10. Governance Infrastructure

(Normative)

10.1 Controlled Vocabulary

A centralized repository of authorized terms with definitions, types, visibility settings, and enforcement SHALL be maintained for each execution domain. In agent architectures: terminology governance that prevents semantic drift across agents, sessions, and execution contexts. When Agent A’s output becomes Agent B’s input, both SHALL use the same terms for the same concepts.

LLMs are probabilistic text generators. Without vocabulary constraints, the same concept may be referred to differently across agent interactions, accumulating semantic drift that degrades process integrity. The controlled vocabulary provides the shared semantic contract.

10.2 Policy Linkage

The ability to link governance documents (regulatory requirements, corporate policies, operational procedures, compliance standards) to any process element — an activity, a gateway, a subprocess, or an entire process — SHALL be supported. In agent architectures: point-of-execution governance. The agent does not need to “know” the full regulatory landscape — it needs access to the specific policies that govern THIS step.

This replaces the current pattern of conflating governance constraints with execution instructions in system prompts. Policy linkage separates governance documentation from execution instructions and provides per-step precision.

10.3 Decision Models (per DMN 1.0)

Structured decision logic separated from process flow SHALL be supported. Decision tables with explicit inputs, outputs, and hit policies SHALL enable deterministic evaluation — given the same inputs, the same decision is produced every time.

The critical distinction: decisions requiring LLM judgment versus decisions requiring deterministic rules. Regulatory compliance checks, threshold evaluations, classification rules, and routing logic SHOULD be specified in decision tables, not inferred by a language model. DMN-equivalent decision models provide reproducibility, auditability, and separation of concerns.

10.4 Governance Scope Boundaries

Organizational containers for related process artifacts, defining permission boundaries and inheritance, SHALL be supported. In agent architectures: domain-scoped authority. A “Finance” scope contains finance processes with finance-specific vocabulary, policies, and access controls. A “Customer Support” scope operates within different constraints. Scopes SHALL prevent cross-domain contamination and enforce the principle that agent authority is bounded.

10.5 Version Control and Audit Trail

Complete history of all changes to every process element, with attribution and rollback capability, SHALL be maintained. In agent architectures: process evolution tracking. When a governed agent workflow is modified, the change SHALL be recorded, attributed, and reversible.

The audit trail is a primary output of execution governance. It provides the structured evidence that flows upward through the stitching mechanism (Clause 7.3) to support Intent Stack L1 (Runtime Alignment) alignment assessment. The audit trail SHALL be append-only for governance-critical events. Process modifications SHOULD be version-controlled with full attribution.

10.6 Derived Documentation

Auto-generated narrative documentation from the process model MAY be produced. The model is the source of truth; documentation is a derived projection. This is a direct instance of the Intent Stack’s “source state over derived state” principle: maintain Intent (source), derive artifacts on demand.

10.7 Framework Gap Analysis

The governed activity model (Clause 8) and process structure elements (Clause 9) establish a structural baseline against which any agent framework can be evaluated. The following gap analysis applies this baseline to two representative frameworks.

LangGraph (LangChain Inc.) provides graph-based orchestration with typed state, conditional branching, checkpointing, and sub-graph composition. Against the BPM/Agent Stack baseline:

• Complete gaps: RACI role attributes, SIPOC data lineage, VSM performance attributes, ISO 31000 risk, controlled vocabulary, policy linkage, DMN decision models, message flows.
• Partial: Typed gateways (conditional edges exist but without semantic types), subprocesses (subgraphs exist but without governed interfaces), audit trail (LangSmith is developer observability, not governance audit).
• Present: Sequence flows (edges), conditional branching, state persistence.

Anthropic Agent Architecture provides an agentic loop with tool use, sub-agents, MCP integration, Agent Skills, and permission modes. Against the BPM/Agent Stack baseline:

• Complete gaps: RACI role attributes, SIPOC data lineage, VSM performance attributes, ISO 31000 risk, controlled vocabulary, DMN decision models, deterministic process flow, governance scope boundaries.
• Partial: Swimlanes (agent/subagent boundary is capability-driven, not responsibility-driven), milestones (permission modes are coarse), events (maxIterations/timeout only), subprocesses (subagents as tool calls without governed interfaces), policy linkage (system prompt conflates governance with instructions).
• Present: Tool invocation, sub-agent delegation, MCP integration.

The structural observation. Anthropic has built the most sophisticated governance philosophy in the AI industry — Constitutional AI, safety research, alignment work, responsible scaling policies. Yet their agent architecture has no governance infrastructure for execution. This is not merely an observation — it is an architecturally grounded claim. The Intent Stack positions Constitutional AI as the substrate beneath all governance layers. The BPM/Agent Stack provides the execution governance infrastructure that sits above that substrate. The gap between Anthropic’s governance philosophy and their agent execution model is the precise gap the two-specification architecture fills.