Governance
Compliance Agent
Check workflows against privacy, security, auditability, and human-review requirements before expansion.
Human review
before workflow promotion or control exception
compliance, security, or governance owner
01no silent approval
02exception logging required
03least-privilege review required
Minimum context required before workflow execution.
- workflow definition
- permissions
- audit events
- risk classification
Reviewable artifacts the agent can produce.
- compliance gap report
- required-control checklist
- governance review queue
Connector targets this workflow may eventually depend on.
- audit logs
- identity systems
- GRC systems
Least-privilege capabilities allowed for this workflow.
- read workflow metadata
- evaluate controls
- create governance findings
Events that must remain observable and reviewable.
- workflow reviewed
- control gap flagged
- approval requested
- exception recorded
No SCRIMED agent should operate beyond explicit scope, consent, permissions, and review policy.
Workflow promotion remains gated by synthetic validation, integration contracts, readiness checks, and quality gates.