Total agent actions
9
Actions evaluated by policy
Governance dashboard
Enterprise policy enforcement
Every repair recommendation is evaluated against enterprise policy. Actions are approved, flagged for human review, or blocked before execution.
Auto-approved
4
Safe for autonomous execution
Human review required
4
Escalated for team decision
Blocked by policy
0
Prevented from execution
Overall risk score
45/100
Average across all findings
Policy violations
4
Findings exceeding risk threshold
Audit trail entries
9
Full decision provenance recorded
Policy decisions
Each repair recommendation evaluated against enterprise governance policy.
Bloated Docker image
Low risk with no policy violations. Safe for autonomous execution.
Auto-approved
Unused dependencies in runtime package
Low risk with no policy violations. Safe for autonomous execution.
Auto-approved
Redundant CI/CD jobs repeat the same work
Low risk with no policy violations. Safe for autonomous execution.
Auto-approved
Over-provisioned cloud service tier
Elevated risk or policy flag requires human review before execution.
Human review required
Idle scheduled workloads stay warm all day
Low risk with no policy violations. Safe for autonomous execution.
Auto-approved
Excessive duplicate AI model calls
Elevated risk or policy flag requires human review before execution.
Human review required
Missing cache for high-volume API reads
Elevated risk or policy flag requires human review before execution.
Human review required
Duplicate API endpoint and transform function
Elevated risk or policy flag requires human review before execution.
Human review required
Security inspections
Detected security and governance concerns across the audit context.
Possible secret in environment file
HighCredential Exposure
Detected a pattern resembling an API key in .env.production that may be committed to version control.
Recommendation: Rotate the key, move to a secrets manager, and add .env.production to .gitignore.
Unsafe shell command in CI workflow
MediumCommand Injection
CI step interpolates an unescaped variable into a shell command, creating injection risk.
Recommendation: Use environment variable binding instead of inline interpolation.
Excessive permission in cloud IAM role
HighOver-Privilege
Service account has AdministratorAccess instead of least-privilege scoped to required APIs.
Recommendation: Replace with a scoped policy covering only the required S3 and ECS actions.
Unclear agent intent in repair suggestion
MediumAgent Governance
A repair suggestion could be interpreted as modifying production data without explicit scope declaration.
Recommendation: Require declared intent and scope before allowing execution.
Paid API call requires budget verification
LowBudget Control
Agent attempted to call a premium API; budget verification intercepted and approved within limits.
Recommendation: Continue enforcing budget gates for all paid external calls.
Production resource change requires approval
HighChange Control
Right-sizing recommendation targets production compute. Change requires approval workflow.
Recommendation: Route to infrastructure owner for canary verification before execution.
Policy Inspection Layer
Integration-ready architecture compatible with deep prompt inspection approaches (e.g. Lobster Trap-style governance):
- Prompt injection detection
- Credential and PII detection
- Policy enforcement at agent boundary
- Declared vs detected intent checking
- Allow / deny / human review actions
- Full audit log with decision provenance
Mock policy inspection — integration-ready architecture
Audit trail
Chronological record of all agent actions and governance decisions.
| Agent | Action | Decision |
|---|---|---|
| Crack Finder Agent | Detected 6 software cracks across build, dependency, API, and code paths. | Auto-approved |
| Cloud Waste Agent | Identified $620/month of cloud and infrastructure waste. | Auto-approved |
| Carbon Accountant Agent | Estimated 92 kgCO2e/month of avoidable digital carbon waste. | Auto-approved |
| Repair Planner Agent | 2 quick wins, 5 medium-term repairs, and 1 approval-gated repairs. | Human review required |
| Risk Verifier Agent | Risk gates prepared for Bloated SaaS backend: 4 low, 4 medium, 0 high-risk repairs. | Auto-approved |
| X402 Payment Agent | Approved a $3.50 specialist Carbon Intensity API call within a $12.00 agent budget. | Human review required |
| Governance Policy Agent | Policy review complete: 4 auto-approved, 4 require human review, 0 blocked. | Human review required |
| Security Inspection Agent | Detected 6 security concerns (3 high severity) across the audit context. | Human review required |
| Impact Report Agent | Prepared report showing $20,040 annual savings and a Kintsugi Score lift from 54 to 84. | Auto-approved |