Every "AI for HR" piece this year talked about throughput: faster screening, faster onboarding, faster ticket resolution. None of them explained how a People team defends an automated rejection in front of the EEOC, or produces an offer-letter audit trail when the system says the recruiter sent it but the recruiter was asleep. HR is the vertical where every automated action is one subpoena away from a deposition.
Dock is built around the question the capability conversation skipped.
Three HR workflows where Dock fits
Recruiting pipeline. A typed table per role, one row per candidate, columns for stage, source, screening notes, decision rationale. A triage agent reads inbound applications, scores them against the rubric, writes attributed rows, routes the top of the funnel to the recruiter. Because every agent is a first-class principal, the screening note carries the agent id AND the owning recruiter's id. A candidate who later files an adverse-impact claim gets a coherent record of who looked at the application, not a reconstruction from chat logs.
Onboarding sequence. A doc surface holds the new-hire runbook. A table surface holds the per-hire checklist: laptop shipped, payroll set up, benefits enrolled, manager 1:1 scheduled. A sequence agent walks each hire through the checklist, marking rows complete as systems confirm, escalating stuck items. The runbook and the checklist live in the same workspace, so the agent's shared surface is also the new hire's, the manager's, and the auditor's.
Employee Q&A. A doc surface holds the knowledge base: policy, benefits, leave, accommodations. A knowledge-base agent answers questions by reading the doc and replying with citations to specific sections. When the answer needs human judgement (a leave request, an ADA accommodation, a comp question), the agent escalates instead of guessing. Its writes are scoped: it cannot edit the legal sections without a human review pass.
Why the principal model matters for HR specifically
SHRM's 2025 Benchmarking Report puts the average cost per non-executive hire at $5,475, with executive hires at $35,879 (SHRM, 2025 Recruiting Benchmarking). Every one of those hires is also a potential ATS audit, EEOC investigation, or state labour records request. When an agent screens a candidate today, the ATS records the recruiter as the actor. The recruiter has no defence when the audit asks who actually read the application.
Dock's dual-keyed audit log records the agent principal id AND the owning user id on every privileged write. The discrimination-claim question "which agent screened this candidate, what rubric did it apply, and who is accountable" is a query, not a forensic project. The agent identity layer is the substrate that makes HR records defensible at all.
Why dangerous-ops gates matter here
Gartner's May 2025 HR survey found 82% of HR leaders plan to deploy agentic AI within twelve months (Gartner, Future of AI in HR). A meaningful share will give the agent authority to send offer letters, post terminations, and change comp. None of those are recoverable. An offer letter sent in error is a binding contract. A termination revokes access, ends payroll, and ends benefits inside the hour.
Dock's dangerous-ops contract gates those operations the same way it gates plan upgrades. The agent proposes, receives a confirm token, surfaces the proposal to the owning recruiter or People partner, and only executes after the human confirms. Single-use, time-bound, bound to the specific candidate and action. The HR partner is the principal of record. The agent did the legwork. The audit log says both.
The People team's worst day, bounded
The chat-assistant pattern asks an HR team to trust that the agent will do the right thing every time. Dock asks the substrate to make the worst-case agent bounded: scoped credentials, dual-keyed attribution, dangerous-ops gates on the actions that cannot be undone. The same patterns Dock applies to finance, legal, and sales, applied to the workflows that hire and let people go.
FAQ
Does dual-keyed attribution actually satisfy an EEOC or adverse-impact audit, or is it just an internal log?
The dual-keyed audit log records the agent principal id and the owning user id on every privileged write, so the record answers the questions an investigation actually asks: which agent screened the candidate, what rubric it applied, and which human is accountable. That turns the discrimination-claim inquiry into a query rather than a forensic reconstruction from chat logs. It does not replace your legal counsel or your retention policy, but it gives them a coherent record to defend instead of a guess about who read the application.
What stops the triage agent from introducing the same adverse impact a biased human screener would?
Dock does not claim the rubric is fair, it claims the rubric is attributable and inspectable. Every screening note carries the agent id and the recruiter id, and the decision rationale is written to the row, so a flawed rubric is visible and reviewable rather than buried. The substrate makes the screening defensible by making it auditable, it does not absolve the People team of validating the rubric itself.
If an agent sends an offer letter in error, what actually prevents the binding contract from going out?
The dangerous-ops contract gates offer letters, terminations, and comp changes the same way it gates plan upgrades: the agent proposes, surfaces the proposal to the owning recruiter or People partner, and executes only after the human confirms with a single-use, time-bound token scoped to that specific candidate and action. The agent never sends the letter on its own authority. The human is the principal of record, and the audit log records both the human confirm and the agent's legwork.
Why not just run this through our existing ATS instead of moving HR work into Dock?
The ATS records the recruiter as the actor when an agent does the screening, which is exactly the gap that leaves the recruiter undefended when an audit asks who actually read the application. Dock's value is the substrate underneath: agents as first-class principals, dual-keyed attribution, scoped writes that block edits to legal sections, and dangerous-ops gates on the irreversible actions. You can keep the ATS as the system of record for postings, but the agent work needs an attribution layer the ATS was never built to provide.
