Agent Control Plane Readiness Checklist (2026) Use this as a pre-flight checklist before you let an agent touch production systems. 1) Identity & Provisioning - SSO: Support OIDC or SAML with a mainstream IdP (Okta, Microsoft Entra ID, Google Workspace). - Provisioning: SCIM users/groups so access doesn’t depend on manual invites. - Service identities: Separate “agent service accounts” from humans; no shared tokens. - Role model: Define roles (Admin, Builder, Operator, Viewer) with explicit permissions. - Offboarding: Confirm deprovisioning removes access immediately and revokes tokens. 2) Connector Safety (Tools) - Scope tokens to the smallest possible API permissions; avoid admin-wide scopes. - Separate read vs write tools; make read the default. - Implement “dry run” or “draft” mode for write actions where possible. - Rate limit tool calls; protect downstream systems from loops. - Maintain connector versioning and schema checks so vendor API changes don’t silently break behavior. 3) Policy Enforcement - Central policy engine: allow/deny decisions evaluated at runtime for every tool call. - Environment awareness: stricter policies in prod than staging. - Context-based controls: time windows, network posture, project/workspace constraints. - Approval gates: require explicit approval for destructive or financially material actions. - Break-glass: an emergency disable switch per workspace, per connector, and globally. 4) Audit & Forensics - Log every tool call with: actor identity, agent identity, timestamp, inputs, outputs, and policy decision. - Trace IDs: tie agent actions to downstream system changes (tickets, commits, CRM updates). - Export: provide log export for security review (common formats are fine; the key is access). - Data minimization: don’t log secrets; redact where necessary. 5) Evaluation & Release Discipline - Golden set: maintain a small curated set of real tasks + adversarial prompts. - CI gating: prompt/policy/tool changes must pass automated evals before deploy. - Staged rollout: canary new models/prompts to a subset of users/workspaces. - Regression response: define who rolls back, how, and what triggers a rollback. 6) Cost & Abuse Controls - Budgets per workspace/team; clear visibility into spend drivers (models, tool calls). - Throttles: rate limits and max-step limits per run to prevent runaway loops. - Model routing policy: choose cheaper models for low-risk tasks; restrict premium models by role. Operator’s Final Check (before production) - Can you answer: who can run the agent, what it can read, what it can write, and how to stop it? - Can you produce an audit trail for a single action end-to-end in under 5 minutes? - Can you prove least privilege on one connector without hand-waving? If any answer is “no,” you don’t have an agent product yet—you have a demo.