What it does
Public-Sector Agent Governance Pack is a read-only governance readiness checker for teams deploying AI agents in councils, NHS services, FOI handling, casework, policy, or regulated-service contexts. It scans local governance documents for eight critical controls and returns a GO_WITH_CONTROLS or BLOCKED verdict with per-control findings, a starter SOP template, and an explicit advisory disclaimer.
Use --regulated mode for stricter thresholds in finance, health, and public-sector deployments where a missing control is a legal blocker, not just a warning. Advisory-only, no vendor contact, no document mutation, mutated_files: [].
Use cases
- UK councils, NHS teams, and GDS-aligned projects that need governance evidence before AI agent pilots go live.
- Finance and regulated-service teams that need a pre-deployment compliance checklist with
--regulatedmode. - Procurement and audit teams seeking a structured GO_WITH_CONTROLS or BLOCKED verdict for AI agent deployments.
Eight controls assessed
- Authority boundary — agent's decision scope is formally bounded
- Human review — human oversight is required before consequential actions
- Audit log — agent actions are logged and attributable
- Redress mechanism — affected parties can challenge agent decisions
- Retention policy — data and log retention is defined and compliant
- Privacy / data protection — personal data handling meets GDPR/UK-GDPR
- Equality / accessibility — equalities impact is assessed
- Fallback to manual — manual process exists if agent fails
Example usage
python3 scripts/governance_pack.py --docs /path/to/policy-docs --json
python3 scripts/governance_pack.py --docs /path/to/policy-docs --regulated --json
python3 scripts/governance_pack.py --self-test --json
Example output
{
"ok": true,
"status": "GO_WITH_CONTROLS",
"controls_passed": 7,
"controls_total": 8,
"findings": [{"control": "redress_mechanism", "severity": "WARNING", "detail": "No appeals process documented"}],
"sop_template": "...",
"disclaimer": "Advisory only. This tool does not constitute legal advice.",
"mutated_files": []
}
Requirements
- Python 3.10+ recommended; scripts use Python standard library only
- No API keys, model credentials, network access, or third-party packages required
- Local governance/policy documents to scan (or use built-in self-test fixtures)
QA and security
This skill has been reviewed and cleared for release through the GetAgentIQ release pipeline with Viper QA (5/5 scenarios PASS including --regulated mode) and Warlock security sign-off (2026-05-29). Advisory-only, read-only scanner — no document mutation, no network calls, no config or cron changes, mutated_files: [].