DECISION OS
FOR AGENT
COMPANIES

control: Blocks implementation when API, UI fields, DB columns, and acceptance criteria disagree.

analyzer: Deterministic schema diff first, LLM review only for ambiguous requirement language.

envelope: May block implementation and draft spec diffs; may not approve scope changes.

coverage: Flags new API, DB, or screen files that lack a spec-contract episode.

first slice: Generate a schema-to-screen diff for product specs before agent work starts.

control: Quarantines prompts that lack prohibited actions, output format, evidence rules, or gate policy.

analyzer: Rule-based prompt checklist with memory lookup for prior prompt failures.

envelope: May quarantine prompts and propose edits; core authority prompts require reviewer approval.

coverage: Detects production prompts without output format, forbidden actions, or evaluation criteria.

first slice: Score production prompts for format, authority boundary, and evaluation coverage.

control: Stops an agent before it reads customer data outside its contract, role, or approval state.

analyzer: Deterministic tenant and role policy evaluation before any LLM reasoning.

envelope: May deny or request approval; may not expand customer-data access grants.

coverage: Finds data retrieval paths without tenant, PII, and permission preflight checks.

first slice: Attach a preflight decision to every customer-data retrieval and exported artifact.

control: Routes public, financial, destructive, or production actions to human approval before execution.

analyzer: Structured action taxonomy with confidence threshold and human fallback.

envelope: May draft outbound actions; public, financial, destructive, and deploy actions require approval.

coverage: Reports external side-effect commands not covered by action preflight policy.

first slice: Gate outbound email, invoice issue, GitHub PR creation, and deploy commands with one policy matrix.

control: Detects drift during execution and changes route, model, retrieval scope, or escalation state.

analyzer: Metric thresholds plus failure-taxonomy classifier backed by similar runtime episodes.

envelope: May reroute, degrade, retry, or escalate; may not change authority policy while running.

coverage: Finds agent runs missing cost, retrieval, gate, and correction telemetry.

first slice: Normalize every agent run into a runtime episode with cost, retrieval, gate, and correction signals.

control: Falls back to text, pauses tool execution, or escalates when voice state becomes unstable.

analyzer: Deterministic audio-state checks with LLM review for semantic or emotion mismatch.

envelope: May pause voice execution or switch channels; may not execute irreversible customer actions.

coverage: Flags voice flows without turn continuity, TTS completion, and fallback telemetry.

first slice: Score each voice turn for recognition continuity, TTS completion, and unsafe action pressure.

control: Returns generated artifacts for repair when evidence, numbers, deadline, or owner is missing.

analyzer: Structured source comparison first, LLM panel only for semantic support checks.

envelope: May return artifacts for repair; may not send customer-visible artifacts automatically.

coverage: Finds generated artifacts without source episode, owner, or review outcome.

first slice: Review proposal, SOW, estimate, and meeting-minute artifacts against their source episode.

control: Switches provider, narrows retrieval, downgrades autonomy, or regenerates queries from live signals.

analyzer: Scorecard slope and provider error analysis before model-choice LLM reasoning.

envelope: May switch models within approved tiers; budget or provider-policy changes require approval.

coverage: Detects model routes without confidence, cost, retry, and provider-failure records.

first slice: Add dynamic routing decisions to failed RAG and low-confidence answer episodes.

control: Creates scoped repair PRs, reruns failed jobs, and quarantines flaky harness paths.

analyzer: Log-signature classifier, deterministic changed-file mapping, then LLM patch planning.

envelope: May create scoped repair PRs; may not merge, deploy, or weaken required checks.

coverage: Finds CI checks, harness jobs, and changed surfaces missing repair coverage.

first slice: Convert CI failures into repair scope, candidate files, validation commands, and PR body.

control: Turns organizational anomalies into owner alerts, follow-up tasks, policy reviews, or repair workflows.

analyzer: Business-rule anomaly detection with memory lookup for repeated operating patterns.

envelope: May create tasks and escalation briefs; may not alter contracts, invoices, or staffing authority.

coverage: Finds business processes without event source, owner, SLA, or escalation route.

first slice: Connect CRM, contract, invoice, recruiting, and support events into one operating scorecard.

control: Blocks write paths when connector schema, auth, or idempotency state is unsafe and creates bounded repair work for the owning integration.

analyzer: Connector telemetry and contract snapshots are compared first, then ambiguous partial-sync cases are routed to LLM-assisted impact analysis.

envelope: May pause connector writes, degrade to read-only, or open repair tasks; may not rotate credentials or expand third-party scopes.

coverage: Flags integrations that lack schema snapshots, retry policy, auth expiry telemetry, or partial-write reconciliation.

first slice: Attach runtime contract checks to Salesforce, freee, Google Calendar, and storage sync episodes.

control: Converts slow or unstable approval paths into owner alerts, queue reshaping proposals, and gate-policy repair tickets.

analyzer: SLA and queue metrics are inspected deterministically before LLM review summarizes why approvals are delayed or repeatedly reversed.

envelope: May recommend reviewer reassignment, SLA changes, or gate copy updates; may not bypass approval or approve work on behalf of humans.

coverage: Finds human gates without explicit SLA, reviewer owner, escalation route, reversal tracking, or stale-approval handling.

first slice: Score finance, audit, deploy, and outbound customer approval gates for wait time and reversal patterns.

control: Stages learning-store writes until source evidence, retention class, contradiction status, and rollback path are attached.

analyzer: Structured provenance checks and retention rules run before semantic contradiction review decides whether a memory write is safe.

envelope: May stage or reject memory writes and request reviewer rationale; may not permanently mutate shared memory without source evidence.

coverage: Detects memory-writing agents without provenance, retention class, reviewer route, rollback key, or contradiction scan.

first slice: Gate CI repair, workflow repair, and customer-operations memory writes with provenance and contradiction checks.

control: Stops rollout and produces a rollback or flag-disable proposal when canary metrics exceed the approved blast-radius envelope.

analyzer: Deployment metrics, smoke probes, and flag diffs are checked first, with LLM analysis limited to summarizing blast-radius evidence.

envelope: May disable feature flags, stop rollout, or open rollback PRs; may not promote canaries to full rollout without approval.

coverage: Finds deployable surfaces without canary probes, flag owner, rollback command, post-deploy observation, or customer-impact tier.

first slice: Add canary probes and rollback evidence to Auto-Dev repair PRs and Vercel preview promotion.

control: Turns backlog, SLA, renewal, and incident-communication gaps into routed owner work with draft evidence packs.

analyzer: Operational thresholds and account-health rules are evaluated first, then LLM review drafts customer-safe escalation summaries.

envelope: May create internal tasks and draft customer updates; may not send incident, renewal, or contractual messages without approval.

coverage: Flags customer operations flows without SLA owner, customer visibility tier, account-risk signal, or approved communication path.

first slice: Join support tickets, account health, renewal dates, and incident events into one customer-ops harness scorecard.

control: Blocks UI changes when route ownership, hydration boundaries, metadata, or user-visible fallback behavior is incomplete.

analyzer: Static route and component inspection checks client directives, async boundaries, metadata, and empty-state contracts before visual review.

envelope: May block component changes and propose boundary fixes; may not convert server components to client components without owner approval.

coverage: Flags new pages, layouts, or interactive components without render contract, loading state, empty state, or ownership evidence.

first slice: Run render-contract checks on product pages, dashboard panels, and experimental surfaces added in each PR.

control: Stops pages from shipping when English and Japanese content, route availability, or mobile layout behavior diverge.

analyzer: Message-key diffs and viewport constraints are evaluated deterministically before visual checks review overflow or layout regressions.

envelope: May block release and propose copy or layout fixes; may not change product messaging intent without content owner review.

coverage: Finds locale-aware pages without message parity, mobile viewport coverage, overflow checks, or translated route validation.

first slice: Attach locale parity and mobile text-fit checks to blog, product, dashboard, and experimental pages.

control: Blocks market-facing visual acceptance when a route scores below the richness threshold and queues a UI-agent repair plan.

analyzer: Playwright captures first-viewport screenshots and deterministic DOM visual metrics, then emits scoped UI-agent repair tasks for low-scoring routes.

envelope: May draft visual improvement plans and low-risk UI patches; may not ship brand direction changes or remove governance evidence without review.

coverage: Finds public routes without enough primary visual asset density, color variety, layered surfaces, hierarchy, or screenshot evidence.

first slice: Score public routes above the fold and write screenshot-backed repair tasks for any page that feels visually underbuilt.

control: Returns UI surfaces for repair when keyboard navigation, focus management, contrast, labels, or visual rendering evidence is missing.

analyzer: Automated accessibility and screenshot checks run first, with LLM review only for ambiguous visual hierarchy or interaction clarity.

envelope: May return UI artifacts for repair; may not waive accessibility regressions on production paths without documented approval.

coverage: Flags interactive screens without keyboard path, contrast check, semantic labels, screenshot evidence, or canvas fallback verification.

first slice: Add postrun accessibility and screenshot review to dense dashboards, voice UI, and canvas-heavy experimental pages.

control: Blocks backend endpoints when request validation, response shape, error behavior, or governance coordinates are missing.

analyzer: Route-handler AST and schema checks validate methods, input parsing, status codes, and response shape before semantic contract review.

envelope: May block API route changes and draft schema repairs; may not alter public API semantics without product and backend approval.

coverage: Finds route handlers without input validation, typed response envelope, error taxonomy, MARIA coordinate, or test coverage.

first slice: Score new and modified app/api route handlers for validation, typed envelopes, and explicit error outcomes.

control: Stops frontend, API, and agent actions before they cross tenant, role, data, or tool authority boundaries.

analyzer: Deterministic session, tenant, role, and tool-scope policy evaluation runs before any request or agent action mutates state.

envelope: May deny requests, downgrade to read-only, or request approval; may not grant roles, tenants, or tool permissions.

coverage: Flags server actions, API routes, and agent tools without session checks, tenant filters, role policy, or permission envelope.

first slice: Attach auth preflight results to write APIs, customer-data reads, agent tools, and external action routes.

control: Stops DB changes when reversibility, tenant policy, data migration, index coverage, or test evidence is incomplete.

analyzer: Schema diff, migration operation, index coverage, and RLS policy checks run before reviewer-guided data-risk analysis.

envelope: May block migrations and draft reversible plans; may not apply destructive DB changes or relax RLS without explicit approval.

coverage: Finds schema changes without rollback, RLS impact, seed update, data backfill, index analysis, or integration-test plan.

first slice: Evaluate db/schema changes for destructive operations, RLS coverage, rollback path, and dependent API surfaces.

control: Detects live adapter drift and switches views to bounded fallback states while routing repair work to the provider owner.

analyzer: Runtime adapter telemetry and response-shape checks compare mock and live provider contracts before fallback behavior is adjusted.

envelope: May degrade to mock-safe or read-only mode and open adapter repair tasks; may not silently mix tenant data across providers.

coverage: Flags data providers without mock-live parity tests, timeout policy, fallback state, tenant filter, or response-shape contract.

first slice: Monitor dashboard and product data providers for mock-live parity, adapter timeout, and shape mismatch episodes.

control: Prevents duplicate or stale scheduled execution and routes missed ticks, queue backlogs, and lock failures to bounded recovery.

analyzer: Schedule, idempotency, lock, and backlog telemetry are checked first, then historical incident memory ranks likely repair paths.

envelope: May pause jobs, skip duplicate ticks, or enqueue repair tasks; may not replay side-effecting jobs without approval.

coverage: Finds cron and background workflows without idempotency key, stale-lock handling, backlog metrics, or replay policy.

first slice: Add runtime checks to Civilization daily advancement, intelligence scans, and automation harness jobs.

control: Blocks answer generation or downgrades confidence when retrieval freshness, source integrity, or citation coverage fails.

analyzer: Index timestamps, source hashes, retrieval hit rates, and citation coverage are checked before semantic answer support review.

envelope: May narrow retrieval, mark sources stale, or request reindex; may not publish unsupported answers or delete source corpora.

coverage: Flags ingestion and RAG paths without source hash, freshness SLA, retrieval metric, citation requirement, or reindex workflow.

first slice: Attach RAG freshness checks to FAQ, CPA, knowledge graph, and document-scanner answer episodes.

control: Stops or rewrites streamed output when partial content violates schema, authority, safety, or customer-visibility rules.

analyzer: Chunk-level schema, safety, and tool-call guards run during streaming before postrun review evaluates full artifact quality.

envelope: May stop streams, redact partial chunks, or fall back to safe summary; may not continue unsafe public output after a guard trip.

coverage: Finds streaming endpoints without chunk guard, abort policy, redaction path, final envelope validation, or audit trace.

first slice: Add chunk-level guards to audit chat, voice responses, workflow scans, and model-generated report streams.

control: Prevents blind autonomous execution by requiring traceable coordinates, redacted logs, owned metrics, and alert coverage.

analyzer: Trace coverage, coordinate presence, metric completeness, and PII log policy checks run before observability repair planning.

envelope: May add instrumentation tasks and block blind automation; may not expose sensitive logs or weaken retention policy.

coverage: Finds routes, jobs, agents, and UI workflows without trace ID, MARIA coordinate, metric owner, redaction, or alert rule.

first slice: Score new APIs, cron jobs, and agent workflows for trace coverage and coordinate completeness.

control: Creates scoped repair plans when user-critical flows fail through selector drift, visual regression, navigation, or data fixture mismatch.

analyzer: Playwright traces, screenshots, selector changes, and route diffs are classified before repair planning proposes the smallest UI or test fix.

envelope: May update scoped selectors, fixtures, and low-risk UI defects; may not delete user-critical assertions or weaken journey coverage.

coverage: Finds product-critical flows without E2E journey, screenshot baseline, responsive coverage, fixture owner, or failure fingerprint.

first slice: Attach E2E journey repair loops to booking, workflow scanner, audit office, and dashboard critical paths.

control: Detects stale, misrouted, or incorrectly cached responses and routes safe cache disablement or middleware repair proposals.

analyzer: Header, redirect, locale, and cache-control traces are checked deterministically before impact analysis reviews user-visible fallout.

envelope: May disable caching for affected routes or open middleware repair tasks; may not change global cache policy without approval.

coverage: Flags middleware and cached routes without cache-key policy, locale redirect tests, stale-content SLA, or header verification.

first slice: Monitor locale middleware, product pages, blog pages, and API cache headers for redirect and stale-content incidents.