Agentification
The path from a governed substrate to safe autonomy, a maturity ladder, an EU AI Act control map that cites real code, and governed-agent blueprints.
Maturity ladder
- 1
Governed substrate
implementedSourced, sensitivity-classified, auditable knowledge with access control.
Memory + governance core + audit
- 2
Governed retrieval & Q&A
implementedAsk questions; cited, confidence-flagged answers; every withholding logged.
Ask lens + MCP search
- 3
Assisted drafting
currentThe system drafts briefings/notes; a human always approves before use.
draft_briefing (human-in-loop)
- 4
Bounded governed agents
nextAgents act through the same governed tools, read + draft only, within explicit policy.
MCP tool layer (roadmap agents)
- 5
Supervised autonomy
futureAgents take reversible actions within policy, fully audited, with human override always available.
roadmap
EU AI Act control map
Each obligation mapped to a mechanism, and to the code that implements it.
Record-keeping & logging (AI Act Art. 12)
implementedAutomatic logging of events for traceability.
Append-only audit log records every governed access (role, action, returned/withheld ids) with a deterministic sequence.
src/talaia/governance/audit.py; tests/test_governance.py
Transparency & information (Art. 13)
implementedOutputs are interpretable and traceable to their basis.
Every claim carries a source_url + confidence flag; nothing reaches an output unsourced.
src/talaia/schema.py (Claim); tests/test_contracts.py
Human oversight (Art. 14)
implementedHumans can oversee and intervene; no unchecked autonomy.
Read + synthesize + one drafted action that returns a DRAFT for human approval; no autonomous execution.
src/talaia/intelligence/ask.py (draft_briefing)
Data & data governance (Art. 10)
implementedAccess to data is controlled and appropriate.
Four-level sensitivity classification + role clearance enforced structurally at retrieval; withholding above clearance.
src/talaia/governance/policy.py; tests/test_governance.py
Data minimisation & sovereignty (GDPR)
implementedMinimise data exposure; keep data within the perimeter.
Local-first, zero network egress at runtime; runs entirely on committed snapshots; docker compose in your perimeter.
docker-compose.yml; README.md
Technical documentation (Art. 11)
implementedDesign, methodology and limitations are documented.
DESIGN.md (architecture + methodology + limitations), README, and a test suite as executable spec.
DESIGN.md; README.md
Accuracy & robustness (Art. 15)
partialResilience to errors and adversarial manipulation.
Deterministic core (no wall clock / randomness) + adversarial tests proving prompt-injection cannot bypass governance.
tests/test_governance.py; tests/test_mcp_tools.py
Risk management system (Art. 9)
partialA continuous, documented risk-management process.
Classification + access policy + audit form the control base; a formal risk register is planned.
src/talaia/governance/
Conformity assessment (Art. 43)
roadmapFormal conformity assessment before high-risk deployment.
Out of scope for a prototype; the controls above are designed to make a future assessment tractable.
,
Governed-agent blueprints
Funding-Scout
roadmapSurface and rank relevant EU calls and suggest consortium partners.
Read-only; a human approves any application; every suggestion cited.
Deadline-Sentinel
roadmapTrack funding-call, decision and external-commitment deadlines across the substrate and flag the owner before anything slips.
Read-only; flags and reminds, never sends or commits; respects clearance.
Dissemination-Agent
roadmapDraft communications when a project hits a public milestone.
Never publishes without human approval; honours embargo (confidential) items.
Compliance-Monitor
roadmapWatch the audit trail and flag anomalies or over-clearance attempts.
Admin-only; read-only; flags for a human, never acts.