Pelajaran 2 / 3
The four controls on every AI action
Governance here is not a single switch. Four controls stack on each action, and each one bounds something different. Key points:
- Human-in-the-loop approval. Actions you mark sensitive pause and wait for a person. The agent proposes, the action collects in an approval inbox with the context behind it, and a reviewer approves or rejects. Nothing irreversible runs unattended.
- Per-tool authorisation. Before any tool runs, it is checked against an OPA policy bound to that agent. A call with no matching allow rule is denied, not waved through. The rules ship as code you version and test, so what an agent may do is reviewable in a pull request, not buried in a prompt.
- Scoped per-agent credentials. Each agent gets its own credentials for the tools it uses, held in a dedicated secrets store. The agent works with a reference, not a plaintext key, so one compromised agent does not become access to everything.
- Per-tenant budget caps. Every call records its tokens and cost, attributed to the tenant and the caller. That is what lets you set budgets and gate runaway usage instead of reconciling a surprise bill at month end.