# Workshop 2 of 3 — Run with Claude Code Terminal **What you build:** The full 10-agent AI Guardrail Lab pipeline — Incident Collector → Root Cause → Threat Modeling → Guardrail Designer → Dev Process Integration → Policy-as-Code → Claude Hook → Evidence & Audit → Critic → Workshop Orchestrator. No TypeScript required; each agent runs as a paste-in prompt into Claude Code that points it at the agent's instruction files. **Time:** ~30 – 45 minutes of agent runtime plus a few minutes of operator review between stages. **Prerequisites:** - Claude Code installed and authenticated (Anthropic API key, or Vertex / Bedrock routing) - `git` installed - Read access to [github.com/metaweavehq/ai-guardrail-lab](https://github.com/metaweavehq/ai-guardrail-lab) (public) - ~500 MB free disk space **Public workshop repo:** [github.com/metaweavehq/ai-guardrail-lab](https://github.com/metaweavehq/ai-guardrail-lab) — 10 agent instruction bundles + the `workshop-artifacts` skill. **Previous:** Workshop 1 of 3 — Build with the Claude Agent SDK (single + multi-agent in TypeScript). **Next:** Workshop 3 of 3 — Test Generated Hooks (wire the hooks Agent 7 generates back into the SDK runner from Workshop 1). --- This workshop runs each specialist agent directly inside Claude Code terminal. The agents are not imported as Claude Code custom subagents. Each agent already has its own instruction folder. For each step, paste one prompt into Claude Code that tells Claude to read that agent's instruction files and complete the task. Important: these instruction bundles were originally designed for LifeOSAI runtime agents. In this terminal workshop, Claude should use the files for role, workflow, tools, quality bar, and output contracts only. It must not call LifeOSAI APIs, check out tasks, post LifeOSAI comments, update issue status, or require `LIFEOSAI_*` environment variables. ## What You Need Clone the public workshop package: ```text https://github.com/metaweavehq/ai-guardrail-lab ``` The package contains these folders: ```text agents/ skills/workshop-artifacts/ ``` ## 1. Create A Working Directory Clone the public package. The clone itself creates the working directory: ```bash git clone https://github.com/metaweavehq/ai-guardrail-lab.git ai-guardrail-workshop cd ai-guardrail-workshop ``` ## 2. Install The Workshop Skill Locally Claude Code reads project skills from `.claude/skills`. The package already has the skill under `skills/workshop-artifacts`, so copy it into `.claude/skills`: ```bash mkdir -p .claude/skills workshop-outputs/data cp -R skills/workshop-artifacts .claude/skills/workshop-artifacts ``` After setup, the working directory should look like this: ```text ai-guardrail-workshop/ agents/ incident-collector-agent/ AGENTS.md HEARTBEAT.md SOUL.md TOOLS.md root-cause-agent/ AGENTS.md HEARTBEAT.md SOUL.md TOOLS.md ... .claude/ skills/ workshop-artifacts/ SKILL.md references/ templates/ workshop-outputs/ data/ ``` ## 3. Start Claude Code Start Claude Code from inside the working directory: ```bash claude ``` Each agent is tested by pasting the matching prompt below. ## 4. Agent 1: Incident Collector Paste this into Claude Code: ```text You are the Incident Collector Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/incident-collector-agent/AGENTS.md - agents/incident-collector-agent/HEARTBEAT.md - agents/incident-collector-agent/SOUL.md - agents/incident-collector-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Create the initial incident evidence registry for the workshop. Collect 5 verified GenAI, LLM, coding-agent, or agentic-AI incidents from the last 6 months. Use discovery agents first, then independent verifier agents. Write the required JSONL, markdown, research, and dashboard artifacts under workshop-outputs/. Before writing final incidents, reject weak, duplicated, generic, or out-of-window candidates. ``` Expected outputs: ```text workshop-outputs/data/incidents.jsonl workshop-outputs/research/incident-candidates.jsonl workshop-outputs/research/incident-verification.jsonl workshop-outputs/01-incident-registry.md workshop-outputs/dashboard/ ``` ## 5. Agent 2: Root Cause Agent Paste this into Claude Code after Agent 1 finishes: ```text You are the Root Cause Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/root-cause-agent/AGENTS.md - agents/root-cause-agent/HEARTBEAT.md - agents/root-cause-agent/SOUL.md - agents/root-cause-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Analyze the collected incident corpus and produce the root-cause analysis handoff. Use workshop-outputs/data/incidents.jsonl and workshop-outputs/01-incident-registry.md as the input. Separate observed facts, technical causes, process causes, organizational causes, uncertainty, and evidence gaps. ``` Expected outputs: ```text workshop-outputs/data/root-causes.jsonl workshop-outputs/02-root-cause-analysis.md ``` ## 6. Agent 3: Threat Modeling Agent Paste this into Claude Code after Agent 2 finishes: ```text You are the Threat Modeling Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/threat-modeling-agent/AGENTS.md - agents/threat-modeling-agent/HEARTBEAT.md - agents/threat-modeling-agent/SOUL.md - agents/threat-modeling-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Review the incident and root-cause artifacts, cluster them into recurring threat groups, map those groups to MITRE ATLAS where supported, and produce the threat-modeling handoff. Do not create one threat model per incident unless the agent instructions require it; prefer reusable threat groups. ``` Expected outputs: ```text workshop-outputs/data/threat-models.jsonl workshop-outputs/03-threat-models.md ``` ## 7. Agent 4: Guardrail Designer Agent Paste this into Claude Code after Agent 3 finishes: ```text You are the Guardrail Designer Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/guardrail-designer-agent/AGENTS.md - agents/guardrail-designer-agent/HEARTBEAT.md - agents/guardrail-designer-agent/SOUL.md - agents/guardrail-designer-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Review the incident, root-cause, and threat-model artifacts and design concrete guardrails. Cover preventive controls, detection controls, blocking controls, audit controls, approval gates, enforcement points, required evidence, residual risks, and implementation handoff notes. ``` Expected outputs: ```text workshop-outputs/data/guardrails.jsonl workshop-outputs/04-guardrail-design.md ``` ## 8. Agent 5: Dev Process Integration Agent Paste this into Claude Code after Agent 4 finishes: ```text You are the Dev Process Integration Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/dev-process-integration-agent/AGENTS.md - agents/dev-process-integration-agent/HEARTBEAT.md - agents/dev-process-integration-agent/SOUL.md - agents/dev-process-integration-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Review the guardrail design artifacts and map them into PDLC, SDLC, Claude Code, and Claude Agent SDK process controls. Include product risk checkpoints, design reviews, implementation gates, code review/test/CI/release controls, SDK options, permission modes, allowed and disallowed tools, hooks, approval routing, audit checkpoints, session handling, and subagent controls. ``` Expected outputs: ```text workshop-outputs/data/dev-process-controls.jsonl workshop-outputs/05-dev-process-integration.md ``` ## 9. Agent 6: Policy-as-Code Agent Paste this into Claude Code after Agent 5 finishes: ```text You are the Policy-as-Code Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/policy-as-code-agent/AGENTS.md - agents/policy-as-code-agent/HEARTBEAT.md - agents/policy-as-code-agent/SOUL.md - agents/policy-as-code-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Review the PDLC, SDLC, and Claude Agent SDK process controls and convert them into machine-readable policy-as-code artifacts. Produce policy files for agent guardrail profiles, tool permissions, protected paths, approval routing, audit events, and any other policy families required by the instruction files. ``` Expected outputs: ```text workshop-outputs/data/policy-as-code.jsonl workshop-outputs/06-policy-as-code.md workshop-outputs/policies/ ``` ## 10. Agent 7: Claude Hook Agent Paste this into Claude Code after Agent 6 finishes: ```text You are the Claude Hook Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/claude-hook-agent/AGENTS.md - agents/claude-hook-agent/HEARTBEAT.md - agents/claude-hook-agent/SOUL.md - agents/claude-hook-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Review the policy-as-code artifacts and produce Claude Agent SDK hook prototypes for the workshop. Cover user prompt classification, pre-tool-use blocking and approvals, post-tool-use audit validation, permission request routing, subagent lifecycle controls, session-end audit closure, and hook configuration examples. ``` Expected outputs: ```text workshop-outputs/data/claude-hooks.jsonl workshop-outputs/07-claude-hooks.md workshop-outputs/claude-hooks/ ``` ## 11. Agent 8: Evidence And Audit Agent Paste this into Claude Code after Agent 7 finishes: ```text You are the Evidence and Audit Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/evidence-audit-agent/AGENTS.md - agents/evidence-audit-agent/HEARTBEAT.md - agents/evidence-audit-agent/SOUL.md - agents/evidence-audit-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Review the Claude hook prototypes and all prior workshop artifacts. Build the evidence and audit handoff, including traceability, decision rationale, references, check results, approval history, retention notes, redaction notes, and audit gaps. ``` Expected outputs: ```text workshop-outputs/data/audit-evidence.jsonl workshop-outputs/08-evidence-audit.md ``` ## 12. Agent 9: Critic Agent Paste this into Claude Code after Agent 8 finishes: ```text You are the Critic Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/critic-agent/AGENTS.md - agents/critic-agent/HEARTBEAT.md - agents/critic-agent/SOUL.md - agents/critic-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Review the complete workshop prototype. Find evidence gaps, weak assumptions, missing threat coverage, incomplete guardrails, unenforceable policies, hook implementation gaps, audit traceability gaps, dashboard issues, and final report risks. Produce the final critique, gap register, remediation plan, and readiness checklist. ``` Expected outputs: ```text workshop-outputs/data/critic-findings.jsonl workshop-outputs/09-critic-review.md ``` ## 13. Agent 10: Workshop Orchestrator Agent Paste this into Claude Code after Agent 9 finishes: ```text You are the Workshop Orchestrator Agent for the AI Incident Analysis and Guardrail Design workshop. First read and follow these instruction files: - agents/workshop-orchestrator-agent/AGENTS.md - agents/workshop-orchestrator-agent/HEARTBEAT.md - agents/workshop-orchestrator-agent/SOUL.md - agents/workshop-orchestrator-agent/TOOLS.md Also use the workshop-artifacts skill from .claude/skills/workshop-artifacts. Standalone terminal mode: - Do not call LifeOSAI APIs. - Do not check out, update, comment on, or close LifeOSAI tasks. - Do not require LIFEOSAI_* environment variables. - Treat HEARTBEAT.md as workflow and output guidance only; skip LifeOSAI runtime steps. - Write files directly under workshop-outputs/. Task: Coordinate the full workshop pipeline. Inspect all specialist outputs, verify artifact handoffs, check dashboard readiness, route any rework to the right stage, and prepare the final workshop report and demo readiness material. ``` Expected outputs: ```text workshop-outputs/final-report.md workshop-outputs/readiness-checklist.md ``` ## 14. Check The Outputs List generated files: ```bash find workshop-outputs -maxdepth 3 -type f | sort ``` Check JSONL line counts: ```bash wc -l workshop-outputs/data/*.jsonl ``` Open the dashboard from the file viewer, or serve the folder locally: ```bash python3 -m http.server 8080 ``` Then open: ```text http://localhost:8080/workshop-outputs/dashboard/ ``` ## 15. Common Fixes If the `workshop-artifacts` skill is missing: - confirm it exists at `.claude/skills/workshop-artifacts/SKILL.md` - confirm it includes `references/` and `templates/` If an agent cannot find its instruction files: - confirm the `agents/` folder is directly inside the working directory - confirm each agent folder contains `AGENTS.md`, `HEARTBEAT.md`, `SOUL.md`, and `TOOLS.md` If a downstream agent cannot run: - run the previous agent first - confirm the expected JSONL input exists under `workshop-outputs/data/` If the dashboard already exists: - use it - do not replace it - later agents should only update the shared dashboard when required by the workshop-artifacts contract --- ## Next workshop Workshop 3 of 3 — **Test Generated Hooks**: take the `hooks/*.ts` files produced by Agent 7 (Claude Hook), import them dynamically, register through `options.hooks` on a Claude Agent SDK run, and record what each hook actually catches. Uses the same `src/index.ts` SDK runner you built in Workshop 1.