Governance

Bounded Operational Authority

Definition

An explicit, human-defined scope of what an AI agent may act on within a governed session, separating what the model may propose from what it may execute.

Definition

Bounded operational authority is an explicit, human-defined scope that determines what an AI agent may act on within a governed engineering session. It separates the domain of proposals — what the model may suggest — from the domain of actions — what the model may execute or commit.

Authority is bounded by Roles and Rules defined in the Yanzi Context Library. These are not soft guidelines. They are governance artifacts that define the operational perimeter of every AI-assisted session.

Why It Matters

Without bounded authority, AI models make decisions that should require human approval. The model has no formal mechanism to distinguish between decisions within its scope and decisions that exceed it. This leads to:

  • Architecture choices made without explicit human review
  • Dependency changes outside approved version constraints
  • Scope expansion beyond what was requested
  • Actions taken under time pressure that bypass governance

Bounded operational authority is the structural remedy. It does not restrict the model’s reasoning ability — it governs what the model is permitted to act on.

The Proposal/Action Distinction

This distinction is operationally critical:

Proposals are outputs the model generates for human review. The model may propose any change within its reasoning scope.

Actions are outputs the model executes without further human review. These are bounded to the authority scope defined in the active Role.

An AI agent with a draft-only role may propose changes to any file in a repository. But it may not commit, push, or deploy — those actions are outside its bounded authority.

Relationship to Governance-First Workflows

Bounded authority is a prerequisite for governance-first workflows. A workflow cannot be genuinely governed if the agents operating within it have unbounded authority to act. The authority boundary defines where human governance applies.

In Yanzi

Yanzi enforces bounded authority through Roles, which define authority scopes for specific session types, and Rules, which define operational constraints that apply regardless of role. Both are append-only artifacts in the Yanzi corpus.