for AI Agents
Touching Production Systems
Governing the Shift from Automation to Autonomy. A set of guiding principles for AI agents operating in production systems.
We are standing at the edge of the Probabilistic Era.
For the last twenty years, professional automation was built on the foundation of Determinism. In Infrastructure, we used Ansible and Terraform. In Finance, we built rigid algorithms. If a system broke, it was a bug in the logic. The liability was static.
The Shift
Today, we are handing control to systems that do not follow instructions, they interpret intent.
AI Agents are not scripts. They are probabilistic operators. They reason, plan, and execute. While this promises exponential velocity, it introduces a new, existential risk: Stochastic Liability.
To build a future where autonomous agents can be trusted with critical systems, we adhere to the following principles:
01
The Principle of Separation
Reasoning must be separate from action.
Intent must be decoupled from Execution. An agent must never be granted the authority to ‘think and act’ in a single, opaque atomic step. Just as Terraform separated Plan from Apply, Agentic workflows must separate Reasoning from Action.
02
The Principle of Provenance
Every output must carry its creation story.
Output without history is contraband. In a probabilistic workflow, the final artifact is meaningless without the context of its creation. We require a cryptographic link between the agent’s identity, the input context, the model used, and the final output.
03
The Principle of External Sovereignty
Safety guardrails must exist outside the agent’s cognitive loop. We cannot rely on an LLM to ‘promise’ it checked for security. Policy must be deterministic code, executed by a neutral orchestrator.
04
The Principle of Immutable Evidence
Logs must be proofs, not just text.
In the event of failure, a simple text log is insufficient. Autonomous systems require a chain of custody that is mathematically non-repudiable. Every decision and state change must be signed and sealed.
05
The Principle of Ephemeral Identity
Static keys are a failure of architecture.
Autonomous agents are transient processes. They should not hold long-lived credentials. Identity must be ephemeral, issued only for the duration of a specific task, and cryptographically bound to the workload.
06
The Principle of Capability Isolation
Agent Rule of Two *
Agents must not simultaneously process untrusted input, access sensitive systems, and perform state-changing operations. If such combinations are unavoidable, external supervision is mandatory.
Support on GitHub
We believe that the shift from Automation to Autonomy requires rethinking how we build and maintain trust. This means embracing systems that prioritize Verification over Vibes and Safety over Speed.
If these principles resonate with you, you can support the work by starring the repository or joining the discussion on GitHub.