Agentic AI Atlasby a5c.ai
/
GitHubDocsDiscord
iiRecord
Agentic AI Atlas · Governance
layer:14-governancea5c.ai
II.
Layer JSON

layer:14-governance

Structured · live

Governance json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · stack-layers/layers/layer-14-governance.yamlCluster · stack-layers
Record JSON
{
  "id": "layer:14-governance",
  "_kind": "Layer",
  "_file": "stack-layers/layers/layer-14-governance.yaml",
  "_cluster": "stack-layers",
  "attributes": {
    "displayName": "Governance",
    "position": 14,
    "path": "governance",
    "scope": "Policy, risk, auditability, compliance, approval, accountability, and evidence controls for agentic systems and their plugins/tools.",
    "summary": "The governance layer defines and implements the controls that make agentic\nsystems accountable: policy evaluation, risk mapping, compliance alignment,\naudit evidence, approval rules, plugin governance, tool governance,\nretention, incident response, and measurable assurance. It maps standards\nsuch as NIST AI RMF-style govern/map/measure/manage loops and agentic risk\ntaxonomies such as memory poisoning, tool misuse, goal hijacking, privilege\nabuse, rogue agents, and cascading failures into concrete implementation\ncomponents.\n\nGovernance is intentionally separate from runtime safety checks and UI\napprovals. Runtime, sandbox, orchestration, memory, and platform layers may\nenforce governance controls, but this layer owns the policies, evidence, and\naccountable implementation components.\n",
    "responsibilities": [
      "Define and enforce policy, risk, compliance, and audit controls.",
      "Govern plugin installation, plugin-generated hooks, tool dispatch, and permission gates.",
      "Record evidence for approvals, denied actions, effect replay, validation, and completion proof.",
      "Map memory, orchestration, sandbox, and platform behavior to risk mitigations.",
      "Support adversarial review, scoring, incident response, and continuous improvement loops."
    ],
    "examples": [
      "NIST AI RMF-style govern/map/measure/manage controls for agentic systems.",
      "OWASP agentic-risk mitigations for goal hijacking, memory poisoning, tool misuse, and cascading failures.",
      "Babysitter plugin governance, hooks-mux merge policies, permission gates, and policy-controlled task effects.",
      "Audit trails, evidence registers, compliance frameworks, secret-handling policies, and review gates."
    ],
    "fitNotes": "Use this layer for controls and accountability. The same control can be\nenforced by runtime, platform, orchestration, or plugin components, but the\ngovernance layer records why the control exists, what it mitigates, and how\nevidence is produced.\n"
  },
  "outgoingEdges": [],
  "incomingEdges": [
    {
      "from": "agent-governance-impl:babysitter-plugin.governance@current",
      "to": "layer:14-governance",
      "kind": "realizes",
      "attributes": {}
    },
    {
      "from": "agent-governance-impl:babysitter-sdk-tool.governance@current",
      "to": "layer:14-governance",
      "kind": "realizes",
      "attributes": {}
    },
    {
      "from": "agent-governance-impl:krate-policy-resources@current",
      "to": "layer:14-governance",
      "kind": "realizes"
    },
    {
      "from": "plugin:babysitter-platform-plugin",
      "to": "layer:14-governance",
      "kind": "realizes",
      "attributes": {}
    },
    {
      "from": "plugin:babysitter-codex",
      "to": "layer:14-governance",
      "kind": "realizes",
      "attributes": {}
    },
    {
      "from": "plugin:babysitter-claude",
      "to": "layer:14-governance",
      "kind": "realizes",
      "attributes": {}
    },
    {
      "from": "tool-descriptor:babysitter-sdk-process-api",
      "to": "layer:14-governance",
      "kind": "realizes",
      "attributes": {}
    }
  ]
}