ARCS-AGT: Agent Runtime

Purpose

ARCS-AGT defines the governance domain applicable to agent-mediated execution and runtime-generated record conditions. This family establishes requirements for records arising from autonomous or semi-autonomous processing, including execution context, tool invocation, intermediate artifacts, runtime decision surfaces, and other record-bearing conditions specific to agentic operation. Its purpose is to ensure that records produced through delegated computational action are governed as first-order record conditions rather than treated as incidental byproducts of application behavior.

Governance focus

• Execution context associated with agent-mediated action
• Record-bearing consequences of tool invocation and delegated processing
• Treatment of intermediate artifacts, runtime traces, and execution-linked outputs
• Distinction between user-originated input, runtime transformation, and agent-generated artifact
• Governance significance of autonomous or semi-autonomous execution state

Boundary

ARCS-AGT applies wherever agent-mediated execution creates, transforms, carries forward, or materially conditions interaction records within the governed environment. It governs runtime-specific record conditions that arise from delegated computational action, including where those conditions are not fully captured by ordinary user-input or static application-state models. This family applies when execution flow, runtime context, or agent-linked artifact formation bears on lifecycle, custody, verification, or other governance treatment.

Agent runtime artifact taxonomy

The following artifact classes are defined for purposes of ARCS-AGT controls. Operators must classify all agent runtime artifacts into one or more of these classes.

Planning trace. The agent's representation of its intended execution path, including task decomposition, step ordering, alternative approaches considered, and reasoning about which path to pursue. Planning traces are deliberative records and SHALL be classified as ephemeral by default.

Tool call artifact. Any record created by or resulting from the agent's invocation of an external tool. Tool call metadata (tool name, timestamp, completion status, latency, error codes) is operational telemetry. Tool call content (arguments passed, responses received, content derived from operator prompts) is deliberative. These components SHALL be governed separately.

Intermediate result. The output of any step in a multi-step workflow that is not the final deliverable. Intermediate results are deliberative records and SHALL be classified as ephemeral unless the operator designates a specific output as a retained deliverable.

Execution trace. The sequence of steps, decisions, tool invocations, and state transitions executed during a session. Structural metadata is operational telemetry. Reasoning content is deliberative. These components SHALL be governed separately.

Error recovery artifact. Any record generated when the agent encounters a failure condition and adapts its execution. Error recovery artifacts are deliberative records. Error metadata (error codes, retry counts, affected tool) is operational telemetry and may be retained separately.

Session state artifact. Any record used to maintain continuity within a single agent session. Session state artifacts are ephemeral and SHALL not persist beyond session termination.

Security-sensitive tool output. Tool output whose content is operationally sensitive independent of its deliberative character. Requires decomposition: the final deliverable is persistent, deliberative intermediates are ephemeral, operational telemetry is retainable.

The corresponding control statements for this family are maintained in the Controls catalog.