Turn every department's metrics into board-ready decisions, Slack-aware action tracking, executive scorecards, Supabase vector memory, CEO chat, PDF reports, board memos, and guarded AI recommendations.
Created by Suhas Bhairav
Independent personal project. Completely open source under the MIT License.
AICoS - AI Chief of Staff is an operating intelligence workspace for CEOs, founders, operators, and functional leaders. It turns department-level CSV uploads into live dashboards, current Supabase JSONB snapshots, Slack-derived action items, historical trend imports, board memos, and OpenAI-generated recommendations.
The product is designed around a simple idea: every important department should report the metrics a serious CEO would actually inspect, and the Executive dashboard should synthesize those signals into company-level operating judgment.
| CEO-level rollups across value creation, cash, GTM efficiency, customer/product health, risk, and execution posture. | Finance, Sales, Marketing, Product, HR, Legal, IT, Operations, Support, Risk, Strategy, R&D, and Executive views. | OpenAI calls happen only when a user clicks | || | Flexible department snapshots are stored as JSONB, so changing columns does not require schema churn. | Real Slack OAuth, Web API, Events API, signed request verification, task harvesting, and message snapshots. | All OpenAI calls are protected against prompt injection, jailbreaks, secret leakage, and unsafe task mutations. | || | Sync the full CRM deal pipeline for open pipeline, weighted forecast, stage mix, stale deals, top opportunities, and owner accountability. | Chat about any department, retrieve Supabase vector evidence, and escalate to guarded OpenAI synthesis only when the CEO asks. | Sync Linear issues for open load, urgent work, overdue tickets, stale execution, team pressure, project risk, and completion throughput. | Sync a real Notion OKR database into Product to track objectives, key results, owners, progress, status, risk, and due dates. | Every CSV upload is appended to an immutable Supabase import ledger for multi-period analysis. | | Beautiful reports include cover pages, AI synthesis, KPI snapshots, chart tables, department tables, and methodology. | |||| | Generates board-facing PDFs and stores memo metadata/content in Supabase. |
| Area | What It Does | Storage / Engine |
|---|---|---|
| Executive dashboard | Summarizes all departments into CEO scorecards | Supabase JSONB |
| Department dashboards | Calculates KPI cards and charts from uploaded CSVs | Browser CSV parser + Supabase |
| AI synthesis | Generates CEO and department recommendations | OpenAI Responses API |
| CEO Chat | Retrieves department evidence and answers CEO questions | Supabase pgvector + OpenAI |
| Product OKRs | Syncs live Notion OKRs into the Product dashboard | Notion API + Supabase |
| Deal Pipeline | Tracks HubSpot pipeline health for the CEO | HubSpot CRM API + Supabase |
| Ticket Overview | Tracks Linear execution health for the CEO | Linear npm SDK + Supabase |
| Slack integration | Reads channels/DMs, replies, harvests commitments | Slack OAuth + Events API |
| Master To-Do | Tracks tasks, waiting-on items, delegated work | Supabase summary JSON |
| Historical imports | Preserves every upload for trend analysis | department_snapshot_history |
| PDF reports | Exports dashboard state and OpenAI explanation | jspdf + jspdf-autotable |
| Board memos | Saves and exports board-facing memo narratives | board_memos |
| Guardrails | Blocks jailbreaks and wraps untrusted data | Shared OpenAI guardrail layer |
This is not a generic BI dashboard. It focuses on the metrics CEOs, CFOs, operators, and investors actually care about:
Growth QualityARR, revenue growth, NRR, Rule of 40 | Cash Disciplineburn multiple, runway, FCF margin, operating expenses | GTM Efficiencypipeline, bookings, CAC, LTV:CAC, CAC payback, win rate | Product Healthactivation, retention, adoption, NPS, P1 bugs, velocity | Customer HealthCSAT, NPS, backlog, escalation rate, response/resolution time | Operational Executionthroughput, yield, defect rate, on-time delivery, inventory turns | Risk Postureenterprise risk, audit score, control coverage, unmitigated risks | Strategic LeverageTAM coverage, market share, partnerships, M&A pipeline |
The Executive dashboard intentionally avoids naive technical metrics like row count or column count as core charts. Those are relegated to the data-store table. Executive charts focus on operating outcomes.
ai-chief-of-staff/
frontend/
app/
page.js # Home command center
departments/[slug]/page.js # Department + executive dashboards
slack/page.js # Live Slack workspace UI
todo/page.js # Master To-Do command center
integrations/page.js # Slack integration hub
assistant/page.js # CEO chat over Supabase vector memory
pipeline/page.js # HubSpot CEO deal pipeline
tickets/page.js # Linear CEO ticket overview
api/
analytics/[department]/route.js # Guarded OpenAI recommendations
ceo-chat/route.js # Retrieval planner + CEO answer agent
embeddings/rebuild/route.js # Backfill vector memory
notion/okrs/route.js # Notion OKR sync and store
hubspot/deals/route.js # HubSpot deal pipeline sync and store
linear/tickets/route.js # Linear ticket sync and store
current-data/route.js # Supabase JSONB current store
historical-data/route.js # Historical trend import ledger
board-memos/route.js # Board memo persistence
slack/... # Slack OAuth, events, channels
todo/route.js # Master To-Do sync and mutation
lib/
current-data-store.js # Supabase read/write + org rollup
openai/department-embeddings.js # OpenAI embeddings + pgvector retrieval
openai/guardrails.js # Enterprise AI guardrails
slack/server.js # Slack OAuth/API helpers
supabase/server.js # Server-side Supabase client
supabase/
schema.sql # Table creation SQL
README.md # Supabase setup notes
slack/
slack-app-manifest.example.json # Slack app manifest template
backend/
main.py # FastAPI CSV parsing scaffold
php
flowchart LR
A[Department CSV Upload] --> B[Next.js API]
B --> C[Supabase department_snapshots]
B --> D[Supabase department_snapshot_history]
B --> M[Supabase department_embeddings]
C --> E[Executive Rollup]
D --> F[Historical Trend Ledger]
M --> N[CEO Chat Retrieval]
E --> G[CEO Dashboard]
G --> H[Guarded OpenAI Synthesis]
N --> H
H --> I[PDF Report / Board Memo]
J[Slack Events API] --> K[Task Harvester]
K --> L[Master To-Do]
- A department user downloads a CSV template.
- The user uploads operating data in that department dashboard.
- The frontend parses the CSV into records.
/api/current-data
upserts the current department snapshot.- The same upload is appended to the historical import ledger.
- Executive rollups calculate org-level scorecards.
- Uploads refresh Supabase vector embeddings for CEO chat retrieval.
- OpenAI recommendations are generated only on explicit button clicks or chat sends.
- PDF reports and board memos export from the live dashboard state.
- Slack events and channel sync harvest commitments into the Master To-Do.
Primary tables:
| Table | Purpose |
|---|---|
department_snapshots |
|
| One current JSONB snapshot per department | |
organization_summaries |
|
| Latest executive rollup and summary content | |
department_snapshot_history |
|
| Immutable historical import ledger | |
board_memos |
|
| Saved board memo metadata and JSON content | |
department_embeddings |
|
| pgvector chunks for CEO chat and department retrieval | |
notion_okr_snapshots |
|
| Synced Notion Product OKR snapshots | |
hubspot_deal_snapshots |
|
| Synced HubSpot deal pipeline snapshots | |
linear_ticket_snapshots |
|
| Synced Linear issue snapshots | |
slack_installations |
|
| Active Slack workspace installs and bot tokens | |
slack_events |
|
| Signed Slack Events API webhook ledger | |
slack_message_snapshots |
|
| Slack channel/DM message snapshots |
Run supabase/schema.sql in the Supabase SQL Editor before starting the app.
The schema enables pgvector
and exposes match_department_embeddings
for cosine-similarity search.
All OpenAI API calls use frontend/lib/openai/guardrails.js.
Prompt Injection DefenseBlocks direct jailbreak and secret-exfiltration prompts before model calls. |
Secret RedactionRedacts common API key, Slack token, JWT, password, and service-role patterns. |
Untrusted Data WrappingSlack messages, CSV-derived JSON, tasks, and dashboards are marked as evidence, not instructions. |
Payload CapsNormalizes and truncates oversized inputs before OpenAI calls. |
Guarded Responses APIAll model calls go through guardedResponsesCreate . |
Action ValidationTask resolve/delegate/add actions are validated before mutation. |
If a direct request resembles a jailbreak or credential-exfiltration attempt, the API blocks it before it reaches OpenAI.
This is a real Slack integration, not a simulator.
OAuth/api/integrations/slack/authorize and callback token exchange. |
Events APISigned request verification at /api/slack/events . |
Web APIconversations.list , conversations.history , chat.postMessage . |
Task HarvestingSlack messages are analyzed and converted into Master To-Do items. |
Create a Slack app using slack/slack-app-manifest.example.json, replacing YOUR_APP_DOMAIN.com
with your deployed app domain.
Required Slack URLs:
Redirect URL: https://your-app-domain.com/api/integrations/slack/callback
Events URL: https://your-app-domain.com/api/slack/events
Required bot scopes:
app_mentions:read
channels:history
channels:join
channels:read
chat:write
chat:write.public
groups:history
groups:read
im:history
im:read
im:write
mpim:history
mpim:read
team:read
users:read
Required bot events:
app_mention
message.channels
message.groups
message.im
message.mpim
After install, open /integrations
and connect Slack. Then use /slack
for the live workspace view, /todo
to sync harvested commitments, and Slack DMs/app mentions to talk to Aegis from inside Slack.
This is a real Notion integration for Product OKR tracking.
- Create a Notion internal integration.
- Copy the integration secret.
- Share your Product OKR database with that integration.
- Copy the database ID from the Notion database URL.
- Add the values in Vercel env vars or connect manually from
/integrations
. - Open
/departments/product
and clickSync Notion OKRs
.
Recommended database properties:
Objective
Key Result
Owner
Status
Progress
Quarter
Due Date
Department
Priority
Confidence
The parser is flexible and also recognizes common variants like Name
, KR
, DRI
, State
, % Complete
, Cycle
, and Target Date
.
This is a real HubSpot CRM integration for CEO-level deal pipeline tracking.
- Create a HubSpot Private App.
- Add CRM read scopes for deals, pipelines, and owners.
- Copy the Private App access token.
- Add it in Vercel env vars or connect manually from
/integrations
. - Open
/pipeline
and clickSync HubSpot Deals
.
The pipeline dashboard tracks open pipeline, weighted forecast, next 90-day forecast, stale deals, open deal count, average deal size, pipeline by stage, pipeline by HubSpot pipeline, and top open deals.
This is a real Linear integration using Linear's official npm SDK.
- Create a Linear personal API key from Linear account security settings.
- Add it in Vercel env vars or connect manually from
/integrations
. - Open
/tickets
and clickSync Linear Tickets
.
The ticket overview tracks open tickets, urgent issues, overdue work, stale execution, completed issues in the last 30 days, average open age, team load, priority mix, and CEO risk queue.
| |
For the best report, upload department CSVs first and click Fetch Suggestions
before exporting.
Create frontend/.env.local
or configure the same variables in Vercel:
OPENAI_API_KEY=your_openai_api_key_here
OPENAI_EMBEDDING_MODEL=text-embedding-3-small
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
SUPABASE_SERVICE_ROLE_KEY=your_supabase_service_role_or_secret_key
NEXT_PUBLIC_APP_URL=https://your-app-domain.com
SLACK_CLIENT_ID=your_slack_client_id
SLACK_CLIENT_SECRET=your_slack_client_secret
SLACK_SIGNING_SECRET=your_slack_signing_secret
NOTION_API_KEY=your_notion_internal_integration_secret
NOTION_OKR_DATABASE_ID=your_product_okr_database_id
HUBSPOT_ACCESS_TOKEN=your_hubspot_private_app_access_token
LINEAR_API_KEY=your_linear_personal_api_key
Do not commit real .env
files. They are ignored by .gitignore
.
cd frontend
npm install
npm run dev
Open:
http://localhost:3000
Production check:
cd frontend
npm run lint
npm run build
The backend is a FastAPI scaffold for CSV ingestion and validation. The current frontend primarily uses Next.js API routes for Supabase-backed JSONB storage, but the backend is available for future API-backed ingestion.
cd backend
python -m venv venv
source venv/bin/activate
pip install fastapi uvicorn python-multipart
python main.py
Health check:
GET http://127.0.0.1:8000/health
FinanceARR, revenue growth, margin, FCF, cash, runway, burn multiple | Salespipeline, bookings, ARR won, win rate, quota, churn-risk ARR | Marketingspend, MQL, SQL, CAC, LTV, CAC payback, ROAS | Productactive users, activation, retention, NPS, velocity, P1 bugs | Operationsthroughput, demand, delivery, inventory, defects, unit cost | HRheadcount, attrition, eNPS, revenue per employee, time to hire | Supporttickets, first response, resolution time, CSAT, NPS, backlog | Riskrisk score, controls, audit score, mitigations, security findings | StrategyTAM coverage, market share, partnerships, competitive win rate | Legal / IT / R&Dcontracts, compliance, uptime, cloud spend, IP, experiments |
The Executive dashboard rolls up Supabase department JSON into four CEO scorecards:
| Scorecard | Metrics |
|---|---|
| Value Creation and Cash | Rule of 40, NRR, gross margin, runway |
| GTM Efficiency | qualified pipeline, bookings, CAC payback, win rate |
| Customer and Product Health | 30-day retention, NPS, CSAT, activation |
| Risk and Execution Posture | enterprise risk, audit score, on-time delivery, security incidents |
The Executive page also includes a metrics glossary so operators can understand what each metric means and how it should be interpreted.
- Start at the home command center.
- Visit each department dashboard.
- Download the department CSV template.
- Fill it with monthly operating data.
- Upload the CSV.
- Confirm charts and KPI cards update.
- Return to Executive.
- Review the combined scorecards.
- Click
Fetch Org Suggestions
. - Open
/assistant
to ask CEO-level questions grounded in Supabase vector memory. - Open
/pipeline
to sync and inspect the HubSpot deal pipeline. - Open
/tickets
to sync and inspect Linear execution health. - Export a PDF report or board memo.
- Use
/todo
and/slack
to track commitments and follow-ups.
/ Home command center
/departments/executive Executive dashboard
/departments/finance Finance dashboard
/departments/sales Sales dashboard
/integrations Tool integrations hub
/slack Live Slack workspace
/todo Master To-Do
/assistant CEO chat over Supabase vector memory
/pipeline HubSpot CEO deal pipeline
/tickets Linear CEO ticket overview
/api/current-data Supabase JSONB store
/api/historical-data Supabase historical import ledger
/api/board-memos Supabase board memo storage
/api/analytics/[department] Guarded OpenAI analysis endpoint
/api/ceo-chat Retrieval planner and CEO answer agent
/api/embeddings/rebuild Supabase vector memory backfill
/api/notion/okrs Notion Product OKR sync endpoint
/api/hubspot/deals HubSpot deal pipeline sync endpoint
/api/linear/tickets Linear ticket overview sync endpoint
/api/integrations/slack/authorize Slack OAuth start
/api/integrations/slack/callback Slack OAuth callback
/api/slack/events Slack Events API endpoint
/api/slack/channels Slack conversations.list endpoint
- User authentication and role-based access control
- Department schema validation
- Automated anomaly detection before OpenAI synthesis
- Slack/email action routing to department owners
- Permissioned multi-company workspaces
- Audit log viewer for Slack events, OpenAI calls, and board memo generation
This is a completely open-source, local-first MVP of an AI operating system for company leadership. It is an independent personal project designed to be credible in front of founders, operators, investors, and technical reviewers, while remaining small enough to iterate quickly.
MIT License. See LICENSE.