Building a Cron Scheduler for AI Agent Tasks
Building a Cron Scheduler for AI Agent Tasks
AI agents are increasingly being used for recurring tasks: daily code reviews, scheduled dependency updates, periodic security scans, automated report generation. These tasks need to run on a schedule, and they need to run safely — especially when no human is actively watching.
SafeClaw's cron scheduler lets you define recurring agent tasks with the same safety guardrails that protect interactive sessions. Here's how we built it.
The Challenge
Existing cron systems (system cron, node-cron, cloud schedulers) can trigger agent tasks just fine. The problem is that those tasks run without the safety context that SafeClaw provides. A scheduled agent task that runs at 3 AM has no human available to approve escalations. If it encounters an unexpected situation, it either fails silently or proceeds unsafely.
We needed a scheduler that understood SafeClaw's safety model natively — one that could apply policies, enforce budgets, and handle escalations even when the task is unattended.
Design Principles
Familiar Syntax — We use standard cron expressions. If you know cron, you know SafeClaw's scheduler. No proprietary syntax, no learning curve. Policy-Bound Execution — Every scheduled task is bound to a specific policy profile. The profile defines what the agent can and cannot do during that task. Scheduled tasks typically use more restrictive profiles than interactive sessions, since there's no human in the loop. Fail-Closed on Escalation — When a scheduled task triggers an escalation and no human is available, the task pauses. It doesn't skip the action, it doesn't proceed without approval, it doesn't retry indefinitely. It pauses and waits. When a human becomes available, they see the pending escalation and can approve or deny it. Budget Scoping — Each scheduled task gets its own budget pool. A daily code review might have a $2 budget. If the agent exceeds it, the task stops cleanly and reports what it accomplished within the budget.Architecture
The scheduler runs as a background process within SafeClaw's daemon. It maintains a priority queue of upcoming tasks, sorted by next execution time. When a task's time arrives, the scheduler:
The scheduler is resilient to restarts. Task definitions are persisted, and on startup, the scheduler calculates the next execution time for each task based on its cron expression and last run time. Missed executions during downtime can be configured to run immediately on restart or skip to the next scheduled time.
Deferred Escalations
The most interesting design challenge was handling escalations in unattended tasks. We introduced the concept of deferred escalations — escalated actions that are stored with full context and presented to the next human who opens SafeClaw.
Deferred escalations include a snapshot of the task's state at the point of escalation: what the agent was trying to do, what it had already accomplished, and what remains. This gives the human enough context to make an informed decision, even hours after the escalation occurred.
Defining Scheduled Tasks
Tasks are defined in your SafeClaw configuration file:
``yaml
schedules:
- name: "daily-dependency-check"
cron: "0 9 1-5"
policy: "readonly-strict"
budget: 2.00
agent: "claude-code"
task: "Review dependencies for security updates"
``Full configuration options are in our documentation.
What's Next
We're working on task chaining — the ability to define multi-step workflows where one scheduled task's output feeds into the next. We're also exploring integration with calendar APIs so that scheduled tasks automatically avoid meeting times and on-call rotations.
The scheduler source code is on GitHub. We're keen to hear how teams are using scheduled agent tasks and what features would make the scheduler more useful.