Inventory
Agent Action BOM
The practical inventory for actor, owner, repo, workflow, credential, reachable action, target, approval rule, and proof.
CAISI
Independent research, field notes, and frameworks on AI-assisted software delivery.
CAISI / Frameworks
Durable artifacts for governing AI-assisted software delivery
Field notes explain what is changing. Frameworks turn that pressure into reusable operating models: what to inventory, what to approve, what evidence to keep, and how to decide whether an AI-assisted workflow is ready for more autonomy.
Core frameworks
Start with the artifact that matches the decision
Control model
Approve actions, not prompts
A model for classifying actions as allowed, approval-required, or blocked at the execution boundary.
Evidence
Audit evidence for AI-assisted SDLC
A proof-packet model for actor, owner, credential, action, target, approval, validation, outcome, and re-review triggers.
Delivery controls
Securing AI coding agents in CI/CD
A concrete control path for PRs, workflow files, CI/CD, credentials, tool calls, approval, and proof trails.
Operating models
Use these when the question is broader than one workflow
Field guide
AI Agent Governance Field Guide
The highest-level CAISI guide to control, execution boundaries, proof, and governed adoption.
Stack model
The Agentic AI Stack
An OSI-inspired model for separating compute, models, context, orchestration, tools, authority, control, and domain action.
Maturity
AI Engineering Maturity Model
A staged way to move from individual AI assistance to reliable, inspectable, and governed AI-assisted delivery.
Evaluation
How to Evaluate Agentic Control
Scenario, efficacy, proof, and pilot language for comparing control quality without relying on demo claims.
Operating guides
Use these for rollout pressure
Rolling out coding agents? Start with security review
Map action authority, credentials, MCP/tool reach, CI/CD actions, approvals, and proof.
MCP tool risk in AI engineering workflows
Evaluate tool reach, invocation context, credential context, approval triggers, and proof fields.
Long-lived credentials in AI agent workflows
Reduce standing-token and inherited-identity risk across agents, CI/CD, tools, and release paths.
AI Agent Governance Glossary
Plain-language definitions for write paths, proof packets, approval mediation, and execution boundaries.