The single document that defines an agent. Templated so every agent in the portfolio is described the same way.
Minimum sections:
- Identity — agent name, ID, owner, department, version.
- Purpose — the workflow it serves, the KPI it moves.
- Scope — what it will do and what it will explicitly not do.
- Risk tier + risk drivers — Low/Medium/High; PII / consequential / autonomous tags.
- Inputs / data sources — every system it reads from; data classification per source.
- Outputs / tool calls — every API or system it writes to; permission scope per call.
- Autonomy level — Assistive / Validated / Autonomous, with explicit thresholds for any autonomy.
- Identity & credentials — service principal / agent identity in the IdP; rotated how / when.
- HITL gates — where humans must approve, by rule.
- Failure modes & worst-case — what is the worst action this agent could take, and is that acceptable?
- Monitoring + alerts — what we watch, what triggers a page.
- Eval criteria — how we know it works; pre-prod test set.
- Retirement criteria — what would cause us to retire it.