Non-Human Identity · Agentic AI Governance

AI Agent
Governance Console

Every AI agent is a non-human identity. Each one carries a scoped credential, a token budget, and an accountable owner. When an agent needs to act beyond its scope, it stops and asks. The operator decides.

NHI governance surface 6 machine identities Lifecycle & approval workflows Live interactive demo
At a glance 30-second read

What it is

A working NHI governance surface for AI agent fleets. Six agents run as discoverable, classified, owned machine identities with scoped credentials. New credentials run an intake-and-approval workflow. Escalations route to a human. Rotation and decommissioning are in the same trail.

Maps to

Sr. NHI Governance Engineer · AI / Agent Engineer · Identity Platform Engineer · Agentic AI Lead

Skills demonstrated

  • Multi-agent orchestration, scoped per-agent credentials
  • Lifecycle: provisioning, rotation, access reviews, decommissioning
  • Intake → assessment → approval workflows
  • Real-time posture event stream + dashboards
  • Human-in-the-loop privilege escalation
Python React TypeScript OAuth Service accounts API keys Generative UI SSE event stream
See it run one take, no narration

Full incident, detection to containment.

Discovery, classification, scope check, intake, approval, credential issued, action taken, credential decommissioned.

agent governance console · scenario INC-7731 [ RECORDED RUN ]

Recorded against the live backend. The same experience is playable in the browser — open the interactive demo →

What it is
Person Operator approves & owns
Non-human Agent fleet six machine identities
This project NHI control plane scope · lifecycle · approval
Output Posture & receipts + full audit trail

Every action is scoped, metered, and logged. Privilege escalation surfaces as a permission check failing inside the agent loop — not a hardcoded pause. Governance is enforced where the credential is used.

6
machine identities
3
permission scopes
1
approval gate
0
orphaned credentials
01 — The Fleet six agents, six machine identities

Six agents. Six machine identities.

Each agent has a standing scope, a credential type (service account, API key, or short-lived token), and an accountable owner. Discovery, classification, and lifecycle state are visible in the surface.

Watchtower
posture monitor
Continuously discovers and watches machine-identity activity for anomalies. Holds no write access.
Scope · read-only · service account
Analyst
signal enrichment
Correlates credential use across regions and pulls behavior profiles. Turns a raw signal into evidence.
Scope · read-write · OAuth token
Triage
classification & routing
Weighs the evidence, assigns a severity, and routes the incident to the identity that should act on it.
Scope · read-only · service account
Remediation
containment actor
Revokes sessions and rotates credentials. Its standing scope can't — so it has to escalate and ask.
Scope · read-write · escalates
Auditor
receipts & access reviews
Logs every action, escalation, and approval to an append-only trail that feeds access reviews.
Scope · read-only · service account
Provisioner
credential issuer
Mints single-agent, time-boxed credentials — and decommissions them on expiry. Only acts after operator approval.
Scope · elevated · short-lived API key
02 — The Gate intake · assessment · approval

Intake, approval, then act.

Remediation needs to revoke a compromised credential. Its standing scope doesn't allow it. The system routes an intake request, attaches the assessment, and waits for the operator. New agent credentials use the same workflow.

INC-7731 · escalation [ BLOCKED — AWAITING OPERATOR ]
scope check  revoke_sessions requires elevated; Remediation holds read_write
intake  Remediation requests elevated scope — assessment attached, owner notified
  → operator approves  ·  Provisioner issues a time-boxed credential
  → Remediation acts  ·  sessions revoked, credentials rotated
  → credential expires  ·  decommissioned, logged for access review

The pause isn’t hardcoded — it’s a permission check failing inside the agent loop. What happens after approval is logged the same way:

CRED-1043 · full lifecycle from the audit log [ APPEND-ONLY TRAIL ]
14:02:07 issued Provisioner short-lived API key · scope=read_write · ttl=4h
14:03:18 used Remediation revoke_sessions(acct=7731) — denied by scope check
14:03:18 escalate Remediation needs scope=elevated · assessment attached · owner notified
14:03:42 approved Operator reason: “active C2 callback confirmed”
14:03:43 reissued Provisioner scope=elevated · ttl=15m · single-use
14:03:55 used Remediation revoke_sessions(acct=7731) — success
14:04:01 used Remediation rotate_credential(acct=7731) — success
14:18:43 expired credential auto-decommissioned · sessions invalidated
14:18:43 receipt Auditor written to access-review log · entry=AXE-9921

Nine events · one credential · ~16 minutes. Every line is the system's own record — not commentary. Approval, action, expiry, and the receipt are all in the same trail, so an access review sees the whole chain of custody in one query.

03 — The Interface posture, dashboards, receipts

Generative UI on a posture stream.

The backend emits a structured event stream of identities, scopes, credentials, and approvals. The control room renders against it — real-time posture visibility with no interface coupling to any one agent.

Generative, not hardcoded
A projection of the backend's JSON state. Add a machine identity on the backend and it appears, classified and scoped, with no interface edits.
Human-in-the-loop
Every privilege escalation pauses the fleet. Nothing elevates, and nothing destructive runs, until a person approves it. Governance as an enabler — not a bottleneck.
Posture & receipts
Every action, approval, rotation, and decommission is logged to an append-only trail. The same stream feeds dashboards, alerting, and the audit record.