Purpose
The minimum gate between identity provisioning (M11) and build (M12). Confirms that everything upstream is done before the Builder opens an IDE. Stops the "let's just start coding" pattern that produces shadow AI by accident.
Short by design — 12 items, all binary. If any item is ❌, build is blocked until resolved.
- When you use it: Once per agent, between M11 and M12 in the In Action roadmap.
- Who fills it: Agent Builder assembles evidence; CoE Lead signs.
- Time: 15 minutes if upstream work was done right; longer if items are missing.
- Output: Signed page in the registry entry.
Worked example (AP Accountant invoice reconciliation)
Agent: finance-invoice-recon v1.0
Pre-build check date: 2026-05-05
Builder: CoE Lead + Finance Champion (joint)
| # | Item | Status | Evidence |
|---|---|---|---|
| 1 | Approval signed at M8 | ✅ | Registry entry, approval block, dated 2026-04-22 — Mike Chen + Morteza Moradi |
| 2 | KPI + retirement criteria defined in registry | ✅ | Registry fields populated; KPI: 3 min → 30 sec, ≥ 95% accuracy; retirement criteria: §13 of Agent Card |
| 3 | Agent Card v1.0 written, all 13 sections complete | ✅ | github.com/acme/agents/finance-invoice-recon/AGENT_CARD.md |
| 4 | Security review signed (Medium+ tier) | ✅ | Template 05 threat model, signed 2026-05-02 by Pat Lee (CISO delegate) |
| 5 | Responsible-AI checklist signed (Medium+ tier) | ✅ | Template 04, signed 2026-05-02 by Morteza Moradi + John Smith |
| 6 | Agent identity provisioned in IdP | ✅ | agent-finance-invoice-recon exists in Microsoft Entra ID; service principal active |
| 7 | Credentials in approved secret manager | ✅ | AWS Secrets Manager paths: /agents/finance-invoice-recon/gmail-oauth, /netsuite-api-key, /anthropic-key |
| 8 | Least-privilege scopes verified | ✅ | Gmail OAuth scoped to one mailbox; NetSuite role AI-Recon-Reader (PO read only); Anthropic key with usage quota |
| 9 | Emergency revocation procedure documented + tested | ✅ | Agent Card §8; 60-second drill passed 2026-04-25 |
| 10 | Dev environment ready in approved orchestrator | ✅ | n8n dev workspace dev.n8n.acme.com, workspace finance-invoice-recon created |
| 11 | Observability platform wired up (smoke test) | ✅ | LangSmith project finance-invoice-recon-dev created; smoke test trace verified 2026-05-04 |
| 12 | Source repo created with Agent Card as the first commit | ✅ | github.com/acme/agents/finance-invoice-recon, branch protections active, 2-reviewer PR rule |
Sign-off
| Role | Name | Date | Signature |
|---|---|---|---|
| Agent Builder | Morteza Moradi + Mike Chen | 2026-05-05 | (signed) |
| AI CoE Lead | Morteza Moradi | 2026-05-05 | (signed) |
Decision: ✅ Cleared to start build (M12). Target pilot date: 2026-06-12.
Blank template (copy below for your agent)
# Pre-Build Checklist — [Agent Name]
**Agent ID:** [agent-dept-slug]
**Agent version:** [X.X]
**Tier:** [Low / Medium / High]
**Check date:** [YYYY-MM-DD]
**Builder:** [Name(s)]
| # | Item | Status | Evidence |
|---|---|---|---|
| 1 | Approval signed at M8 (Approve / Defer / Reject decision documented; KPI + retirement criteria defined) | [✅ / ❌] | [Link to registry approval block] |
| 2 | KPI + retirement criteria defined in registry | [✅ / ❌] | [Registry link or quote] |
| 3 | Agent Card v[X.X] written, all 13 sections complete (template 03) | [✅ / ❌] | [Source repo path] |
| 4 | Security review signed (Medium+ tier only — N/A for Low) | [✅ / ❌ / N/A] | [Template 05 link + signer + date] |
| 5 | Responsible-AI checklist signed (Medium+ tier only — N/A for Low) | [✅ / ❌ / N/A] | [Template 04 link + signer + date] |
| 6 | Agent identity provisioned in IdP (unique, named, attributable) | [✅ / ❌] | [IdP identity name + tenant] |
| 7 | Credentials in approved secret manager (no plaintext, no env vars in code) | [✅ / ❌] | [Secret manager paths] |
| 8 | Least-privilege scopes verified (no super-account; separate creds per system) | [✅ / ❌] | [Per-system scope confirmation] |
| 9 | Emergency revocation procedure documented + tested (60-second target) | [✅ / ❌] | [Procedure doc + test date + result] |
| 10 | Dev environment ready in approved orchestrator (NOT prod) | [✅ / ❌] | [Orchestrator instance + workspace] |
| 11 | Observability platform wired up (smoke test confirms traces flowing) | [✅ / ❌] | [Observability project name + smoke test trace link] |
| 12 | Source repo created with Agent Card as the first commit (branch protections active) | [✅ / ❌] | [Repo URL + branch protection settings] |
## Sign-off
| Role | Name | Date | Signature |
|---|---|---|---|
| Agent Builder | | | |
| AI CoE Lead | | | |
**Decision:** [✅ Cleared to start build (M12) / ❌ Blocked — see open items below]
## Open items (only if blocked)
| Item # | What's missing | Owner | Due date |
|---|---|---|---|
| | | | |
Per-item guidance
1. Approval signed at M8
Pass: Registry entry shows Status = Approved with signatures from the right approvers per tier (Low = CoE Lead; Medium = + Department Head; High = + Security + Legal).
Fail: Approval was verbal, in Slack, or implicit. Build cannot start.
2. KPI + retirement criteria defined
Pass: Registry fields populated with concrete numbers — target latency, target accuracy, retirement triggers. Not "we'll figure it out."
Fail: KPI is vague ("will save time"). Retirement criteria empty. Force re-approval at M8 before continuing.
3. Agent Card complete
Pass: All 13 sections in template 03 populated. Not "TODO." Not blank.
Fail: Sections missing. Builder must finish before this gate.
4. Security review (Medium+)
Pass: Template 05 (threat model) signed by Security with documented STRIDE walk + DLP plan + red-team scenarios.
N/A: Low tier — CoE Lead may waive at their discretion. Document the waiver.
5. Responsible-AI checklist (Medium+)
Pass: Template 04 signed by CoE Lead + Legal. All 10 items have a status (✅ / ⚠️ / ❌ / N/A).
N/A: Low tier — CoE Lead may waive. Document.
6. Agent identity in IdP
Pass: Unique service principal / agent identity created in the existing IdP (Okta / Entra / Workspace SSO). Named per convention. Attributable in audit logs.
Fail: Agent will use a shared service account, or no identity yet exists.
7. Credentials in approved secret manager
Pass: All credentials (API keys, OAuth tokens) stored in the approved secret manager from A4. None in source code. None in environment variables on the orchestrator host.
Fail: Credentials anywhere else. Don't proceed.
8. Least-privilege scopes verified
Pass: Each credential has the minimum permissions the Agent Card §6 specifies. Verified via a test call that confirms broader access fails.
Fail: Credentials over-permissioned. Tighten scopes before continuing.
9. Emergency revocation tested
Pass: Procedure written in Agent Card §8 has been executed end-to-end in a drill within the past 30 days. Target: 60-second revocation.
Fail: Procedure documented but never tested. Run the drill before build.
10. Dev environment ready
Pass: Dev instance / workspace in the approved orchestrator exists, with dev-scoped credentials (different from prod). Connected to a sandboxed version of any downstream system.
Fail: Builder will work in prod, or in a shared dev that lacks isolation.
11. Observability wired up
Pass: Observability platform project created. A smoke-test execution has been captured — proof that traces are flowing. Cost dashboard exists.
Fail: "We'll add logging later." Never works. Block.
12. Source repo + branch protections
Pass: Repo exists in approved source control. Agent Card committed. Branch protection requires PR review (2 reviewers, status checks). No direct push to main.
Fail: Builder will edit prompts directly in the orchestrator UI. Block.
Usage notes
- Binary by design. Every item is ✅ or ❌. If you're tempted to mark "partial," it's ❌. Fix it.
- Low tier waivers must be documented. Items 4 and 5 may be waived for Low tier. Write the waiver: "Tier Low, CoE Lead waives template 04 review per framework §10.1."
- Items 6–9 (identity, credentials, scopes, revocation) are the security perimeter. Don't compromise. Even Low tier should have a unique identity.
- Item 11 is the "we'll add logging later" tripwire. Skip it now and you'll never have it.
- Time to complete the checklist is a signal. If it takes > 30 minutes, upstream gates were rushed. Reflect, don't power through.
Common pitfalls
| Pitfall | What it looks like | Fix |
|---|---|---|
| KPI is "will save time" | No numbers | Force a real number — even rough — before build |
| Credentials in code | API key in a config file in the repo | Move to secret manager; rewrite git history if it was ever committed |
| Shared service account | One identity used by 3 agents | Provision a unique identity per agent. No exceptions. |
| Revocation never tested | "We have a kill switch" with no drill | Run the drill before this gate. 15 minutes. Worth it. |
| Builder editing in prod | "It's faster" | Block. Real engineering hygiene. |
| Repo has no branch protection | Direct push to main allowed | Configure branch protection rules + 2-reviewer PR rule before continuing |
Framework cross-references
framework.md§11.2 (per-agent lifecycle gates)framework.md§14 (Agent Card spec — Item 3)framework.md§17 (privileged identities — Items 6–9)framework.md§19 + §20 + §21 (guardrails + controls + signals — referenced by the build that follows)framework.md§24 (observability — Item 11)workflows.mdStep 5 → Step 8 transition (the gates between Card and Build)workflows.html→ In Action view → node M11 → M12 transition