Agent Governance · Authorization
What each agent is allowed to do — authorized vs. observed.
Honesty marker
Authorization is the default-action setting (defaultDomainAction) plus the guardrail adapters. We compare what's allowed against what each agent is observed doing; gaps are unsanctioned actions.
Default stance · defaultDomainAction
The baseline decision applied to any action that no guardrail explicitly handles.
Default-allow
Every agent action is permitted unless explicitly denied.
Authorization matrix
Per agent, per action class: what's used, blocked, or unsanctioned — derived from observed actions.
Guardrail adapters · enforcement stack
The @qpoint/* packages that intercept actions — plus the one that's missing.
Unsanctioned actions
Allowed-but-shouldn't-be, or blocked — the gap between authorized and observed.
Fields: defaultDomainAction · action (ALLOW|DENY|BLOCK) · endpointId · class · guardrail packages (@qpoint/*) · riskLabels