Actor and owner
Agent or workflow name, type, human owner, purpose, repo, PR, branch, and source location.
Independent research and operating notes on AI Software Delivery Control.
Reference / Agent Action BOM
If security asks what a coding agent can touch, do not answer with a model list. An Agent Action BOM is the practical artifact that maps AI-assisted software delivery action paths: actor, owner, repo, workflow, credential, reachable actions, target systems, approval rule, and proof coverage.
Last updated: May 7, 2026
Create the first Agent Action BOM when a team is about to let an AI-assisted workflow move beyond local suggestions. The trigger is not "AI exists." The trigger is action authority: output is rising, review capacity is limited, and the team needs conditions of trust it can defend later.
An Agent Action BOM answers a narrow operational question:
What can this AI-assisted engineering workflow touch or change?
The artifact follows the action path rather than only the model or code artifact:
agent/workflow -> repo/PR -> credential -> action -> target -> owner -> approval/proof
AI coding agents and automations can cross boundaries that are usually reviewed separately: repository permissions, CI/CD workflows, secrets, package managers, MCP tools, cloud APIs, release workflows, and production-adjacent systems.
A normal inventory can show that a tool exists. An Agent Action BOM should show what the tool or workflow can do, which review applies, and what evidence survives afterward.
Agent or workflow name, type, human owner, purpose, repo, PR, branch, and source location.
Token, service account, OAuth grant, CI secret, inherited identity, or short-lived credential.
Read, write, deploy, delete, execute, secret access, package publish, cloud API, or database write.
Allowed, approval-required, or blocked actions plus evidence of approval, credential use, target system, and outcome.
If the artifact needs to fit into an AppSec review, security briefing, or platform standard, the minimum useful checklist is:
An SBOM lists software components. An AI inventory may list models, prompts, tools, datasets, providers, or approved applications.
An Agent Action BOM maps action authority. It is about what an AI-assisted workflow can touch or change across software delivery.
A useful first pass can be written in plain language before it becomes a system of record:
Workflow: AI-assisted PR repair
Owner: Platform engineering
Repo: payments-api
Credential: CI token scoped to repo and branch
Reachable actions: read repo, write branch, run tests, comment on PR
Approval-required actions: change workflow files, publish package, deploy
Blocked actions: access production secrets, delete branches, bypass required checks
Proof: PR link, workflow run, credential identity, policy verdict, approver, test result
The value is not the format. The value is that AppSec, platform, and engineering can now discuss a concrete action path instead of arguing over whether the tool is generally safe.