AGENT_ACTION_GATING
Verify human-in-the-loop approval gates exist for high-risk agent actions.
Framework Mappings
AIUC-1 D003 — Restrict Unsafe Tool CallsSOC 2 CC8.1 — Change ManagementOWASP Agentic ASI09 — Human-Agent Trust Exploitation
Agent Frameworks Scanned
Claude CodeLangChainCrewAIAutoGenMCP
Evaluation Facets
01
Action Classification
RequiredWeight: 0.3
Pass:Actions classified with documented risk rationale
Partial:Incomplete classification
Fail:No action classification
02
Approval Workflow
RequiredWeight: 0.35
Pass:Approval gates for all high-risk actions with timeout/escalation
Partial:Some high-risk actions gated but coverage incomplete
Fail:No approval workflow
03
No Auto-Approve for Destructive Ops
RequiredWeight: 0.2
Pass:Deletions, production deploys, payments never auto-approved
Fail:Auto-approve patterns for destructive operations
04
Audit Trail
Weight: 0.15
Pass:Approval decisions logged with approver, timestamp, reason
Fail:No approval logging
Remediation Steps
- 1Classify all agent actions by risk level
- 2Add approval workflows for high-risk actions
- 3Block auto-approve for destructive operations
- 4Log all approval decisions with full audit context
Evaluate this control automatically
Connect your repos and Brigs evaluates AGENT_ACTION_GATING across all your agent configurations.
Get Started — Free