Governance briefForthcoming
Designing audit trails for agentic systems under EU AI Act Art. 12
What 'logging' actually means when an agent calls 12 tools across 3 systems and a human approves halfway through.
AI governanceEU AI ActAudit
Drafts
Notes from enterprise AI governance work.
I write about Permit-to-Build, agentic AI standards, audit trails, and risk scoring. The work draws from in-flight programs. I skip the proprietary specifics.
Architecture memoForthcoming
MCP scopes as the new IAM boundary
Tool contracts as least-privilege primitives. The authz layer belongs at the MCP server, not the model.
MCPAuthzAgents
Field noteForthcoming
Risk scoring engines that explain themselves
Building rule-based AI risk classifiers that survive contact with legal review and engineering pushback.
Risk scoringExplainabilityGovernance
Architecture memoForthcoming
LangGraph review interrupts as first-class state
Why human-in-the-loop nodes belong in the graph definition, not bolted on as middleware.
LangGraphHuman-in-the-loopWorkflow