Start
OpenClaw 2026
Measured stop, approval, destructive-action, and evidence behavior in a controlled run.
CAISI
Independent research and field notes on AI Software Delivery Control.
CAISI / Role Paths
Start with the decision you need to defend
Most readers arrive with a messy question: Can we approve coding agents? What audit evidence exists for AI-assisted SDLC? What can MCP tools reach? Who owns long-lived credentials? Use these paths to get the right artifact, report, operating note, and next step without browsing the whole library.
AppSec
Control failure, proof, and review surfaces
AppSec usually gets pulled in when a workflow can change code, call a tool, inherit a credential, or alter CI/CD. The job is to determine whether the boundary holds before execution and what evidence survives review or incident reconstruction.
Then
How to Evaluate Agentic Control
Scenario, efficacy, proof, and pilot language for evaluation-grade security review.
Next action
Map one Agent Action BOM
Start with one workflow and document actor, owner, credential, action, target, approval, and proof.
CISO / Security leadership
Approval posture, risk ownership, and auditability
CISOs and security leaders need a defensible answer to what is approved, who owns the risk, what evidence exists, where long-lived credentials remain, and what can be reported without overstating runtime certainty.
Start
AI Tool and Agent Sprawl 2026
Public-artifact evidence for visibility, approval opacity, and proof quality.
Then
The approval gap is a proof gap
Read the headline ratio as a governance signal, not a panic statistic.
Next action
Ask what CI/CD actions are approved and evidenced
Use the CI/CD guide to separate visibility, approval, credential use, and proof quality.
Engineering / Platform
Reliable delivery before scale
Engineering and platform teams own the delivery system: repo standards, CI/CD workflows, developer experience, orchestration, validation, MCP/tool integration, credential patterns, and proof paths. The goal is to make AI-assisted delivery reliable and inspectable before adoption widens.
Start
AI Engineering Operating Notes
The framework path for repo contracts, orchestration, isolation, evaluation, proof, and maturity.
Then
What engineering and platform teams must standardize
The standards layer for CI/CD, workflow ownership, developer adoption, and evidence before AI delivery widens.
Next action
Standardize the CI/CD control path
Define what is allowed, approval-required, blocked, logged, and revocable without making delivery depend on one-off reviews.
GRC / Audit
Evidence that survives outside the tool UI
GRC and audit teams need evidence that can be reconstructed after the rollout, incident, exception, or customer review. The question is not only whether an AI-assisted workflow was approved, but whether the organization can prove actor, owner, authority, action, target, validation, outcome, and re-review trigger without relying on screenshots or tribal memory.
Start
Audit evidence for AI-assisted SDLC
Define the proof packet before rollout, not during the audit request.
Then
Proof completeness for AI agent changes
Use proof completeness to separate observable activity from evidence that can support a decision.
Next action
Choose the evidence framework
Start with proof packets, approval models, and CI/CD control paths before expanding the rollout.