Guardrails & Accountability

Before you add a single guardrail you need a risk taxonomy. This topic teaches the two axes that matter — blast radius and reversibility — and shows how Microsoft's Responsible AI pattern (Discover → Protect → Govern) maps onto an action-by-action classification you can defend in a design review.

Autonomy is a dial, not a switch. This topic walks through the standard Suggest → Review → Auto-apply → Autonomous ladder, explains which guardrails are non-negotiable at each rung, and shows how to trade speed for Responsible AI controls without collapsing into either extreme.

Human-in-the-loop (HITL) is not free — every gate adds latency and review burden. This topic teaches the four signals that an action genuinely needs human judgment (rather than just more evals or better prompts) so you can place gates where they earn their keep.

Policies are useless if they live only in the prompt. This topic shows where to enforce them — at the agent's tool, network, and runtime boundary — so a violation is *blocked* rather than *reported after the fact*. You will learn to recognise the anti-patterns that make policies cosmetic.

An agent should hold the smallest set of permissions that lets it finish its job. This topic walks through how to scope identity, tool access, and data reach — using Foundry's per-agent Entra identity, GitHub Copilot's MCP and trusted-directory policies, and the classic read/write/admin ladder.

Irreversible actions — deletions, prod deploys, payments, public posts — need *explicit per-action* authorization, not standing approval. This topic teaches what 'explicit' actually means (intent stated, scope visible, decision logged) and how to design the authorization moment so it cannot be bypassed by a chatty agent.