Workflow approval model

• SEO diagnostics — review a target page and produce a Claude-ready implementation prompt + checklist.
• Keyword opportunity review — rank watchlist keywords by opportunity score, produce per-keyword Claude prompts grounded in operator-provided data only.
• AI visibility review — requires the MCP AI visibility context. Identifies pages with AI crawler / referral opportunities.
• Traffic drop investigation — requires the MCP analytics context. Prepares a structured investigation checklist + Claude deep-dive prompt.
• Technical cleanup brief — prepares a safe Claude / Codex prompt for repo cleanup. The agent never executes the cleanup.

1. Prepare. The operator picks a template + fills in optional inputs. The agent builds a deterministic plan (goal, data used, steps, risks, expected output) and parks the workflow in awaiting_approval. Templates whose data source isn’t connected return missing_data and never fabricate context.
2. Review. The operator reads the plan and decides whether to proceed. Plans always list the files / pages affected — for these templates that list is empty, because the agent’s only output is a prompt or checklist.
3. Approve or reject. Approval is explicit: the operator clicks Approve. Rejected workflows never execute.
4. Execute. Only an approved workflow can be executed. The agent’s `execute` returns invalid_transition for any other state. Execution generates the safe output (Claude prompt, operator checklist, markdown brief) and marks the workflow completed.

• No auto-push of code.
• No auto-deploy.
• No auto-publish of content.
• No auto-edit of live websites.
• No automatic PRs.
• No data deletion.
• No DNS or billing changes.
• No automated emails to users.
• No background MCP write tools.

Every workflow result is workspace-scoped. The plan + result carry only operator-readable scalars + the safe Claude prompt the agent generates. Raw API responses, OAuth tokens, billing secrets, and database URLs never land in a workflow record.