Section navigation
LIFRecord LifecycleCUSCustody SurfaceTAXRecord TaxonomyOPBOperator BoundaryPUBPublish BoundaryNCRNon-Creation PosturePVPreservation and Legal HoldVERVerification and AuditAGTAgent RuntimeDELDelegation and Memory

ARCS-AGT: Agent Runtime

Enterprise Profile

The ARCS-AGT family addresses records created or transformed through agent-mediated execution. The controls in this family govern runtime context, tool-use traces, intermediate outputs, execution-linked artifacts, and the conditions under which agent activity creates governed records. These controls are grouped together because agent runtime behavior introduces record conditions that do not fit neatly into ordinary user-generated or static application categories. Governance must account for execution flow, intermediate state, and the artifacts produced by delegated computational action.

The formal definition and scope of this family are maintained in the Standard.

ControlDescription
AGT-01The operator SHALL identify all agent runtime artifact classes present in the deployment and classify each according to ARCS-AGT §17.2.
AGT-02The operator SHALL apply content-telemetry separation to all agent runtime artifacts containing both deliberative content and operational telemetry. Co-mingled artifacts must be separated at the custody boundary or treated as deliberative in full.
AGT-03The operator SHALL define session scope for agent runtime deployments. For multi-step agentic workflows, the session scope must encompass the entire workflow, not individual API calls within it.
AGT-04The operator SHALL classify planning traces as ephemeral by default. Metadata may be retained only if it excludes abandoned approaches, alternative reasoning, and cognitive path content.
AGT-05The operator SHALL classify and govern tool call metadata and tool call content separately. Tool call content governed as deliberative unless operator documents that content contains no material derived from operator prompts.
AGT-06The operator SHALL classify intermediate results as ephemeral by default. Document retained deliverable designations; reflect designated deliverables in session receipt.
AGT-07The operator SHALL classify error recovery artifacts as deliberative and govern as ephemeral. Retain error metadata as operational telemetry only. Configure observability pipelines to exclude deliberative content from error context capture.
AGT-08The operator SHALL decompose security-sensitive tool outputs into final deliverables (persistent), deliberative intermediates (ephemeral), and operational telemetry (retainable). Apply deletion controls independently to each storage location created by the tool.
AGT-09The operator SHALL disclose agent runtime artifact classes, retention class applied to each, and vendor retention for all tool integrations handling deliberative content.
AGT-10The operator SHALL confirm preservation posture under ARCS-PV covers all agent runtime artifact storage locations, including tool-provider logs, workflow state containers, and external storage accessed during execution.
AGT-11Session receipt SHALL identify session scope, artifact classes generated, retention class per class, whether deliberative content was transmitted to external tool providers, and retained deliverable designations. Receipt shall not include deliberative content.
AGT-12Undifferentiated security-relevant content: where tool calls or agent runtime records may contain security-relevant content that cannot be classified at creation time, the operator SHALL document which tool-call classes may contain such content, what detection mechanism exists, the default retention posture, and how such records would be handled in response to a discovery request.
AGT-13Lifecycle boundary identification: the operator SHALL identify lifecycle boundaries applicable to each runtime component and document which artifact classes cross which boundaries during normal operation, error conditions, and abnormal termination. Assess at minimum: persistence to durable storage, transmission outside local execution environment, retention beyond session termination, capture by logging or telemetry systems, and inclusion in training or evaluation datasets.