[RFC] TealTiger v1.3 — Autonomous Agent Governance (Modes, NHI, Safety Rails, Identity)

[nagasatish007]

[RFC] TealTiger v1.3 — Autonomous Agent Governance (Modes, NHI, Safety Rails, Identity)

Status: OPEN FOR FEEDBACK
Covers: Requirements 1, 2, 4, 19
Target audience: Platform engineers, security architects, anyone deploying autonomous agents

---

Summary

As AI agents gain autonomy (tool access, memory persistence, multi-step execution), governance needs to operate at machine speed for low-risk actions while maintaining hard stops for high-risk ones. This group covers how TealTiger governs agent autonomy, identity, and safety boundaries.

---

Proposed Capabilities

Automation Levels (Req 1)

• Each policy rule gets an automation_level: auto_allow, auto_deny, auto_sanitize, or approval_required
• Low-risk actions proceed at machine speed without human intervention
• High-risk actions block until external approval is received
• Policy bundles can be hot-swapped at runtime without process restart

Non-Human Identity Governance (Req 2)

• AI agents treated as principals with identity, ownership, capability scope, and environment constraints
• Agent permissions are auditable and revocable (active → suspended → revoked)
• Environment restrictions (production/staging/dev) enforced per agent identity
• Actions outside declared capability scope are denied with explicit reason codes

High-Impact Safety Rails (Req 4)

• PLAN_ONLY mode: agent can reason and plan, but all side-effecting actions are blocked
• FREEZE rules: immutable controls that cannot be overridden by agent output, policy hot-swap, or configuration change
• High-impact action categories (database writes, infra mutations, production deploys, secrets reveal, code merges to protected branches) require explicit approval
• FREEZE rules persist across restarts and cannot be tampered with

Agent Identity Integrity & Zero Standing Privilege (Req 19)

• Agent identity verified via signed attestations or hardware-bound tokens
• Zero Standing Privilege mode: no agent has permanent access to tools/resources
• All access is Just-In-Time (JIT) granted per session/request with explicit expiry
• Expired grants are denied immediately

---

Questions for the Community

1. Automation levels — Do the four levels (auto_allow, auto_deny, auto_sanitize, approval_required) cover your use cases? Is there a fifth level you'd need?

2. NHI governance — How do you currently track which AI agents have access to what? Is there an existing identity system you'd want TealTiger to integrate with (SPIFFE, cloud IAM, custom)?

3. FREEZE rules — What actions would you FREEZE in your environment? Are there scenarios where even FREEZE should have an emergency override (break-glass)?

4. Zero Standing Privilege — Is JIT access practical for your agent workflows, or would it create too much latency? What's an acceptable grant TTL for your use case?

5. Missing capabilities — Is there an autonomy governance problem you're hitting that isn't covered above?

---

How to Give Feedback

• Comment below with thoughts, concerns, or use cases
• React with 👍 on capabilities you'd use
• React with 🤔 on capabilities that seem unclear
• React with 👎 on capabilities you think are wrong

---

Full Spec Reference

See Requirements 1, 2, 4, and 19 in the complete specification