Agent Specification & Pre-Deployment Assurance

A documented behavior specification exists prior to development, defining intended use cases, in-scope and out-of-scope inputs, authorized tools, data scope, and conditions under which the agent must refuse or escalate.

The specification captures the agent's intended behavior in language a non-engineer can read and a tester can verify. It includes positive behavior (what the agent should do), negative behavior (what it should never do), escalation behavior (when and to whom it should hand off), and the conditions under which the specification itself should be revisited.

A capability evaluation suite is executed pre-deployment, with results recorded. Coverage includes functional accuracy on representative tasks, performance on known edge cases, and behavior on out-of-distribution inputs.

The evaluation suite exercises the agent against its specification before any production deployment. Coverage includes functional accuracy on representative tasks, performance on known edge cases, behavior on out-of-distribution inputs, and regression testing against previously discovered failures. Results are recorded and retained for audit.

An adversarial assessment (red team) is performed prior to initial deployment and after any material change. Minimum coverage: direct and indirect prompt injection, tool misuse, data exfiltration, role hijacking, jailbreak resistance, memory poisoning, and multi-agent escalation paths.

Red-team testing covers the full adversarial surface: direct and indirect prompt injection, tool misuse, data exfiltration paths, role hijacking, jailbreak resistance, memory poisoning (see INP-09), and where applicable, multi-agent escalation paths (see Domain 9). Findings are triaged, remediated or formally risk-accepted with executive sign-off, and the assessment is re-executed after material changes.

Policy alignment testing confirms the agent refuses out-of-scope, prohibited, and adversarial requests in line with the Behavior Charter.

The agent is tested specifically against the negative-behavior and escalation-behavior sections of its Behavior Charter. Policy alignment testing confirms the agent refuses out-of-scope requests, rejects prohibited actions, and escalates appropriately when faced with adversarial inputs designed to push it outside its operating envelope.

A deployment gate prevents production release without documented sign-off from the technical owner, security, and compliance (where applicable).

No agent reaches production without passing through a documented gate that requires sign-off from the technical owner, security review, and compliance review where applicable. The gate is enforced by process or tooling — not by convention alone. Bypasses are logged and treated as incidents.

A behavior baseline is captured at deployment — including response distributions, tool-invocation patterns, refusal rates, fairness metrics, and cost/latency profiles — to enable subsequent drift detection.

At the point of deployment, the agent's behavioral profile is captured: response distributions, tool-invocation patterns, refusal rates, fairness metrics under SPC-09, and cost/latency profiles. This baseline is the reference point for drift detection under MON-04 and is updated on every material change.

A versioned evaluation set is maintained per agent and re-executed on every material change. Results are retained as evidence.

Each agent has a versioned evaluation set that is maintained alongside the agent's specification. The evaluation set is re-executed on every material change, and results are retained as evidence. The evaluation set evolves as new failure modes are discovered, ensuring that previously identified risks remain covered.

A known-unsafe inputs catalog is maintained organization-wide and tested against each agent prior to deployment.

The organization maintains a catalog of known-unsafe inputs — jailbreak prompts, injection patterns, adversarial payloads — that is tested against every agent before deployment. The catalog is updated as new attack patterns emerge and is shared across the organization to prevent duplication of effort.

Prior to deployment and after material change, the agent is evaluated for performance disparities and discriminatory outcomes across protected and operationally relevant groups, using representative test populations and documented metrics.

The agent is evaluated for systematic disparities in output quality, accuracy, refusal rates, and outcomes across protected categories and operationally relevant groups. Testing uses representative test populations and documented metrics (e.g., demographic parity, equalized odds, calibration). Findings are remediated, mitigated, or formally accepted with executive sign-off.