Gouvernance de l'IA
Mise à jour : 7 juil. 2026

Governance Envelope

A governance envelope packages a proposed agent action with the full context needed to assess it before execution.

Définition

A governance envelope is the structured package assembled around a proposed agent action before it executes, carrying everything an evaluator needs to assess that action. The MAS SAFR (Safeguards for Agentic Finance at Runtime) white paper defines three classes of information. Action: the action type and the scope and parameters of what is proposed. Action trace: the actual steps the agent executed in arriving at the proposal, including the tool calls made, the data retrieved, and the checks performed. Context metadata: the agent's identity, the applicable mandate, the current account or system state, and the operative policy constraints.

The envelope exists because governance decisions need consistent inputs. SAFR names fragmentation as one of three gaps in current governance infrastructure: guardrails configured per deployment produce records that cannot be audited in a consistent format. When every action arrives in the same structure, evaluation is repeatable, outcomes are comparable across agents, and the audit record reads the same way for every workflow.

The hard problem is authenticity. The action details and the action trace are both declared by the agent, and a sophisticated adversarial injection can fabricate the two together so the record stays internally consistent. The paper's response: "The envelope is therefore treated as a document to be authenticated against its origin, not merely as a record of what the agent reported." In practice, authentication by construction meets this requirement: the envelope is assembled at a checkpoint inside the execution path, built from the intercepted call itself, so the governance layer constructs the record it evaluates.

In SAFR's action lifecycle the envelope comes first: it is validated for completeness and coherence, then agent identity is verified, controls are retrieved, and a disposition is returned. The envelope as submitted is written to the Audit Log with every outcome, which is where it meets tamper-evident lineage. In KLA's SAFR implementation, the execution-path checkpoint fills this role.

Governance Envelope | Glossaire de la conformité IA | KLA