AI Agent Governance Checklist

The minimum governance layer for a production agent deployment: permissions, destructive-action policy, logging, human gates, data boundaries. Copy it below, fill the bracketed fields, delete what you don't need.

governance-checklist.md
# Agent governance checklist: [system name]
Date: [date] · Owner: [name]

## Permission model
- [ ] Agent runs under a defined permission profile, not ambient user rights
- [ ] File/network/shell access scoped to the task's actual needs
- [ ] Permission escalation requires human approval

## Destructive-action policy
- [ ] Destructive operations enumerated (delete, deploy, publish, spend, send)
- [ ] Each is gated: blocked, human-approved, or sandboxed
- [ ] Skills carry never-do boundaries consistent with this policy

## Audit logging
- [ ] Actions logged by infrastructure the agent cannot edit
- [ ] Log covers tool calls, not just conversation
- [ ] Retention and access control defined

## Human gates
- [ ] Consequential actions defined with thresholds (blast radius, cost, externality)
- [ ] Above-threshold actions require named-human approval
- [ ] Escalation path exists when the agent is blocked or uncertain

## Data boundaries
- [ ] Sensitive data classes the agent may/may not read are listed
- [ ] Memory systems have write rules excluding secrets and personal data
- [ ] External transmission (APIs, publishing) is enumerated and approved

## Review cadence
- [ ] This checklist re-run on: [schedule]
- [ ] Owner for incidents: [name]

Field notes

FieldWhy it matters
Audit logging"By infrastructure the agent cannot edit" is the load-bearing phrase. Agent-written logs record beliefs; hook-written logs record events.
Destructive-action policyEnumerate first. Most governance failures are actions nobody classified as destructive until one happened.

Go deeper