Jia Huang

← Dual-Axis Framework  ·  Cognitive function aggregation

Governance — the row

Cognitive function 7 of 7 · five patterns across the topology axis

How an agent system stays accountable: bounded authority, explicit audit trail, predictable failure containment, evidence on demand.

Position in the matrix — the whole row
Chain
Route
Parallel
Orchestrate
Loop
Hierarchy
Governance
Approval Gate
Progressive Commitment
Observability Harness
Blast Radius Control

Why this row exists

The other six cognitive functions assume the agent is allowed to act. Governance is the row that asks under what conditions. Without governance, an agent that can read can also delete; an agent that can email can also impersonate; an agent that can spend can also drain. The five governance patterns answer the four operational questions that every production agent eventually has to answer:

  • Where do we stop and ask?Approval Gate.
  • How do we contain blast radius when something goes wrong?Blast Radius Control.
  • How do we know what happened?Observability Harness.
  • How does authority earn its way up?Progressive Commitment.

Three industry pressures converged in 2025 to elevate Governance from optional to load-bearing. OWASP’s Agentic AI Top 10 reported an 88% governance-incident rate on agentic deployments. Gartner projected 40% of multi-agent projects would be cancelled by 2027, with weak governance cited as the primary cause. And in November 2025 Anthropic disclosed the first AI-orchestrated cyber-espionage campaign — an agent acting with 80–90% autonomy in an attack scenario. The argument that governance is a phase-2 concern died with that disclosure.

The five Governance patterns — one row, five topologies

Approval Gate

Governance × Route

A policy-driven gate that routes high-stakes actions to human approval. The route rule (read pass, write confirm, delete escalate) is the design surface. Deployed correctly it is the load-bearing element of agent safety; deployed wrong it is rubber-stamp theatre. The pattern with the cleanest production reference (Claude Code’s 5+1 permission modes).

Progressive Commitment

Governance × Parallel (pattern page forthcoming)

Trust earned in stages. The agent first operates with read-only authority; success promotes it to write-with-confirmation; further success promotes to write-with-audit-only; the highest tier still records but no longer interrupts. Stages run in parallel for different action categories — the agent can be trusted with formatting while still requiring approval for billing. The CSA Agentic Trust Framework’s five-gate model is the strongest enterprise reference.

Observability Harness

Governance × Orchestrate

Four signal tiers orchestrated into a single surface: latency, cost, quality, behaviour drift. Tier 4 — trajectory slope — is the conceptual contribution that distinguishes agent SRE from traditional SRE. Without it, snapshot dashboards miss the slow drift that produces 88% of cascade failures.

Blast Radius Control

Governance × Hierarchy (pattern page forthcoming)

Bounded failure scope by design. Inspired directly by Erlang/OTP bulkhead isolation and Kubernetes namespace bounds. Hierarchical because failure must be contained at each level of the agent tree — a leaf failure should not destroy a sub-tree; a sub-tree failure should not destroy the manager. The 2026 OWASP Agentic guidance cites Blast Radius Control as the most under-implemented pattern across surveyed production deployments.

Five filled cells, two empty cells in this row. Governance × Chain and Governance × Loop are structurally vacant: chain-shaped governance reduces to a sequence of gates which is just Approval Gate composed; loop-shaped governance reduces to repeated observability checks which is just Observability Harness in motion. The empty cells are not a gap — they are a design judgment.

How topology choice changes Governance behaviour

The same cognitive intent — “stay accountable” — produces four very different operational profiles depending on the topology:

  • Route (Approval Gate) — point-in-time, blocking. Latency cost paid per gated action; decision lives in a verdict log.
  • Parallel (Progressive Commitment) — time-extended, non-blocking. Trust evolves over weeks; no single decision is gated, but the threshold for the next tier is observable.
  • Orchestrate (Observability Harness) — continuous, passive. The harness records and aggregates; alerting routes through the SLO orchestrator, not at every step.
  • Hierarchy (Blast Radius Control) — structural, designed in. Failure containment is a property of the system topology itself, not a runtime decision.

Reading the row this way makes the topology axis useful as a checklist: a serious production deployment uses Governance patterns from multiple topology cells. Approval Gate alone is not enough — without Observability Harness you cannot audit it; without Blast Radius Control a single bypass cascades; without Progressive Commitment the agent never earns its way out of supervised mode.

Cross-cutting reading — engineering & policy

  • OWASP Agentic AI Top 10 OWASP · 2025-2026 The reference list for agent-specific risks. Each entry maps onto one or more Governance patterns; useful as a checklist when defending Governance investment.
  • CSA Agentic Trust Framework Cloud Security Alliance · 2025 Five-gate promotion model from dev to production. Anchors Progressive Commitment in enterprise governance vocabulary.
  • First AI-orchestrated cyber espionage campaign — Anthropic Anthropic · November 2025 The case that turned Governance from optional to load-bearing. Cited in every governance proposal in regulated industries from late 2025 onward.
  • Least Agency: Permission Scoping for Long-Horizon Agents arXiv:2509.01217 · September 2025 The formal academic argument behind “least agency” — the principle that ties together all five Governance patterns into one design discipline.

Where this row is developed

  • Manning bookDesigning AI Agents, Chapter 9 (Governance), all sections.
  • PaperHuang & Zhou (2026), §4.7-4.8 plus the “authority → governance” law in §5.