Alignment Governance Stack

Why Agentic AI Changes The Governance Problem

Agentic AI can move beyond text generation into delegated action. It can call tools, execute workflows, update records, send messages, publish drafts, or act through organization-approved systems.

That changes the governance question. The question is no longer limited to whether a model produced acceptable text. A governed system must also ask why an action was proposed, who had authority, what boundary applied, whether the actual runtime action matched the permitted action, and what proof remains afterward.

Delegated Agency

Delegated agency means a system acts under human or organizational authority. The delegation may be narrow, temporary, internal, reversible, and low risk. It may also become external, sensitive, irreversible, or consequential.

AGS treats delegated action as something that needs a path from authority to consequence. The stack asks whether delegation remains under policy, proposal review, execution gating, runtime permit checks, evidence, memory, and human audit.

The Governed Action Path

The local AGS documentation describes a governed path from human and organizational authority through proposal formation, PGDL, AAG, Runtime Binding, receipts, Governance Memory, and Human Agency Audit.

The point of the sequence is to keep proposal, authorization, execution, and memory from drifting apart. Each stage has a narrower job.

PGDL

PGDL means Pre-Gate Deliberation Layer. In the AGS documentation, PGDL asks what kind of action should be proposed before an action reaches the hard gate.

PGDL is a proposal-maturation layer. It can analyze, object, revise, escalate, reject, or forward a proposal. The local v0.1 description says it uses deterministic rule-based logic, does not call LLMs, and does not execute or approve actions.

AAG

AAG means Agent Action Gate. In AGS, AAG remains the hard pre-execution gate. It evaluates whether a proposed action should be allowed before execution.

The AGS docs state that AAG core is imported from the existing Agent Action Gate implementation and adapted into `@alignment-governance-stack/aag-core`. It returns `allow`, `require_approval`, `revise_action`, or `block`. It does not execute actions and does not perform PGDL's proposal-maturation role.

Runtime Binding

Runtime Binding validates that the actual action being executed matches a valid permit. Its job is to prevent drift between the approved proposal and the runtime action.

The local Runtime Binding v0.1 documentation says it checks exact permitted execution and denies missing permits, expired permits, hash mismatches, tool substitution, target substitution, environment substitution, scope expansion, external-facing escalation, sensitive-data escalation, and approval-state changes.

Receipts

Receipts preserve proof after PGDL, AAG, Runtime Binding, and final governance decisions. They are audit evidence, not approval.

The current AGS receipt package creates tamper-evident governance receipts for the spine from original proposal through PGDL packet, AAG decision, runtime permit, Runtime Binding result when supplied, final decision, receipt hash, and hash verification. The v0.1 docs describe receipts as in-memory proof artifacts, with persistence and signing listed as future work.

Governance Memory

Governance Memory analyzes receipt history and produces recommendations for human review. It can identify repeated revision patterns, hard-boundary blocks, missing authority, likely rubber-stamp approvals, runtime substitutions, invalid policy profiles, and other governance patterns.

The documentation is explicit about the boundary: Governance Memory does not silently mutate policy profiles, hard boundaries, authority maps, or participation policies. Every recommendation requires human review.

Governance Profiles

Governance profiles are currently documented design work. The external AGS profile design document says static governance-module manifests exist in Continuity Console sample data, but runtime profile selection is not implemented.

The planned role is to select which governance modules apply to a workflow or action context without allowing modules to silently grant themselves authority. The fixed AGS roles remain PGDL, AAG, Runtime Binding, and receipt continuity.

Relationship To HAPI

HAPI names the agency-preservation problem in public and institutional terms. It asks whether people retain understanding, refusal, revision, authority, and accountability.

AGS is the implementation-facing companion. It gives delegated AI actions a governed path that can produce evidence for later review. HAPI names the human condition the system should preserve; AGS supplies technical primitives for testing and documenting action governance.

Relationship To The Original AAG Prototype

The existing public Agent Action Gate page documents the original AAG v0.3.0 prototype. That page should remain intact because it records a specific release and public implementation surface.

The AGS repository incorporates AAG as one stage inside a larger governed path. Later AGS work should not be described as part of the original v0.3.0 release unless release evidence supports that claim.

Current Status

Local evidence for AGS includes a TypeScript monorepo, implemented packages, examples, docs, evals, a developer CLI, receipt-history analysis, and a Continuity Console with read-only Local Evidence Mode. The changelog's latest observed heading is v1.12.0, while `package.json` still reports version 0.1.0, so public version wording should remain cautious until the author confirms the release reference.

AGS is not an AI model, hosted service, legal compliance certification, identity provider, or replacement for human judgment.

Technical Source Material