HITL, audit trails, and break-glass protocols for agents.
| Action | HITL Required |
|---|---|
| Recommend changes | No |
| Execute read-only | No |
| Mutate data | Yes |
| Deploy to production | Yes |
| Accept semantic debt | Yes |
1
2
3
4
5
6
7
8
9
10
11
12
@kernel.filter(FilterTypes.FUNCTION_INVOCATION)
async def hitl_filter(context, next):
if context.function.metadata.get("requires_approval"):
approval = await request_hitl_approval({
"function": context.function.name,
"arguments": context.arguments,
"agent": context.agent_id,
"sponsor": context.sponsor_id
})
if not approval.granted:
raise HITLRejected(approval.reason)
return await next(context)
All agent actions logged to Evidence Service (SDS-043):
1
2
3
4
5
6
7
8
9
10
11
12
{
"type": "agent.action",
"agentId": "pm-agent-001",
"sponsor": "R-DS:jane.doe",
"action": "recommend_changes",
"input": {...},
"output": {...},
"timestamp": "2026-01-05T10:00:00Z",
"duration_ms": 150,
"hitl_required": false,
"hitl_approved": null
}
1
GET /governance/audit?agentId=pm-agent-001&from=2026-01-01
Emergency override of governance controls.
requested → approved |
denied → active → expired |
revoked |
1
2
3
4
5
6
7
8
9
10
11
12
13
POST /governance/break-glass
{
"requestedBy": "R-RM:john.doe",
"scope": {
"bypassedControls": ["hitl_requirement"],
"affectedAgents": ["pm-agent-001"]
},
"reason": {
"category": "production_outage",
"description": "Critical fix needed",
"ticketReference": "INC-12345"
}
}
| Constraint | Value |
|---|---|
| Max duration | 4 hours |
| Max renewals | 2 |
| Approver | R-SO only |
I-BG-01: Must be approved by R-SOI-BG-02: Max 4 hours initialI-BG-03: All actions during active window loggedI-BG-04: Controls restored on expiry/revocationSee Authority_Rules.md for complete SoD rules.
Last Updated: January 2026