This is your guide to working with AI agents inside the ADPA framework. ADPA uses a governance system called RPAS (Regulated Process Assurance System) that controls how AI agents behave when they help you write code, fix bugs, update configuration, or perform any other task.
The governance system exists for one reason:
To make sure AI never does anything you didnât explicitly ask for, approve, and understand.
AI agents are powerful but unpredictable. Without rules, they will:
Governance prevents all of this. It ensures that every change is:
Every interaction involves three parties:
| Party | Role | Analogy |
|---|---|---|
| You (the Human Operator) | The decisionâmaker. You approve, reject, or adjust everything. | The captain of the ship. |
| The Agent (AI) | The advisor and worker. It proposes changes and executes what you approve. | The first officer who recommends a course. |
| The Orchestrator (System) | The execution engine. It enforces the rules and applies the final changes. | The shipâs systems that carry out orders. |
The fundamental promise:
AI may help, but AI may not decide, change things silently, or assume what you want.
These terms appear throughout the governance system. You donât need to memorize them â refer back here whenever you encounter one.
| Term | Plain Language Meaning |
|---|---|
| Task | Any piece of work: fixing a bug, updating a file, adding a feature, cleaning up the repository. |
| Scope | The exact list of files the agent is allowed to touch for a given task. Nothing outside this list may be modified. |
| Advisory | The agentâs recommendation. It is never an action â it is always a suggestion that requires your approval. |
| Atomic | A single, indivisible change. One task = one change = one commit. No bundling. |
| Gate | An automated checkpoint that verifies the change didnât break anything. There are four gates, run in order. |
| CSR | Certified Stable Release â a version stamp that proves a change passed all gates and was approved. |
| Ritual | A governed step in the process. The word sounds formal, and itâs meant to â these steps are nonânegotiable. |
| Commit | Saving the change permanently to the codebase, with a message starting with SAFE (RPAS):. |
| Rollback | Undoing a change completely. This is normal and expected â it means the system is working correctly. |
| Preflight | The agentâs startup checklist. It loads the rules, identifies the task, and prepares its proposal before doing anything. |
| Escalation | When the agent encounters something unclear, it stops and asks you instead of guessing. |
| Classification | Labeling the task type (bugfix, cleanup, feature, etc.) so the correct validation rules apply. |
| Traceability | The ability to verify the origin, owner, decision, and system path for any artifact or execution. |
| Collision | When two actions, agents, or tiers attempt to modify the same scope or conflict semantically. |
| TAR-COL | Traceability, Authority, Responsibility & Collision-Prevention. The protocol for multi-agent coordination. |
| Diff | A side-by-side view of what the agent proposes to change â showing the old code and the new code. |
| Decision Point | A specific moment where the agent pauses and waits for your explicit instruction. There are five of these. |
You are the authority in this system. The agent cannot proceed without your sayâso. Here is everything the system will ask you to do:
â Confirm the task type â âIs this a bugfix, a cleanup, a feature?â
â Approve the scope â âYes, touch these files. No others.â
â Review and approve the proposed change â âThis diff looks correct. Apply it.â
â Resolve ambiguity â âWhat I meant wasâŚâ
â Respond to failures â âRoll it backâ or âLet me investigate.â
Thatâs it. Five types of decisions. The system guides you through each one.
â Write code yourself â unless you want to. The agent does the implementation.
â Understand every line of code â but you should understand what is changing and why. If you donât, ask the agent to explain.
â Respond immediately â the agent will wait for you. There is no timeout, no autoâapproval, no âassumed consent.â
â Know the governance rules by heart â the agent knows them and will follow them. Your job is just to make decisions when asked.
â Approve things you donât understand â this is the single most important rule. If something isnât clear, say âexplain thisâ and the agent will.
Working with a governed agent feels different from working with an ungoverned one. Hereâs what to expect and why.
The agent pauses at five specific points to ask for your decision. This is not hesitation â it is governance. The agent is required to stop and cannot continue without your response.
The agent is not allowed to guess. If your request is ambiguous (âclean up the backendâ), the agent will ask you to be more specific rather than interpreting your request on its own. This prevents the #1 cause of AIâgenerated errors: doing the wrong thing confidently.
Each task must be a single, atomic change. If you say âfix the bug and also refactor the module,â the agent will ask you to split that into two separate tasks. This ensures each change can be independently verified and rolled back if needed.
What seems obvious to you may not be obvious to the agent, and the agentâs interpretation of âobviousâ may be wrong. The governance system eliminates this risk by requiring every change â no matter how small â to go through the approval process.
When a validation check fails, the agent will recommend undoing the change entirely rather than trying to fix the fix. This sounds wasteful, but it prevents a common failure mode: stacking quick patches on top of each other until the codebase is in an unpredictable state.
Rollback is not failure. Rollback is governance working correctly.
During every task, the agent will pause at these five specific moments to ask for your decision. Not every task will hit all five â but you should know what to expect at each one.
When it happens: Right at the start, after you describe what you want.
What the agent shows you:
âIâve classified this as a Hygiene task (repository cleanup). The minimum validation checks required are Gate 1 and Gate 2.â
What you need to decide: Is this the right type of task?
Example responses:
When it happens: After classification, before the agent writes any code.
What the agent shows you:
âI will modify
.gitignoreto add build artifact exclusions. No other files will be touched.â
What you need to decide: Should the agent touch exactly these files?
Example responses:
When it happens: After the agent has drafted the exact change.
What the agent shows you: The precise lines being added, removed, or modified â usually in a âdiffâ format showing old vs. new.
What you need to decide: Should this exact change be applied?
Example responses:
bin/ to **/bin/ and then apply.âWhen it happens: Whenever the agent encounters something unclear â this can happen at any point.
What the agent shows you:
âYour request could mean one of three things:
- Update
.gitignoreonly- Update
.gitignoreand delete existing build folders- Restructure the entire build layout
Which did you mean?â
What you need to decide: Which interpretation is correct.
Example responses:
When it happens: After a change has been applied, if one of the automated validation checks fails.
What the agent shows you:
âGate 2 (Build) failed: the project no longer compiles. I recommend rolling back to the previous clean state.â
What you need to decide: Roll back or investigate?
Example responses:
Important: The agent will always recommend rollback. This is normal. Fixing a broken change by adding more changes on top often makes things worse. A clean rollback lets you restart from a knownâgood state.
Here is the full process from start to finish, in plain language:
1. You tell the agent what you want.
"Fix the ledger query that returns stale data."
2. The agent classifies the task.
"This is a Bugfix (TCL-FIX). Gates 1â4 apply."
3. YOU approve the classification. âââ Decision Point 1
"Correct."
4. The agent declares exactly what it will touch.
"File: lib/ledger-service.ts | Type: Modify"
5. YOU approve the scope. âââ Decision Point 2
"Approved."
6. The agent drafts the change and shows it to you.
(A diff showing old code â new code)
7. YOU approve, adjust, or reject the change. âââ Decision Point 3
"Apply it."
8. The agent applies the change to your codebase.
9. The agent runs automated validation gates:
Gate 1: Were only the declared files changed?
Gate 2: Does the project still build?
Gate 3: Does the system start up correctly?
Gate 4: Are governance rules still intact?
10. If all gates pass:
The agent commits with "SAFE (RPAS): Fix ledger query"
â
Done.
11. If a gate fails: âââ Decision Point 5
The agent recommends rollback.
You decide: roll back or investigate.
The entire process typically takes 5â15 minutes for a single task.
These are the seven rules that govern your behavior as an operator. Follow them and you will always stay in control.
If the agent shows you a change and youâre not sure what it does, say âexplain thisâ before approving. The agent will explain. This is not a delay â this is governance.
You can always ask the agent to explain its reasoning, show alternatives, or clarify terminology. The agent is designed to answer questions without charging ahead.
If you stop responding, the agent waits. It will never interpret your silence as approval. There is no timeout. There is no autoâcontinue.
There is no such thing as a âtrivialâ or âobviousâ change that skips the process. A oneâline comment change goes through the same ritual as a major feature. The process is fast for small changes, so this is not a bottleneck.
If you want multiple things done, describe them one at a time. The agent will ask you to split bundled requests. This sounds slow but actually prevents errors and makes rollback painless.
If the agent asks you to clarify, it means your request was open to interpretation. This is a feature, not a bug. The agent asking âwhich of these three things did you mean?â is vastly better than the agent silently picking option 2 and getting it wrong.
A governed agent will feel methodical and structured, not spontaneous. It will follow the same process every time. This consistency is the entire point â you can trust the process because it never varies.
This means the agent completed its preflight checks and needs you to confirm the task type before it can proceed. Just confirm or correct the classification it proposed.
Most likely your request combines multiple tasks (e.g., âfix the bug and also clean up the importsâ). Split it into two requests and the agent will handle each one.
The agent hit a decision point and is waiting for your response. Check its last message â itâs asking you a question.
A validation gate failed. This is normal and expected. Roll back, review what went wrong, and try again with a corrected approach. The agent will guide you through this.
If the agentâs change caused the failure: roll back. If the failure existed before the agentâs change: the agent will flag it during its preflight checks and ask how to proceed.
The agent repeats its scope declaration or classification when you provide a response that isnât clear enough to proceed. Try giving a more specific answer (e.g., âyes, proceedâ instead of âsureâ).
| Issue | Symptom | Fix |
|---|---|---|
| Aspire file locking | âMSB3026â or âMSB3027â errors during build | Kill all Adpa.AppHost.exe processes, clean bin/ and obj/, rebuild |
| Environment variables missing | âAI_PROVIDER not foundâ at startup | Ensure AppHost/Program.cs injects the variable; avoid static initialization |
| Class | When to Use | Example |
|---|---|---|
| Feature | Adding new capability | âAdd a new API endpointâ |
| Bugfix | Fixing incorrect behavior | âThe query returns wrong dataâ |
| Refactor | Restructuring without changing behavior | âConsolidate these two servicesâ |
| Hygiene | Repo cleanup, formatting, .gitignore | âAdd build artifacts to .gitignoreâ |
| Documentation | Docs, guides, ADRs | âWrite a deployment guideâ |
| Configuration | Build config, CI/CD, environment | âAdd Redis to the Aspire setupâ |
| Migration | Database changes | âAdd a new table for audit logsâ |
| Security | Auth, secrets, vulnerabilities | âRotate the API keysâ |
| Governance | Changes to the governance rules themselves | âAdd a new governance artifactâ |
| Dependency | Package updates | âUpdate Aspire SDK to 13.2.2â |
| DP | Agent Says | You Say |
|---|---|---|
| 1 | âTask classified as âŚâ | âCorrectâ or reclassify |
| 2 | âScope: these files, this reasonâ | âApprovedâ or adjust |
| 3 | Shows the diff | âApplyâ or âRejectâ or adjust |
| 4 | âIâm unsure about Xâ | Clarify or say âHoldâ |
| 5 | âGate failed. Recommend rollback.â | âRoll backâ or âLet me lookâ |
| Gate | What It Verifies |
|---|---|
| 1 â Mechanical | Only the declared files were changed. No surprise modifications. |
| 2 â Build | The project compiles without errors. |
| 3 â Orchestration | All services start up correctly. |
| 4 â Governance | The change didnât break any governance rules (append-only data, authority boundaries, etc.). |
If you observe any of these, the agent is not behaving correctly:
| Red Flag | What It Means |
|---|---|
| Agent modifies files without showing you first | Scope bypass â violation of G1 |
| Agent applies a change before you approve | Authorization bypass â violation of PREâ001 |
| Agent bundles multiple changes into one commit | Atomicity violation â violation of AEV |
| Agent says âthis is obviously safeâ and proceeds | Selfâinterpretation â violation of ESCâ001 |
| Agent fixes something you didnât ask about | Scope creep â violation of AEV + TCLâ001 |
| Agent continues after you stop responding | Silence treated as consent â violation of HILâ001 |
| ID | Name | What It Does | File |
|---|---|---|---|
GRAâ001 |
Governance Guardrails | The five rules (G1âG5) that govern all behavior | RPAS.md |
ENVâ001 |
Agent Envelope | Architecture, tier roles, and technology stack | GEMINI.md |
AEVâ001 |
Atomic Execution & Validation | The execution workflow and validation gates | CONTRIBUTING.md |
TCLâ001 |
Task Classification Layer | Taxonomy of all valid task types | RPAS-TCL.md |
PREâ001 |
Agent Preflight Ritual | The agentâs mandatory startup sequence | RPAS-PRE.md |
ESCâ001 |
Ambiguity Escalation Protocol | How the agent handles uncertainty | RPAS-ESC.md |
TARâCOL |
Traceability, Authority, Responsibility & CollisionâPrevention | Rituals for coordination and collision safety | RPAS-TAR-COL.md |
HILâ001 |
HumanâinâtheâLoop Protocol | Your decision points and valid responses | RPAS-HIL.md |
OPMâ001 |
Operator Manual (this document) | Plainâlanguage guide to everything above | RPAS-OPM.md |
| # | Name | In Plain Language |
|---|---|---|
| G1 | Authority Boundary | AI suggests. You decide. The system does. |
| G2 | Lifecycle Integrity | Every change follows the same steps, in order, with no shortcuts. |
| G3 | Evidence & Lineage | Everything is recorded. Nothing is deleted. You can always trace back. |
| G4 | Determinism | The same action always produces the same result. No surprises. |
| G5 | Read vs. Act | The dashboard shows information. Only the orchestrator makes changes. |
| You Must | You Must Not |
|---|---|
| Read the scope before approving | Approve what you donât understand |
| Respond explicitly (yes/no/adjust) | Give ambiguous or partial responses |
| Report unexpected agent behavior | Assume the agent is always right |
| Ask for explanations when needed | Rush through approvals |
| Treat every task as governed | Consider anything âtoo smallâ for governance |
| Field | Value |
|---|---|
| Artifact ID | RPASâCMâOPMâ001 |
| Version | v1.0.0 |
| Maturity | ADPA Baseline |
| Parent | RPASâCMâGRAâ001 v2.0.0 (CSRâ42) |
| Consolidates | GRAâ001, ENVâ001, AEVâ001, TCLâ001, PREâ001, ESCâ001, HILâ001 |
| Author | Agent (advisory) â awaiting human decision |
| CSR Epoch | Pending attestation |