Quick reference for agent configuration and governance.
| Role | Name | Key Authority |
|---|---|---|
R-DS |
Domain Steward | Semantic ownership |
R-AG |
Arch Governor | CALM compliance |
R-SO |
Security Officer | Break-glass |
R-RM |
Release Manager | Deployment |
R-AA |
Automated Agent | Task execution |
1
2
3
4
5
6
7
8
{
"agentId": "agent-001",
"role": "R-AA",
"sponsor": "R-DS:sponsor",
"skills": [
{ "skillId": "skill-1", "requires_approval": false }
]
}
| Action | HITL |
|---|---|
| Read-only | No |
| Recommend | No |
| Mutate | Yes |
| Deploy | Yes |
GET /.well-known/agent.json
1
2
3
4
5
@kernel.filter(FilterTypes.FUNCTION_INVOCATION)
async def governance(context, next):
if context.function.metadata.get("requires_approval"):
await require_hitl_approval(context)
return await next(context)
| Rule | Enforcement |
|---|---|
| SOD-01 | Proposer ≠ Approver |
| SOD-02 | Requester ≠ Acceptor |
| SOD-03 | R-SO approves break-glass |
Last Updated: January 2026