An AI Chief of Staff

Suhas Bhairav released AICoS, an open-source AI Chief of Staff workspace that turns department-level CSV uploads into live dashboards, Slack-derived action items, and board-ready PDF reports. The tool integrates with Supabase, OpenAI, HubSpot, Linear, and Notion to synthesize metrics for CEOs and operators.

Turn every department's metrics into board-ready decisions, Slack-aware action tracking, executive scorecards, Supabase vector memory, CEO chat, PDF reports, board memos, and guarded AI recommendations. Created by Suhas Bhairav Independent personal project. Completely open source under the MIT License. AICoS - AI Chief of Staff is an operating intelligence workspace for CEOs, founders, operators, and functional leaders. It turns department-level CSV uploads into live dashboards, current Supabase JSONB snapshots, Slack-derived action items, historical trend imports, board memos, and OpenAI-generated recommendations. The product is designed around a simple idea: every important department should report the metrics a serious CEO would actually inspect, and the Executive dashboard should synthesize those signals into company-level operating judgment. | CEO-level rollups across value creation, cash, GTM efficiency, customer/product health, risk, and execution posture. | Finance, Sales, Marketing, Product, HR, Legal, IT, Operations, Support, Risk, Strategy, R&D, and Executive views. | OpenAI calls happen only when a user clicks | || | Flexible department snapshots are stored as JSONB, so changing columns does not require schema churn. | Real Slack OAuth, Web API, Events API, signed request verification, task harvesting, and message snapshots. | All OpenAI calls are protected against prompt injection, jailbreaks, secret leakage, and unsafe task mutations. | || | Sync the full CRM deal pipeline for open pipeline, weighted forecast, stage mix, stale deals, top opportunities, and owner accountability. | Chat about any department, retrieve Supabase vector evidence, and escalate to guarded OpenAI synthesis only when the CEO asks. | Sync Linear issues for open load, urgent work, overdue tickets, stale execution, team pressure, project risk, and completion throughput. | Sync a real Notion OKR database into Product to track objectives, key results, owners, progress, status, risk, and due dates. | Every CSV upload is appended to an immutable Supabase import ledger for multi-period analysis. | | Beautiful reports include cover pages, AI synthesis, KPI snapshots, chart tables, department tables, and methodology. | |||| | Generates board-facing PDFs and stores memo metadata/content in Supabase. | | Area | What It Does | Storage / Engine | |---|---|---| | Executive dashboard | Summarizes all departments into CEO scorecards | Supabase JSONB | | Department dashboards | Calculates KPI cards and charts from uploaded CSVs | Browser CSV parser + Supabase | | AI synthesis | Generates CEO and department recommendations | OpenAI Responses API | | CEO Chat | Retrieves department evidence and answers CEO questions | Supabase pgvector + OpenAI | | Product OKRs | Syncs live Notion OKRs into the Product dashboard | Notion API + Supabase | | Deal Pipeline | Tracks HubSpot pipeline health for the CEO | HubSpot CRM API + Supabase | | Ticket Overview | Tracks Linear execution health for the CEO | Linear npm SDK + Supabase | | Slack integration | Reads channels/DMs, replies, harvests commitments | Slack OAuth + Events API | | Master To-Do | Tracks tasks, waiting-on items, delegated work | Supabase summary JSON | | Historical imports | Preserves every upload for trend analysis | department snapshot history | | PDF reports | Exports dashboard state and OpenAI explanation | jspdf + jspdf-autotable | | Board memos | Saves and exports board-facing memo narratives | board memos | | Guardrails | Blocks jailbreaks and wraps untrusted data | Shared OpenAI guardrail layer | This is not a generic BI dashboard. It focuses on the metrics CEOs, CFOs, operators, and investors actually care about: Growth QualityARR, revenue growth, NRR, Rule of 40 | Cash Disciplineburn multiple, runway, FCF margin, operating expenses | GTM Efficiencypipeline, bookings, CAC, LTV:CAC, CAC payback, win rate | Product Healthactivation, retention, adoption, NPS, P1 bugs, velocity | Customer HealthCSAT, NPS, backlog, escalation rate, response/resolution time | Operational Executionthroughput, yield, defect rate, on-time delivery, inventory turns | Risk Postureenterprise risk, audit score, control coverage, unmitigated risks | Strategic LeverageTAM coverage, market share, partnerships, M&A pipeline | The Executive dashboard intentionally avoids naive technical metrics like row count or column count as core charts. Those are relegated to the data-store table. Executive charts focus on operating outcomes. ai-chief-of-staff/ frontend/ app/ page.js Home command center departments/ slug /page.js Department + executive dashboards slack/page.js Live Slack workspace UI todo/page.js Master To-Do command center integrations/page.js Slack integration hub assistant/page.js CEO chat over Supabase vector memory pipeline/page.js HubSpot CEO deal pipeline tickets/page.js Linear CEO ticket overview api/ analytics/ department /route.js Guarded OpenAI recommendations ceo-chat/route.js Retrieval planner + CEO answer agent embeddings/rebuild/route.js Backfill vector memory notion/okrs/route.js Notion OKR sync and store hubspot/deals/route.js HubSpot deal pipeline sync and store linear/tickets/route.js Linear ticket sync and store current-data/route.js Supabase JSONB current store historical-data/route.js Historical trend import ledger board-memos/route.js Board memo persistence slack/... Slack OAuth, events, channels todo/route.js Master To-Do sync and mutation lib/ current-data-store.js Supabase read/write + org rollup openai/department-embeddings.js OpenAI embeddings + pgvector retrieval openai/guardrails.js Enterprise AI guardrails slack/server.js Slack OAuth/API helpers supabase/server.js Server-side Supabase client supabase/ schema.sql Table creation SQL README.md Supabase setup notes slack/ slack-app-manifest.example.json Slack app manifest template backend/ main.py FastAPI CSV parsing scaffold php flowchart LR A Department CSV Upload -- B Next.js API B -- C Supabase department snapshots B -- D Supabase department snapshot history B -- M Supabase department embeddings C -- E Executive Rollup D -- F Historical Trend Ledger M -- N CEO Chat Retrieval E -- G CEO Dashboard G -- H Guarded OpenAI Synthesis N -- H H -- I PDF Report / Board Memo J Slack Events API -- K Task Harvester K -- L Master To-Do - A department user downloads a CSV template. - The user uploads operating data in that department dashboard. - The frontend parses the CSV into records. /api/current-data upserts the current department snapshot.- The same upload is appended to the historical import ledger. - Executive rollups calculate org-level scorecards. - Uploads refresh Supabase vector embeddings for CEO chat retrieval. - OpenAI recommendations are generated only on explicit button clicks or chat sends. - PDF reports and board memos export from the live dashboard state. - Slack events and channel sync harvest commitments into the Master To-Do. Primary tables: | Table | Purpose | |---|---| department snapshots | One current JSONB snapshot per department | organization summaries | Latest executive rollup and summary content | department snapshot history | Immutable historical import ledger | board memos | Saved board memo metadata and JSON content | department embeddings | pgvector chunks for CEO chat and department retrieval | notion okr snapshots | Synced Notion Product OKR snapshots | hubspot deal snapshots | Synced HubSpot deal pipeline snapshots | linear ticket snapshots | Synced Linear issue snapshots | slack installations | Active Slack workspace installs and bot tokens | slack events | Signed Slack Events API webhook ledger | slack message snapshots | Slack channel/DM message snapshots | Run supabase/schema.sql /suhasbhairav/ai-chief-of-staff/blob/master/supabase/schema.sql in the Supabase SQL Editor before starting the app. The schema enables pgvector and exposes match department embeddings for cosine-similarity search. All OpenAI API calls use frontend/lib/openai/guardrails.js /suhasbhairav/ai-chief-of-staff/blob/master/frontend/lib/openai/guardrails.js . Prompt Injection DefenseBlocks direct jailbreak and secret-exfiltration prompts before model calls. | Secret RedactionRedacts common API key, Slack token, JWT, password, and service-role patterns. | Untrusted Data WrappingSlack messages, CSV-derived JSON, tasks, and dashboards are marked as evidence, not instructions. | Payload CapsNormalizes and truncates oversized inputs before OpenAI calls. | Guarded Responses APIAll model calls go through guardedResponsesCreate . | Action ValidationTask resolve/delegate/add actions are validated before mutation. | If a direct request resembles a jailbreak or credential-exfiltration attempt, the API blocks it before it reaches OpenAI. This is a real Slack integration, not a simulator. OAuth /api/integrations/slack/authorize and callback token exchange. | Events APISigned request verification at /api/slack/events . | Web API conversations.list , conversations.history , chat.postMessage . | Task HarvestingSlack messages are analyzed and converted into Master To-Do items. | Create a Slack app using slack/slack-app-manifest.example.json /suhasbhairav/ai-chief-of-staff/blob/master/slack/slack-app-manifest.example.json , replacing YOUR APP DOMAIN.com with your deployed app domain. Required Slack URLs: Redirect URL: https://your-app-domain.com/api/integrations/slack/callback Events URL: https://your-app-domain.com/api/slack/events Required bot scopes: app mentions:read channels:history channels:join channels:read chat:write chat:write.public groups:history groups:read im:history im:read im:write mpim:history mpim:read team:read users:read Required bot events: app mention message.channels message.groups message.im message.mpim After install, open /integrations and connect Slack. Then use /slack for the live workspace view, /todo to sync harvested commitments, and Slack DMs/app mentions to talk to Aegis from inside Slack. This is a real Notion integration for Product OKR tracking. - Create a Notion internal integration. - Copy the integration secret. - Share your Product OKR database with that integration. - Copy the database ID from the Notion database URL. - Add the values in Vercel env vars or connect manually from /integrations . - Open /departments/product and click Sync Notion OKRs . Recommended database properties: Objective Key Result Owner Status Progress Quarter Due Date Department Priority Confidence The parser is flexible and also recognizes common variants like Name , KR , DRI , State , % Complete , Cycle , and Target Date . This is a real HubSpot CRM integration for CEO-level deal pipeline tracking. - Create a HubSpot Private App. - Add CRM read scopes for deals, pipelines, and owners. - Copy the Private App access token. - Add it in Vercel env vars or connect manually from /integrations . - Open /pipeline and click Sync HubSpot Deals . The pipeline dashboard tracks open pipeline, weighted forecast, next 90-day forecast, stale deals, open deal count, average deal size, pipeline by stage, pipeline by HubSpot pipeline, and top open deals. This is a real Linear integration using Linear's official npm SDK. - Create a Linear personal API key from Linear account security settings. - Add it in Vercel env vars or connect manually from /integrations . - Open /tickets and click Sync Linear Tickets . The ticket overview tracks open tickets, urgent issues, overdue work, stale execution, completed issues in the last 30 days, average open age, team load, priority mix, and CEO risk queue. | | For the best report, upload department CSVs first and click Fetch Suggestions before exporting. Create frontend/.env.local or configure the same variables in Vercel: OPENAI API KEY=your openai api key here OPENAI EMBEDDING MODEL=text-embedding-3-small NEXT PUBLIC SUPABASE URL=https://your-project.supabase.co SUPABASE SERVICE ROLE KEY=your supabase service role or secret key NEXT PUBLIC APP URL=https://your-app-domain.com SLACK CLIENT ID=your slack client id SLACK CLIENT SECRET=your slack client secret SLACK SIGNING SECRET=your slack signing secret NOTION API KEY=your notion internal integration secret NOTION OKR DATABASE ID=your product okr database id HUBSPOT ACCESS TOKEN=your hubspot private app access token LINEAR API KEY=your linear personal api key Do not commit real .env files. They are ignored by .gitignore . cd frontend npm install npm run dev Open: http://localhost:3000 Production check: cd frontend npm run lint npm run build The backend is a FastAPI scaffold for CSV ingestion and validation. The current frontend primarily uses Next.js API routes for Supabase-backed JSONB storage, but the backend is available for future API-backed ingestion. cd backend python -m venv venv source venv/bin/activate pip install fastapi uvicorn python-multipart python main.py Health check: GET http://127.0.0.1:8000/health FinanceARR, revenue growth, margin, FCF, cash, runway, burn multiple | Salespipeline, bookings, ARR won, win rate, quota, churn-risk ARR | Marketingspend, MQL, SQL, CAC, LTV, CAC payback, ROAS | Productactive users, activation, retention, NPS, velocity, P1 bugs | Operationsthroughput, demand, delivery, inventory, defects, unit cost | HRheadcount, attrition, eNPS, revenue per employee, time to hire | Supporttickets, first response, resolution time, CSAT, NPS, backlog | Riskrisk score, controls, audit score, mitigations, security findings | StrategyTAM coverage, market share, partnerships, competitive win rate | Legal / IT / R&Dcontracts, compliance, uptime, cloud spend, IP, experiments | The Executive dashboard rolls up Supabase department JSON into four CEO scorecards: | Scorecard | Metrics | |---|---| | Value Creation and Cash | Rule of 40, NRR, gross margin, runway | | GTM Efficiency | qualified pipeline, bookings, CAC payback, win rate | | Customer and Product Health | 30-day retention, NPS, CSAT, activation | | Risk and Execution Posture | enterprise risk, audit score, on-time delivery, security incidents | The Executive page also includes a metrics glossary so operators can understand what each metric means and how it should be interpreted. - Start at the home command center. - Visit each department dashboard. - Download the department CSV template. - Fill it with monthly operating data. - Upload the CSV. - Confirm charts and KPI cards update. - Return to Executive. - Review the combined scorecards. - Click Fetch Org Suggestions . - Open /assistant to ask CEO-level questions grounded in Supabase vector memory. - Open /pipeline to sync and inspect the HubSpot deal pipeline. - Open /tickets to sync and inspect Linear execution health. - Export a PDF report or board memo. - Use /todo and /slack to track commitments and follow-ups. / Home command center /departments/executive Executive dashboard /departments/finance Finance dashboard /departments/sales Sales dashboard /integrations Tool integrations hub /slack Live Slack workspace /todo Master To-Do /assistant CEO chat over Supabase vector memory /pipeline HubSpot CEO deal pipeline /tickets Linear CEO ticket overview /api/current-data Supabase JSONB store /api/historical-data Supabase historical import ledger /api/board-memos Supabase board memo storage /api/analytics/ department Guarded OpenAI analysis endpoint /api/ceo-chat Retrieval planner and CEO answer agent /api/embeddings/rebuild Supabase vector memory backfill /api/notion/okrs Notion Product OKR sync endpoint /api/hubspot/deals HubSpot deal pipeline sync endpoint /api/linear/tickets Linear ticket overview sync endpoint /api/integrations/slack/authorize Slack OAuth start /api/integrations/slack/callback Slack OAuth callback /api/slack/events Slack Events API endpoint /api/slack/channels Slack conversations.list endpoint - User authentication and role-based access control - Department schema validation - Automated anomaly detection before OpenAI synthesis - Slack/email action routing to department owners - Permissioned multi-company workspaces - Audit log viewer for Slack events, OpenAI calls, and board memo generation This is a completely open-source, local-first MVP of an AI operating system for company leadership. It is an independent personal project designed to be credible in front of founders, operators, investors, and technical reviewers, while remaining small enough to iterate quickly. MIT License. See LICENSE /suhasbhairav/ai-chief-of-staff/blob/master/LICENSE .