on the design — we've already written a detailed architecture spec mapping all four SOSA pillars to Cowork's session model

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗