Risk Assessment & Governance Tiers¶
Governance Tier is the public name for the ARS-derived default enforcement bucket used at runtime.
Field naming across surfaces
governance_tier is the canonical trace field on the wire.
governance_tiers is the canonical blueprint scope field.
Canonical Model¶
- ARS (Agent Risk Score) is the deployment-time risk assessment.
- Governance Tier is the default enforcement tier derived from ARS.
- Trust Debt is a runtime governance signal that can tighten handling immediately and trigger Governance Tier review or queued ARS reassessment.
Governance Tier values remain serialized as GT-0 through GT-5 in v1.0 alpha for wire stability.
Overview¶
| Governance Tier | ARS | Default Strictness | Typical Use Case | Latency |
|---|---|---|---|---|
| GT-0 | 0-2 | Minimal | Read-only bots, info retrieval | ~10ms typical, <50ms max |
| GT-1 | 3-4 | Light | Scripted agents, simple tasks | ~20ms typical, <100ms max |
| GT-2 | 5-7 | Standard | Customer service, moderate autonomy | ~50ms typical, <150ms max |
| GT-3 | 8-10 | Enhanced | Business processes, high autonomy | ~100ms typical, <200ms max |
| GT-4 | 11-13 | Strict | Financial systems, critical operations | ~200ms typical, <350ms max |
| GT-5 | 14-15 | Maximum | Mission-critical, life-safety | ~500ms typical, <1000ms max |
What Governance Tier Controls¶
- Default runtime threshold strictness for CTQ risk-score mapping
- Baseline latency and review expectations
- Security and audit expectations for higher-risk deployments
- Blueprint applicability when
scope.governance_tiersis used
Blueprint thresholds can still be stricter. The effective runtime thresholds are the stricter of blueprint thresholds and Governance Tier defaults.
Choosing a Governance Tier¶
- Calculate ARS from autonomy, adaptability, and continuity.
- Map the ARS result into the corresponding Governance Tier bucket.
- Review whether blueprint policy or domain controls require stricter runtime handling.
Start with Governance Tier GT-2 when in doubt
Most production agents start in Governance Tier GT-2 or GT-3, then refine policy with blueprints and observed runtime behavior.
ARS Assessment¶
ARS = autonomy + adaptability + continuity (range 0-15)
Use the calculator and the ARS model in ACGP-1 to choose the initial Governance Tier.
ARS (Agent Risk Score): 0 / 15
GT-0: Minimal Oversight
Trust Debt and Review¶
Trust debt does not silently replace the deployment-time risk classification.
- Rising debt can tighten runtime handling immediately.
- Crossing
re_tiering_reviewtriggers Governance Tier review. - Governance Tier review may queue ARS reassessment.
- Debt decay does not automatically lower enforcement guarantees for the current action.
See Trust Debt & Runtime Posture for the runtime behavior model.