AI Agent Governance Checklist
The minimum governance layer for a production agent deployment: permissions, destructive-action policy, logging, human gates, data boundaries. Copy it below, fill the bracketed fields, delete what you don't need.
# Agent governance checklist: [system name]
Date: [date] · Owner: [name]
## Permission model
- [ ] Agent runs under a defined permission profile, not ambient user rights
- [ ] File/network/shell access scoped to the task's actual needs
- [ ] Permission escalation requires human approval
## Destructive-action policy
- [ ] Destructive operations enumerated (delete, deploy, publish, spend, send)
- [ ] Each is gated: blocked, human-approved, or sandboxed
- [ ] Skills carry never-do boundaries consistent with this policy
## Audit logging
- [ ] Actions logged by infrastructure the agent cannot edit
- [ ] Log covers tool calls, not just conversation
- [ ] Retention and access control defined
## Human gates
- [ ] Consequential actions defined with thresholds (blast radius, cost, externality)
- [ ] Above-threshold actions require named-human approval
- [ ] Escalation path exists when the agent is blocked or uncertain
## Data boundaries
- [ ] Sensitive data classes the agent may/may not read are listed
- [ ] Memory systems have write rules excluding secrets and personal data
- [ ] External transmission (APIs, publishing) is enumerated and approved
## Review cadence
- [ ] This checklist re-run on: [schedule]
- [ ] Owner for incidents: [name]
Field notes
| Field | Why it matters |
|---|---|
| Audit logging | "By infrastructure the agent cannot edit" is the load-bearing phrase. Agent-written logs record beliefs; hook-written logs record events. |
| Destructive-action policy | Enumerate first. Most governance failures are actions nobody classified as destructive until one happened. |