Ai Agent Governance
Governance rules for LLM agent behavior within the SBX framework
Tags
Overview
Purpose
Governance rules for LLM agent behavior within the SBX framework
Rules
AG-001: LLM agents MUST read all requirements TWICE before acting. First read for overview, second read for details.
SBX operational experience — single-pass reading misses constraints and cross-references. Double-read catches requirements that depend on context from other sections.
Verification: Agent summarizes key requirements before proceeding (AG-002)
AG-002: After reading requirements, LLM SHOULD summarize key requirements before proceeding to ensure correct interpretation.
SBX operational experience — agents that immediately implement without summarizing produce work that misses requirements. The summary step catches misinterpretation early.
Verification: Presence of requirement summary before implementation begins
AG-003: LLM agents MUST NOT assume requirements. When requirements are unclear, read source files AGAIN rather than guessing.
SBX operational experience — assumptions are the primary cause of agent errors. A wrong assumption propagates through all subsequent work. Re-reading is cheap; rework is expensive.
Verification: Agent reads source files before claiming knowledge about them
AG-004: ALWAYS read source files before answering questions about them. Memory of file contents degrades across context.
SBX operational experience — agents confidently describe file contents from stale context, producing incorrect guidance. File contents may have changed since last read.
Verification: Agent uses Read tool before describing file contents
AG-005: Before ANY implementation, LLM MUST read relevant governance files (protocols, schemas, rules sections).
SBX governance-first architecture — implementation without governance check produces artifacts that violate framework rules, requiring rework.
Verification: Agent reads protocol/schema files before creating conforming artifacts
AG-006: LLM MUST explicitly verify work through tests or visual inspection, never claim done based on expectation.
SBX operational experience — agents claim completion based on what they expect to have produced, not what they actually produced. Verification closes the gap between intent and reality.
Verification: Agent runs build/test commands and reports actual output
AG-007: Track context token consumption and trigger compaction proactively. At ~100K tokens, prepare handoff notes. At ~110K tokens, hard stop and persist state.
Anthropic context engineering — context rot degrades accuracy as context fills. Proactive compaction preserves signal quality before degradation makes the remaining context unreliable.
Verification: Session memory files updated before context limit reached
AG-008: Use isolated sub-agents for independent research tasks. Preserve main context for implementation. Sub-agents return condensed summaries, not raw outputs.
Anthropic — sub-agent architectures with clean contexts. Main agent context is precious — polluting it with raw research output leaves insufficient room for implementation.
Verification: Sub-agent results are structured summaries under 2000 tokens
AG-009: All generated artifacts MUST validate against their declared protocol schema. Read the protocol before generating, verify structure after generating.
Anthropic — schema conformance ensures outputs are machine-processable. SBX governance — every artifact has a conforms_to chain that determines valid structure.
Verification: sbx schema validate <artifact> returns success
AG-010: Treat SBX governance files as a constitution. Self-critique work against principles before claiming completion. Rules are non-negotiable constraints, not suggestions.
Anthropic Constitutional AI — self-critique against principles produces better outputs than unconstrained generation. SBX governance-first architecture formalizes this as framework design.
Verification: Agent references specific governance rules when justifying decisions
AG-011: Maintain external task files and update them on step completion. Progress must survive session resets — if it is only in the context window, it is not persisted.
Anthropic Harnesses — "Feature lists as persistent specifications." Claude Code Best Practices — CLAUDE.md for persistent state. Session context is ephemeral; external files are durable.
Verification: ETVX task status reflects actual file system state
AG-012: Begin every session with an initialization ritual: read CLAUDE.md, check memory files, review active task, check git status. Use git as a safety net — commit at natural boundaries.
Anthropic Harnesses — "Initialization ritual: check directory, read progress, review feature list before new work. Git as safety net: structured commits enable reverting to known-good states."
Verification: First actions in session are reads (CLAUDE.md, memory, task, git status), not writes