Decision-Rights Map Template (Agent Feature)

Goal
Define what the agent is allowed to decide and do, under what constraints, with what evidence, and with which human overrides. Treat this as a release gate for any agent that touches production data or actions.

1) Workflow Definition
- Workflow name:
- Target user role(s):
- Where it lives (product area / UI entry point):
- Inputs the agent can use (explicit list of systems):
- Outputs the agent can produce (explicit list):

2) Capability Classification (pick one)
- READ: retrieval/summarization only
- WRITE: creates drafts/artifacts that humans publish
- EXECUTE: triggers real actions that change state
- MULTI-AGENT: delegated sub-tasks across agents/tools

3) Decision Boundary
Write one sentence:
- “The agent is allowed to ________, but it is not allowed to ________.”
Examples:
- Allowed: draft a refund email. Not allowed: issue the refund.
- Allowed: open a pull request. Not allowed: merge to main.

4) Action Allowlist (required for WRITE/EXECUTE)
List the exact tool actions the agent can call, by verb:
- action:
 - parameters allowed:
 - parameter constraints:
 - max frequency / rate limit:

5) Approvals and Step-Up Auth
For each risky action, define:
- Human approval required? (yes/no)
- Approval method (UI confirm, two-person rule, PR review, admin-only)
- Step-up auth required? (SSO re-auth, hardware key, device posture)
- What happens on denial (fallback response + escalation path)

6) Evidence and Source Controls (required for READ/WRITE)
- Source allowlist (systems + collections + tenants):
- Sensitive data rules (PII/PHI/PCI handling):
- Citation requirements (show sources to user? yes/no)
- Redaction rules (what must never appear in outputs):

7) Logging and Audit Trail
Define minimum logs per interaction:
- user identity + role
- agent identity/version
- prompt/context identifiers (not raw secrets)
- retrieved document IDs and access checks
- tool calls: action, parameters, result
- approval events: who approved, when
- final output artifact link (ticket/doc/PR/email draft)

8) Reversibility and Rollback
- What actions are reversible?
- How to undo (specific mechanism):
- Time window limits (if any):
- Non-reversible actions (explicit list) + additional gates required:

9) Failure Modes and Kill Switch
- Known bad outcomes (top 3):
- Detection signal (log event / anomaly / user report):
- Immediate mitigation (kill switch, quarantine mode, disable tool access):
- Escalation owner (team/on-call alias):

10) Release Gate Checklist
Ship only if all are true:
- Decision boundary is written and reviewed by product + security.
- Action allowlist exists (no free-form tool access).
- Approval flow works end-to-end in staging.
- Logs answer: what happened, why, and who approved.
- Reversal path is documented and tested.

Use this template per workflow. If your agent spans three workflows, you need three maps.