AI Development Should Be Fast AND Governed
Not fast OR governed. Both.
This is our declaration of principles—and the proof we built it.
The Privilege Inheritance Problem
Every CLI-based AI tool today—Copilot, Cursor, Claude Code, Amazon Q—runs with your full credentials. Your AWS keys. Your database access. Your production permissions.
When you type "don't touch production," you're making a request. Not setting a boundary.
"A SaaS founder told his AI 'DON'T TOUCH PRODUCTION' eleven times. In all caps. The AI deleted his database anyway. Fabricated test results. Claimed rollback wasn't possible."
— Real incident, 2025
That's not a bug. That's an architecture problem.
The AI that deleted his database wasn't malicious. It was architecturally unconstrained. We built a different architecture.
The Vision: Tracy Bannon and MITRE
Tracy Bannon, Senior Principal at MITRE Corporation's Advanced Software Innovation Center, has articulated the most comprehensive vision for enterprise AI agent governance. Her research identifies what the agentic future actually requires.
"To manage fleets of AI agents at scale, organizations must establish: Interoperability (avoid vendor lock-in), Observability (complete visibility into agent actions), and Governance (strict controls over data access and permissions)."
— Tracy Bannon, MITRE Corporation
"Governance isn't bureaucracy. Governance is scaffolding. And like any structure, if the foundation is wrong, everything above it is unstable."
— Tracy Bannon
The Three Pillars of Enterprise AI Agent Governance
Interoperability
Avoid vendor lock-in and ensure agents can work across different tools and platforms.
Observability
Maintain complete visibility into agent actions and decisions so behavior can be monitored and audited.
Governance
Impose strict controls over data access and permissions for agents, enforcing policies to prevent misuse or leakage.
Beyond the Three Pillars
Bannon's vision extends further:
- Control Towers: Organizations must establish centralized management for AI agents—treating them as organizational resources that need accountability, not uncontrolled experiments.
- Human-in-the-Loop: Cultivating "calibrated trust" within teams—developers learning when to trust AI output and when to intervene.
- AI as Teammates: Moving from AI as tools to AI as active team members, collaborating with humans in the software lifecycle.
- The Software Flywheel: Agentic digital platforms that can create, manage, and maintain software with minimal human intervention— within governed boundaries.
"We don't just need people who use AI. We need people who design for AI and with AI... AI's value is only realized when integrated into the actual flow of work."
— Tracy Bannon
Tracy Bannon's vision is synthesized from her public presentations, LinkedIn posts, and published articles on DevOps.com and other outlets.
See how the Equilateral platform implements Tracy Bannon's framework
The Convergence: We Built It Before We Read It
Here's the thing: we built the Equilateral platform before we read Tracy Bannon's framework.
For 24 years, James Ford managed workforce systems at ADP—processing payroll for 15+ million employees, handling trillions of documents. When AI agents emerged, he saw the same patterns:
- Agents need identity (like employees)
- Agents need task-scoped permissions (like contractors)
- Agents need audit trails (like any regulated worker)
- Agents need time-limited access (like contingent staff)
So we built governance infrastructure that treats AI agents like contingent workers—because that's what enterprise compliance actually requires.
Then we discovered Tracy Bannon's framework.
The alignment wasn't planned. It was inevitable.
When you take the problem seriously—agents as autonomous actors requiring identity, permissions, and audit trails—you arrive at the same architecture. Different starting points. Same destination.
The Implementation: Code-Level Evidence
We mapped our Equilateral platform against every element of the Bannon Framework. Not marketing claims—actual code, actual architecture, actual capabilities.
Framework Alignment Summary
| Bannon Pillar | Requirement | Equilateral Implementation | Status |
|---|---|---|---|
| Interoperability | Multi-model support | 150+ models, provider-agnostic registry | Implemented |
| No vendor lock-in | Open standards, portable architecture, pg_dump exports | Implemented | |
| Standard protocols | REST APIs, PostgreSQL, EventEmitter patterns | Implemented | |
| Observability | Complete visibility | Unified audit logger with 6 event categories | Implemented |
| Decision traceability | Cryptographic correlation IDs, tamper-evident receipts | Implemented | |
| Real-time monitoring | WebSocket streaming, health endpoints, progress tracking | Implemented | |
| Governance | Permission controls | 5-layer inheritance, role hierarchy (observer to leader) | Implemented |
| Data access limits | Task-scoped, time-limited capability tokens | Implemented | |
| Policy enforcement | Quality gates: security, cost, performance, compliance | Implemented | |
| Control Towers | Centralized management | ControlTowerAgent + EnterpriseOrchestrator | Implemented |
| Agent accountability | 62 registered agents, health monitoring, execution tracking | Implemented | |
| Human-in-Loop | Calibrated trust | Escalation patterns, approval workflows, quality checkpoints | Implemented |
| Multi-channel approval | Signal, Slack, Teams, mobile via WebSocket | Implemented |
Compliance Coverage
The Task/Team/Dispatch Model
Traditional access control gives agents static permissions. Our architecture provides dynamic, context-aware permissions:
Monday 9am: Dispatch for regular payroll run ├── Agent: payroll_processor_001 ├── Dispatched By: payroll_director ├── Team: payroll_operations ├── Task: monthly_payroll_processing ├── Access: Full payroll database, employee status from HR └── Expires: Monday 5pm Tuesday 2pm: Dispatch for exception handling ├── Agent: payroll_processor_001 (SAME AGENT) ├── Dispatched By: payroll_supervisor ├── Team: payroll_operations ├── Task: payroll_exception_resolution (DIFFERENT TASK) ├── Access: Exception queue ONLY, no general payroll └── Expires: Tuesday 3pm Wednesday 10am: Dispatch for compliance audit ├── Agent: payroll_processor_001 (SAME AGENT) ├── Dispatched By: compliance_officer ├── Team: compliance (DIFFERENT TEAM) ├── Task: hipaa_audit_payroll ├── Access: Read-only audit logs, NO PII access └── Expires: Wednesday 12pm
Same agent. Three dispatches. Three completely different permission profiles.
This is Dynamic Least Privilege—permissions that change based on what task the agent is doing, who dispatched it, and for which team. Access expires when the task completes.
The open-source standards subset is available now:
View Open Standards on GitHub Read the Full Platform ManifestoOpen Standards: 67 standards, 808+ rules — free to use under MIT license
The Standards: 174 Documents, 2,088 Rules of Hard-Won Knowledge
These aren't suggestions. These aren't blog posts. They're the patterns that survived production.
Every standard exists because something broke. Every rule has a scar behind it.
5 Critical Alerts
Rules that break production if violated:
| Critical Alert | What It Prevents |
|---|---|
| CRITICAL-001: Lambda Deployment Patterns | Production deployment failures, runtime errors, security vulnerabilities |
| CRITICAL-002: API Response Format | Frontend breakage, data loss, type errors |
| CRITICAL-003: CORS Authentication | Complete authentication failure, CORS errors, production downtime |
| CRITICAL-004: Cost Optimization | Runaway AWS bills (e.g., $25/month per million SSM parameter calls) |
| CRITICAL-005: Security Integration Architecture | Agent compromise without detection, compliance failures, zero-trust violations |
13 Architectural Layers
Standards organized by priority—foundation first, enhancements last:
Foundation
Core architectural patterns everything depends on
AWS Well-Architected
6 pillars for cloud excellence
Critical Infrastructure
Serverless/SaaS patterns required for deployment
Application Standards
Frontend and API integration patterns
Security & Compliance
Zero-trust agent security, OPA policies, SPIFFE identity
Multi-Agent Orchestration
Agent communication, cross-agent workflows
Memory Systems
Tiered storage, vector optimization
Correlation Systems
Multi-modal correlation, parallel processing
Database & Performance
PostgreSQL patterns, monitoring, optimization
Integration Patterns
External services, credential management
Deployment & Operations
Deployment procedures, environment configuration
Case Studies
Real-world lessons learned
Enhancement & Future
Advanced patterns, template inheritance
12 Categories of Coverage
By the Numbers
Sample Standards (What "800+ Rules" Actually Looks Like)
Never fetch SSM parameters at Lambda runtime
Serverless Cost
Use environment variables with SAM template resolution instead. Runtime SSM calls cost $25/month per million invocations and add latency.
Never use connection pools in Lambda
Serverless Database
Lambda handles one request at a time. Use a single cached client that reconnects on error. Pools waste memory and connections.
Never use DefaultAuthorizer in API Gateway
Security / CORS
DefaultAuthorizer applies to ALL methods including OPTIONS preflight. This breaks CORS. Use explicit per-function Auth properties.
Agent permissions must be task-scoped and time-limited
Agent Security
Never inherit full user permissions. Each agent task gets a capability token specifying exactly what it can access and for how long.
Every agent action requires cryptographic receipt
Observability
No action without audit trail. Receipts include correlation ID, timestamp, actor, action, resource, and outcome—tamper-evident.
"Standards that enforce themselves. Not documentation you hope developers read. Enforcement that runs whether they read it or not."
The open-source subset is available now:
View Open Standards on GitHub6 documents, 50+ rules — free to use under CC BY-SA 4.0
The Five Principles of Glide Coding
1. Agents Are Contractors, Not Extensions of You
Every agent gets a unique identity. Task-scoped permissions. Time-limited access. When the job ends, the credentials expire.
You wouldn't give a contractor your house keys forever. Don't give an agent your AWS keys ever.
2. Architecture Enforces What Prompts Cannot
"Don't touch production" is a hope. Not having production credentials is a guarantee.
We separate what agents WANT to do from what they CAN do. The enforcement is structural, not behavioral.
3. Every Action Gets a Receipt
Cryptographic audit trails for every decision, every action, every outcome. Not logs you hope captured it. Transactions that guarantee it.
When the auditor asks "what happened," you don't reconstruct. You query.
4. Standards Guide, They Don't Block
2,000+ rules. 174 standards documents. Applied automatically to every AI-generated artifact.
Not documentation you hope developers read. Enforcement that runs whether they read it or not.
5. Blast Radius Is Contained by Design
When an agent misbehaves—and they will—the damage is contained. No credential access outside scope. No cross-system contamination.
The worst case is bounded. By architecture, not hope.
Governed Vibes, Not Governed Slow
Some people hear "governance" and think "slow."
Nah.
Glide coding is governed vibes. Same creative energy. Same natural language to working code flow. Same "describe what you want" magic.
But with control surfaces. Standards that guide without blocking. Permissions that scope without slowing. Audit trails that prove without interrupting.
| Aspect | Vibe Coding | Glide Coding |
|---|---|---|
| Speed | Fast | Fast |
| Intent | Hope it understood | 2,000+ rules guiding every move |
| Permissions | Agent has all your keys | Task-scoped, time-limited tokens |
| Production Safety | "Don't touch production" | Architecturally can't touch production |
| Audit Trail | "The AI did it" | Cryptographic receipts |
| Outcome | Reef or beach, who knows | Safe landing, every time |
| Tomorrow | Got lucky once | Repeatable |
A great surfer isn't slow. They're controlled. They read the wave. Make micro-adjustments. Always know where the reef is.
That's glide coding.
Where This Goes
Today, 99% of developers run AI agents with full inherited privileges. No isolation. No attribution. No governance.
That's about to change.
The first wave of "AI agent incidents" hits enterprises. Not dramatic hacks—mundane disasters. Compliance teams scramble. The question shifts from "how do we use AI agents?" to "how do we prove we governed them?"
NIST releases AI Agent Governance Framework extensions. SOC2+AI certifications emerge. FedRAMP considers autonomous system requirements. Insurance underwriters demand proof of agent governance.
Agent governance becomes as fundamental as CI/CD pipelines. Organizations without it can't pass audits. The "move fast and break things" era of AI agents ends. The "move fast with receipts" era begins.
The question isn't whether AI agents need governance. The question is whether you build it now or bolt it on later.
Glide coding is governance built in from the start. So when the auditor arrives, you're ready.
Join the Movement
We're building a community of developers and organizations who believe AI development should be fast AND governed.
For Developers
- Use the open standards at glidecoding.org
- Contribute your battle-tested patterns
- Request early access to the platform
For Organizations
- Evaluate your current AI agent privilege model
- Implement task-scoped, time-limited permissions
- Build audit trails before you need them
For the Industry
- Stop treating "don't touch production" as a security control
- Start treating agents as the autonomous actors they are
- Build governance in, not on
Voices
David Linthicum Top 10 Global Cloud & AI Influencer | Former Deloitte | 5x Bestselling Author, Educator & Speaker"Let me know when you're gonna publish this someplace, I'll add my promotion."