Skip to main content
COMPEL Body of Knowledge

Agent Governance

Specialized governance for autonomous and semi-autonomous AI agents — from advisory assistants to fully autonomous systems.

Autonomy Tiers

T1

Rule-Based

HITL: none

Deterministic agents operating on fixed rules and decision trees with no learning capability. Outputs are fully predictable given the same inputs. These systems execute pre-programmed logic without adaptation or generalization.

Details

Characteristics

  • - Deterministic behavior — same input always produces same output
  • - No machine learning or model inference
  • - Fixed decision rules defined at design time
  • - No capacity for self-modification or learning
  • - Behavior fully specified in code or configuration

Monitoring Requirements

  • - Input/output logging for all interactions
  • - Rule-match audit trail
  • - Weekly compliance review

Tool Access

Read-only APIs, Pre-approved query templates

Kill Switch

Type: infrastructure | SLA: Less than 30 seconds | Test: Annual

T2

Supervised

HITL: approval all

AI agents that can propose actions and generate outputs using machine learning, but require explicit human approval before any action is executed. Every decision passes through a human gate before taking effect.

Details

Characteristics

  • - ML/AI-powered reasoning and recommendation
  • - All actions require explicit human approval before execution
  • - Human reviewer sees full context for every decision
  • - Agent cannot bypass the approval queue
  • - Learning from human feedback on approvals and rejections

Monitoring Requirements

  • - Full input/output logging
  • - Recommendation-vs-approval tracking
  • - Drift detection on recommendation patterns
  • - Monthly accuracy review

Tool Access

Read-only APIs, Draft-mode write APIs (staged, not committed), Approved search tools

Kill Switch

Type: application | SLA: Less than 60 seconds for new proposals to stop | Test: Semi-annual

T3

Semi-Autonomous

HITL: approval high risk

AI agents authorized to execute low and medium-risk actions independently, but requiring human approval for high-risk actions. Risk classification determines which actions need human gates and which proceed autonomously.

Details

Characteristics

  • - Autonomous execution of pre-classified low/medium-risk actions
  • - Human approval required for high-risk and novel actions
  • - Risk classification engine determines action routing
  • - Can learn and adapt within approved operational boundaries
  • - Self-monitoring with automated anomaly detection

Monitoring Requirements

  • - Real-time action logging with risk scoring
  • - Behavioral drift detection (weekly analysis)
  • - Outcome tracking for autonomous decisions
  • - Bi-weekly human review of autonomous action sample
  • - Anomaly detection on action patterns

Tool Access

Read/write APIs for approved domains, Internal communication tools, Approved external integrations

Kill Switch

Type: both | SLA: Less than 30 seconds for autonomous action cessation | Test: Quarterly

T4

Autonomous

HITL: post hoc review

AI agents that operate independently across their full scope with post-hoc human review and intervention on exception. Humans review outputs and outcomes rather than approving individual actions, intervening only when anomalies or policy violations are detected.

Details

Characteristics

  • - Full autonomous operation within defined scope
  • - Post-hoc review of actions and outcomes
  • - Human intervention on exception or anomaly detection
  • - Self-healing and adaptive behavior within policy bounds
  • - Continuous learning from operational outcomes
  • - Inter-agent coordination capability

Monitoring Requirements

  • - Continuous real-time monitoring with automated alerting
  • - Behavioral boundary enforcement
  • - Decision explainability logs for all actions
  • - Daily automated compliance checks
  • - Weekly human review of flagged decisions
  • - Outcome effectiveness tracking
  • - Resource consumption monitoring

Tool Access

Broad API access within policy bounds, External service integrations, Workflow orchestration tools, Approved code execution environments

Kill Switch

Type: both | SLA: Tier 1: less than 10 seconds. Tier 2: less than 30 seconds. Tier 3: less than 60 seconds. | Test: Monthly (automated), Quarterly (full manual exercise)

T5

Fully Autonomous

HITL: exception only

Self-directing AI agents that operate within policy bounds with minimal human oversight. These agents can set sub-goals, coordinate with other agents, and adapt their strategies based on outcomes. Human oversight focuses on policy setting and strategic direction rather than operational review.

Details

Characteristics

  • - Self-directing within defined policy framework
  • - Goal decomposition and sub-goal generation
  • - Strategic adaptation based on outcome learning
  • - Multi-agent orchestration capability
  • - Self-monitoring and self-correction
  • - Policy interpretation and edge case reasoning
  • - Resource allocation and prioritization autonomy

Monitoring Requirements

  • - Continuous multi-dimensional monitoring (performance, safety, compliance, fairness)
  • - Automated behavioral boundary enforcement with real-time correction
  • - Decision audit trail with full explainability
  • - Continuous drift detection and auto-correction
  • - Cross-agent interaction monitoring
  • - Impact assessment for all significant decisions
  • - Real-time compliance validation against regulatory requirements
  • - Resource and cost optimization tracking

Tool Access

Full API access within policy envelope, Self-provisioning of approved resources, Inter-agent communication, External service orchestration

Kill Switch

Type: both | SLA: Tier 1 (constrain): less than 5 seconds. Tier 2 (supervised mode): less than 15 seconds. Tier 3 (full halt): less than 30 seconds. Tier 4 (emergency termination): less than 60 seconds. | Test: Bi-weekly (automated constraint testing), Monthly (full exercise)

Agent Risk Matrix

Risk tier is determined by the intersection of impact level and autonomy tier.

Impact \ Autonomy T1 T2 T3 T4 T5
Negligible low low low medium medium
Minor low low medium medium high
Moderate low medium medium high high
Major medium medium high high critical
Catastrophic medium high high critical critical

Policy Templates

Agent Deployment Policy

Governs when and how an agentic AI system may be deployed to production, including pre-deployment gates, approval authority, and rollback procedures.

Applicable tiers: T1 T2 T3 T4 T5

Agent Access Control Policy

Defines what tools, data, and systems an agent may access, how access is granted and revoked, and how access decisions are audited.

Applicable tiers: T1 T2 T3 T4 T5

Agent Monitoring Policy

Establishes continuous monitoring requirements for agentic systems scaled by autonomy tier, ensuring operational visibility and governance auditability.

Applicable tiers: T2 T3 T4 T5

Agent Incident Response Policy

Defines procedures for detecting, containing, investigating, and remediating incidents involving agentic AI systems, with escalation paths scaled to tier and severity.

Applicable tiers: T1 T2 T3 T4 T5

Testing Requirements by Tier

Tier Pre-Deployment Ongoing Frequency Min Coverage
T1 Functional testing against all defined rules; Input validation testing (malformed, unexpected, adversarial inputs); Integration testing with connected systems Regression testing on rule changes; Quarterly functional review On every rule change + quarterly 100% rule coverage, 90% input variation coverage
T2 Scenario-based testing with realistic data; Recommendation quality benchmarking (precision, recall, F1); Edge case testing for domain-specific risks; Bias testing on recommendation outputs; Integration testing with approval workflows Monthly recommendation accuracy review; Quarterly bias re-assessment; Regression testing on model updates On every model update + monthly accuracy review 95% scenario coverage, bias metrics within acceptable ranges
T3 Adversarial testing for boundary conditions; Red-team exercises (internal); Regression testing on all autonomous action categories; Stress testing under production-like load; Escalation path testing (verify all escalation rules trigger correctly); Kill switch testing Quarterly red-team exercises; Bi-weekly autonomous decision sampling; Monthly boundary condition re-testing; Drift detection validation On every capability change + quarterly red-team + bi-weekly sampling 95% action category coverage, 100% escalation rule coverage, all kill switches verified
T4 Continuous adversarial testing suite; Monthly red-team exercises (internal + external); Chaos engineering for resilience validation; Full regression suite on every policy update; Production shadow testing for new capabilities; Multi-scenario stress testing; Cross-system impact analysis Continuous adversarial simulation; Weekly automated regression; Monthly external red-team; Quarterly third-party security assessment Continuous + weekly automated + monthly red-team 98% action coverage, 100% policy boundary coverage, resilience validated under 3x peak load
T5 Continuous adversarial simulation in shadow environment; Weekly automated red-team runs; Monthly external penetration testing; Quarterly third-party audit; Full chaos engineering program; Multi-agent interaction testing; Self-modification boundary testing; Regulatory compliance validation suite Continuous shadow environment testing; Weekly automated red-team; Monthly external penetration testing; Quarterly third-party audit; Continuous behavioral boundary monitoring Continuous + weekly red-team + monthly external testing + quarterly audit 99% action coverage, 100% policy boundary coverage, all multi-agent interactions tested, regulatory compliance validated