Navigate

Agent Directory
15 specialists
Agent Benchmarks
Eval results
Agent Governance
Safety & controls
Advisory
Mentorship & consulting
Newsletter
Weekly insights
Pricing
About
Members
Member login

Resources

Blog

Deep dives

Knowledge Hub

200+ answers

Skill Packs

Ready to use

Community

Join the lab

Company

AboutFAQ
Agent Governance

Controlled. Enforced. Audited.

Every tool call passes through an infrastructure-level governance engine. Not prompt-level suggestions. Hard enforcement that agents cannot override.

72 governance tests. 4 permission levels. Full audit trail.

Why governance is infrastructure, not instructions

AI agents that can send emails, post to social media, modify brand assets, and interact with web pages need technical enforcement. Prompt-level rules ("don't send emails autonomously") can be ignored, forgotten, or overridden by sufficiently complex prompts. The governance engine operates outside the agent's context window. There is no way for an agent to bypass it.

Permission Levels

Four levels, configurable per agent and per tool category. Clients customize these during onboarding.

Allow

Execute silently. For low-risk operations you trust completely (file reads, search).

Log

Execute and record to audit trail. For operations you want visibility into but don't need to approve.

Require Approval

Pause and ask for human approval before executing. For sensitive operations like sending messages.

Deny

Block outright with an explanation. Agent cannot perform this action under any circumstances.

What's Governed

External Comms

Slack, Gmail, LinkedIn, Twitter, ConvertKit, Pipedream services

Require Approval

Browser Automation

Chrome DevTools clicks, form fills, typing. Read-only actions are not gated.

Require Approval

File Writes

Creating or editing files. Protected paths always require approval.

Log

Sub-agent Spawn

Launching specialist agents. Orchestrators need this to delegate.

Allow

Autonomous Agent Lockdown

Background steward agents run on scheduled cadences without human oversight. They are the highest-risk execution context. The steward policy is the most restrictive governance layer.

Stewards CANNOT

×Send any message (Slack, email, LinkedIn)
×Interact with browser pages
×Write or edit files
×Run shell commands
×Spawn sub-agents

Stewards CAN

Read files and search the codebase
Search the web for intelligence
Fetch web pages for analysis
Report findings via session output

Protected Paths

These file paths always require human approval for writes, regardless of the agent's general permission level.

client-context/**

Brand config, voice guides, business profiles, competitor data

config/governance.json

The governance rules themselves (self-referential protection)

.claude/agents/**

Agent definitions and system prompts

.claude/settings.json

Hook configuration and permission settings

Audit Trail

Every governed action is logged to an append-only audit trail. Agents cannot modify or delete entries.

TimestampWhen the action was attempted
AgentWhich agent made the request
ToolWhat tool was called
CategoryWhich governance category matched
DecisionAllow, log, require approval, or deny
ReasonHuman-readable explanation
SourceWhich rule fired (steward, override, protected, default)
Input SummaryAbbreviated tool input for context

Fail Closed

If the governance config is missing or corrupt, the engine falls back to the most restrictive defaults. A broken config never results in an open system.

External commsRequire approval
Browser automationRequire approval
File writesRequire approval
Sub-agent spawningRequire approval
StewardsDenied everything except read and search

Governance rules are per-deployment. Each client gets a configuration that matches their risk tolerance and workflow.

Agent BenchmarksHomepage