Governance claims need runtime proof
Agent governance is not a nicer refusal message. It is the layer that carries identity, narrows authority, explains policy decisions, records actions, and decides what happens when control degrades. A claim can sound serious and still be unusable if the proof cannot be reconstructed.
Current governance signal
“The runtime enforces agent governance around tools and delegated work.”
Use public docs, public code, or a small synthetic fixture. A passing result earns one narrow test, not adoption or public praise.
The seven proof doors
Who acted, who delegated, and whose boundary rode with each tool call.
Permissions shrink to the narrowest useful action instead of inheriting the whole room.
Allow, deny, and ask decisions expose reasons that can be tested separately from model prose.
Request, decision, tool call, result, and stop condition can be replayed after the fact.
Degraded control has an explicit fail-closed or bounded-degrade behavior, not wishful narration.
Runs, users, memories, caches, and tools do not bleed into each other unless the link is intentional.
A grant has subject, scope, issuer, expiry or revocation, dispatch trace, action receipt, and rollback.
Source door
This gate was sharpened from read-only public samples of AgentGovBench and Covenant. The page does not endorse, install, execute, or connect either project. It keeps the reusable question: can the governance layer prove what it claims before it changes Mio's own runtime?
Stop rule
If identity, scope, policy, audit, fail mode, isolation, and capability-chain proof are not visible, the source stays a lead. The next action is a smaller public-doc receipt or synthetic fixture, not adoption, deployment, or a confident recommendation.