Governance for AI Agents: The Working Guide
Agent governance answers three questions for any action an agent took: what allowed it, what evidence did it act on, and who could have stopped it. The working parts are permission profiles (what it may do), human gates (what needs approval), hook-written audit logs (what actually happened), and a named owner (who answers for it).
Key takeaways
- Enumerate consequential actions concretely: deploy, spend, delete, publish, send. Vibe-based gates become either nags or holes.
- Hook-written logs are ground truth; agent-written reports are testimony. Audits need the first.
- Minimum permission footprint per task beats trust: scope what the agent can touch to what the task needs.
- Over-gating produces approval fatigue, which produces rubber-stamping, which removes the protection.
- Accountability resolves to a named human, not a team alias.
The three questions
For any action an agent took, governance answers: what allowed it (the permission profile), what evidence did it act on (the audit trail), and who could have stopped it (the gate and the owner). A deployment that can answer all three passes audit; one that cannot is a pilot regardless of what the roadmap calls it.
The working parts
Permission profiles
A permission profile declares what the agent may do without asking: which tools, paths, commands, and network access. The design principle is minimum footprint per task: an agent editing documentation does not need shell access, and the profile should say so. This is the cheapest control in the stack, and the one that makes every other control matter less, because an agent that cannot exfiltrate does not need to be trusted not to.
Human gates
Gates put approval where reversal cost exceeds approval cost. The craft is enumeration: deploy, spend, delete, publish, send, and whatever your domain adds. Concretely listed actions gate mechanically; vibes-based gating produces either a nag the operator learns to click through or a hole an edge case walks through. And calibrate the volume: over-gating produces approval fatigue, fatigue produces rubber stamps, and rubber stamps are the removal of the control with extra steps.
Hook-written audit logs
Agent-written records are testimony; hook-written logs are evidence. The distinction is who holds the pen: a lifecycle hook appends every tool call to a log the agent cannot edit, which makes the record trustworthy precisely because the agent had no vote. Log tool calls, not just conversation, and give the log its own access control; it now contains your operational reality.
A named owner
Accountability that resolves to a team alias resolves to nobody at the exact moment it matters. Every production agent has one named human owner, a review cadence, and a kill switch documented before it is needed. The operating manual template is one page and covers all three.
Boundaries inside skills
Governance also lives inside the artifacts: a skill's never-do list is a permission profile at procedure granularity, and it is what makes auto-triggering safe. When you adopt third-party skills, their boundaries (or absence) are part of your governance posture, which is why the evaluation checklist treats boundary review as non-optional.
Start this week
- Enumerate your consequential actions (thirty minutes, honestly).
- Write the permission profile for your highest-traffic agent.
- Add one gate where reversal cost is highest.
- Wire a hook-written log.
- Name the owner and schedule the review.
The governance checklist walks all five with check items. Level 5 of the Maturity Model is this list, kept current.
Frequently asked questions
What is agent governance?
The layer keeping agents safe, scoped, and accountable: permission systems, boundaries in skills, approval gates for consequential actions, and audit logs written by infrastructure the agent cannot edit.
Where do I start with agent governance?
Enumerate your consequential actions, write the permission profile, add one human gate where reversal cost is highest, and wire a hook-written log. The full checklist is one page.
How much governance is too much?
When approvals become rubber stamps, gates have exceeded attention. Gate by blast radius, not by category; most actions should never prompt.
Summary
- Topic
- AI agent governance
- Definition
- Permissions, gates, hook-written logs, and named ownership around agent actions
- Best used for
- Production and enterprise agent deployments
- Related concepts
- governance, human gate, permission profile, audit log
- Common mistakes
- Unenumerated gates, agent-written audit trails, ownership by alias, over-gating
- Recommendation
- Start from the governance checklist; gate by blast radius; log by hook