AIHawk applies to jobs on the user's behalf. It fills out forms, submits applications, and interacts with real hiring platforms using the user's credentials. An autonomous agent submitting legal documents (job applications) with a person's name on them is the exact scenario that needs governance infrastructure.
Three problems:
1. No application limit enforcement. The user says "apply to 50 jobs" but the agent applies to 200 because a loop didn't terminate correctly. Without a hard delegation limit, there's no backstop.
2. No scope constraints on what the agent submits. The agent has access to the user's resume, cover letter templates, and potentially other personal documents. There's no enforcement preventing the agent from accessing or transmitting documents outside the intended scope.
3. No signed proof of what was submitted where. When the user wants to know "which jobs did you apply to and what did you send," the answer is the agent's self-report. There's no independent, tamper-evident record.
from agent_passport_system import create_delegation, govern_action
# User authorizes: apply to software engineer roles, max 50 applications
delegation = create_delegation(
delegated_to=agent_key,
delegated_by=user_key,
scope=[
"job:apply:software-engineer",
"document:read:resume.pdf",
"document:read:cover-letter-template.md",
"browser:navigate:linkedin",
"browser:navigate:indeed"
],
# no document:read for other files
# no browser:navigate for non-job sites
spend_limit=5000, # 50 applications × $1 estimated cost each
expires_in_seconds=86400
)
# Agent tries to access a document outside scope → blocked
result = govern_action(
action={"type": "document:read", "path": "/home/user/tax-returns.pdf"},
delegation=delegation,
passport=agent_passport
)
# Blocked: tax-returns.pdf not in scope. Signed receipt.Every application submission produces a signed receipt: which job posting, which documents were sent, what platform, what time. The receipt chain is the user's record of what was done in their name.
pip install agent-passport-system (v0.8.0, Apache-2.0) or npm install agent-passport-system (v1.36.2).
When an agent acts on your behalf in a context with legal implications (submitting applications with your personal information), governance isn't a feature — it's a liability shield.
AIHawk applies to jobs on the user's behalf. It fills out forms, submits applications, and interacts with real hiring platforms using the user's credentials. An autonomous agent submitting legal documents (job applications) with a person's name on them is the exact scenario that needs governance infrastructure.
Three problems:
1. No application limit enforcement. The user says "apply to 50 jobs" but the agent applies to 200 because a loop didn't terminate correctly. Without a hard delegation limit, there's no backstop.
2. No scope constraints on what the agent submits. The agent has access to the user's resume, cover letter templates, and potentially other personal documents. There's no enforcement preventing the agent from accessing or transmitting documents outside the intended scope.
3. No signed proof of what was submitted where. When the user wants to know "which jobs did you apply to and what did you send," the answer is the agent's self-report. There's no independent, tamper-evident record.
Every application submission produces a signed receipt: which job posting, which documents were sent, what platform, what time. The receipt chain is the user's record of what was done in their name.
pip install agent-passport-system(v0.8.0, Apache-2.0) ornpm install agent-passport-system(v1.36.2).When an agent acts on your behalf in a context with legal implications (submitting applications with your personal information), governance isn't a feature — it's a liability shield.