Lexicon · governance

Authority Envelope

The explicit set of actions, resources, and scopes an agent is allowed to touch. The boundary. Everything outside it is denied by default.

An authority envelope is the declared boundary of what an agent may do: which tools, which data, which actions, at what scale. Outside the envelope, the default is no.

Why it matters

Most agents are wired with whatever credentials were lying around. That is how a support bot ends up able to issue refunds, or a codegen agent ends up able to push to main. An envelope makes the blast radius a decision instead of an accident.

In practice

You declare scope up front: read these tables, call these three tools, never touch billing, cap spend at this number. The runtime enforces it. An action outside the envelope is refused and recorded, not quietly attempted.

Where it shows up in my work

governable-ai.com treats the envelope as a first-class object: bounded authority you can grant, inspect, and revoke. It is the difference between delegation and just hoping.

Mine this: Interrogate in Claude ↗ Interrogate in ChatGPT ↗ View .md
Related terms
Principal ChainRevocationAgent Assurance
← All terms Book a call