Skip to Content
GovernanceOverview

Ship Safe Agents

Scan. Ship. Comply. Verify your AI agents have governance controls before deployment.

EU AI Act Article 14 Deadline: August 2, 2026

Non-compliance penalties: Up to 15M or 3% of global turnover.

What is Agent Governance?

Agent governance ensures AI agents operate within defined boundaries:

  • Human Oversight - Humans can intervene in high-risk decisions
  • Authorization Controls - Actions are verified before execution
  • Audit Trails - All actions are logged for accountability
  • Least Privilege - Agents have minimal necessary permissions

Inkog verifies these controls are wired correctly before deployment.

The Governance Gap

Traditional security tools scan for code vulnerabilities. But AI agents have a unique risk:

          Traditional Security              Inkog Governance
          ───────────────────               ────────────────
          Code quality                      Human oversight gates
          Authentication                    Authorization wiring
          Data encryption        +          Audit logging config
          Network security                  Permission scoping

Even “secure” code can lack proper governance controls.

What Inkog Detects

DetectionDescriptionCompliance
Missing Human OversightHigh-risk actions without approval gatesEU AI Act Article 14
Authorization GapsTools executed without permission checksOWASP LLM06
Missing Audit LoggingActions not logged for accountabilityEU AI Act Article 12
Excessive PermissionsOverly broad tool/data accessEU AI Act Article 15

Supported Platforms

Inkog verifies governance controls across both pro-code and no-code platforms:

Pro-Code Frameworks

FrameworkHuman OversightAuthorizationAudit Logging
LangGraphinterrupt_beforeCustom middlewareCallbacks
CrewAIhuman_input=TrueTool wrappersVerbose mode
LangChainCallbacksTool permissionsLangSmith
AutoGenApproval hooksRole-basedLogging handlers

No-Code Platforms

PlatformHuman OversightAuthorizationAudit Logging
Copilot StudioApproval nodesAzure ADPower Automate logs
AgentforceFlow approvalsPermission setsEvent monitoring
n8nManual triggersCredentialsExecution logs
Flowise-API keys-

Quick Start

# Governance-focused scan
inkog . --policy governance
 
# EU AI Act compliance scan
inkog . --policy eu-ai-act

Example: Before and After

Before (Vulnerable)

# Financial trading agent - VULNERABLE
graph.add_edge("analyze", "execute_trade")  # Direct path!
app = graph.compile()

Inkog Finding:

FAIL: universal_missing_oversight
Message: High-risk action 'execute_trade' has no human approval gate
Compliance: EU AI Act Article 14.1, 14.4

After (Compliant)

# Financial trading agent - COMPLIANT
graph.add_edge("analyze", "human_review")
graph.add_edge("human_review", "execute_trade")
app = graph.compile(interrupt_before=["execute_trade"])

Inkog Result:

PASS: All high-risk actions have human oversight gates
Governance Score: 100/100
EU AI Act Readiness: READY

Compliance Evidence

Inkog generates audit-ready compliance reports:

{
  "governance_score": 100,
  "eu_ai_act_readiness": "READY",
  "article_mapping": {
    "Article 14": { "status": "PASS", "description": "Human Oversight" },
    "Article 12": { "status": "PASS", "description": "Record-Keeping" },
    "Article 15": { "status": "PASS", "description": "Robustness" }
  }
}

Use these reports for:

  • Internal compliance audits
  • Regulatory submissions
  • Customer due diligence
  • Insurance applications

AGENTS.md Governance Scanner

Declare your agent’s capabilities and limitations in AGENTS.md. Inkog cross-validates your declarations against actual code behavior—flagging governance mismatches before deployment.

AGENTS.md
# Customer Support Agent
 
## Capabilities
- Read customer records
- Search knowledge base
- Create support tickets
 
## Limitations
- Read-only database access (no writes)
- No external API calls
- Cannot delete records
 
## Security
- All actions logged
- Human approval for refunds over $100

Learn more about AGENTS.md scanning

Next Steps

Last updated on
Data Flow AnalysisAGENTS.md Governance