ADG Implementation Quickstart
If you’re starting from zero, do this in order.
This guide explains how to implement ADG. Normative requirements live in /docs/standards/.
Step 1 — Inventory agentic surface area
List:
- where agents write code
- where agents touch schema/migrations
- where agents touch CI/CD or infra
- what credentials and access they have
- what environments they can modify
Output artifact:
Agent Inventory(agent name, scope, tools, permissions, environments)
Step 2 — Implement the Action Ledger (minimum audit trail)
To satisfy the audit and behavior standards (ABR/ACR), implement structured action logging (JSON preferred) with:
- timestamp (UTC)
- agent_id
- session/correlation_id
- action type
- inputs/parameters (or stable references)
- affected resources
- outcome (success/failure)
- duration
- rationale for significant actions
- user context (if the agent acts “on behalf of” a human)
Step 3 — Define high-risk checkpoints
Create a list of “approval required” actions, such as:
- schema migrations
- auth/authz changes
- RLS/tenancy logic changes
- environment variable changes
- deployment to production
- secrets access changes
- permission/role changes
Operational rule of thumb:
agents propose; humans approve for high-risk changes.
Step 4 — Enforce boundary invariants
Start with invariants that prevent catastrophic drift:
- environment isolation (dev/staging/prod must not share resources)
- tenancy isolation (RLS/tenant filters verified)
- auth consistency (no unguarded routes)
- schema safety (migrations verified; schema drift checks)
Step 5 — Add drift detection
Start small and expand:
- docs-to-code sync checks
- schema drift detection in CI
- invariant tests that fail on boundary violations
Step 6 — Iterate toward higher assurance
Once foundations work:
- add anomaly detection and alerts
- tighten policy checks at merge/deploy boundaries
- improve dashboards and reporting
- expand governed agent coverage