Origin
AI Agent Governance Architecture was built to make agent deployments defensible at the level a reasonable organization would expect — not by adding monitoring and dashboards on top, but by constraining the runtime itself. Most agent governance is rhetorical. A policy document declares what the agent should and should not do; the agent occasionally complies. The architecture closes that loop. Every action an agent takes passes through the Action Governance Engine before it executes. Policy is not a document the agent is asked to consult. It is a runtime that determines whether the action happens.
Design
An action enters through Action Intake — declared inputs, declared targets, declared effect class. Policy Evaluation runs against a hardened policy schema with strict precedence and specificity rules. Concurrency Control prevents conflicting actions from executing in race conditions through a lock model with fairness and arbitration. Execution Decision routes the action through one of four approval classes: Immediate, Bounded Delay, Timeout-Escalate, or Timeout-Block. Recovery is classified before execution into one of three taxonomies — Reversible, Compensatable, or Contain-Only — and an irreversible action carries that label into approval, where the bar is higher.
Structure
Policy grammar is bounded by design. No loops. No recursion. No dynamic execution. Maximum nesting depth. Conditions are evaluated as pure functions over declared inputs. This is not a stylistic constraint — it is what makes evaluation provably deterministic and what makes policy auditable as a property of the grammar itself, not as a property of any particular policy. Approval state transitions are a hardened state machine: created, pending, in-review, approved, rejected, escalated, expired. Lock contention has fairness guarantees and deadlock prevention through canonical ordering. Non-suppressible signals — policy ambiguity, enforcement failure, irreversible execution, lock contention loops, approval system failure — never pass through filters. They always reach oversight. Learning Governance allows the system to propose changes to policies based on observed patterns. It does not allow the system to modify the policy grammar, the evaluation logic, the precedence rules, or the approval system. Hard invariants are encoded in code, not in documentation.
Defense
The architecture is the proof. A policy written in this grammar terminates. The evaluator's behavior on any given action is a function of the action and the active policies, both of which are recorded. Precedence and specificity are deterministic. Approval transitions are auditable as a state machine. Lock acquisition is ordered. Recovery class is declared before execution and recorded after.
When an organization is asked what controls existed around an agent at the moment a specific action occurred, every component of the answer is retrievable from the run record — not as a narrative reconstruction, but as the actual data the runtime used to make the decision. Bounded discretion, structurally enforced, is the entire claim.
Status
In development. Action Governance Engine specified and architected. Policy schema hardened. Recovery taxonomy and approval state machine locked. Learning Governance constraints defined. Designed to integrate as the runtime layer beneath Prestruct's pre-execution governance.
