Field,What to document,Why it matters
Agent identity,Name; environment; owner; business process; deployment status,Prevents orphaned AI agents
Allowed actions,Actions the agent may perform without additional approval,Defines operating boundary
Blocked actions,Actions the agent must not perform,Creates reviewable constraint
Tool access,Tools; APIs; repositories; credentials; external systems,Links governance to runtime exposure
Data access,Data classes; customer data; sensitive data; retention path,Supports privacy and security review
Escalation path,Trigger; human owner; containment; shutdown owner; review cadence,Reduces incident confusion