Agent Governance Architecture

Consistent governance across digital (IT) and physical (OT) environments — same pipeline discipline, different risk surfaces. Agents work. Pipelines move code. UAT validates. Humans approve.

CI/CD Pipeline  ·  Azure DevOps  ·  GitHub Actions  ·  GitLab

The only thing allowed to move code between environments. Build agents authenticate via short-lived OIDC tokens scoped per job — no long-lived secrets in pipeline config.

promotes ↓

Dev

Per-developer cluster

Dev agent

Dev token

Dev secrets

Auto gate
CI checks

→

QA

Isolated test cluster

QA agent

QA token

QA secrets

Auto gate
Tests + approvals

→

Staging

Prod-shaped, not prod

Staging agent

Staging token

Staging secrets

HARD
human gate
Both UAT signoffs

→

Production

Locked-down cluster

Release manager agent

Prod token only

Prod secrets sealed

snapshots
only →

Backups

Different building

Off-cluster, immutable

Separate credentials

No agent reach

IT UAT  ·  Synthetic persona agents validate digital business workflows

Each agent acts a real-world business role. Runs end-to-end workflows. Sign-off required from each before Production promotion.

AR clerk agent

Receivables flow

AP clerk agent

Payables flow

Inventory agent

Stock movements

Support agent

Customer journey

+ More IT roles

Per business case

OT UAT  ·  Synthetic persona agents validate physical processes and safety

Each agent acts a real-world plant role. Runs equipment behavior, interlocks, calibration. Sign-off required from each before Production promotion.

Motor test agent

VFD response, current

Line operator agent

Production cycle

Safety interlock agent

E-stop, door, sensor

Sensor calibration agent

Range, drift checks

Maintenance tech agent

CMMS, LOTO flow

Observer agent  ·  watches every other agent (IT and OT)

Reads logs only — never holds an environment token. Flags drift, unusual prompts, suspicious tool calls, anomalous PLC writes.

Audit trail  ·  every agent action, signed and timestamped

Every prompt. Every tool call. Every IT and OT UAT sign-off. Every promotion. Every approval. Tamper-evident. Replayable.

Governance layer  ·  sets the rules the workers operate under

No environment token. No deploy access. Their power is policy, not execution.

Architect agent

IT/OT boundaries.
ADR enforcement.

Security agent (CISO)

IT scopes. OT zones.
IEC 62443 alignment.

Scrum master agent

Tracks intent. Surfaces
blockers. No code rights.

Compliance agent

SOC2 · ISO · OSHA
checks against audit trail.