Skip to content
← Blog
Company

How We Shipped Agent Identity, EU AI Act Compliance, and Tool Approval Gates in a Single Day

JieGou shipped 6,098 lines of governance code in one commit: agent identity with scoped RBAC, EU AI Act compliance mapping for 10 articles, and admin-controlled tool approval gates. Here's what we built and why speed matters in the governance arms race.

JT
JieGou Team · · 4 min read

The Governance Arms Race Is Real

Microsoft merged AutoGen and Semantic Kernel into a unified Agent Framework. OpenAI Frontier is shipping per-agent identity to enterprise customers. Anthropic launched self-serve Enterprise plans and an Agent Skills directory. Google Vertex AI has Agent Identity in preview.

Every major platform is investing in AI governance. The question is no longer whether governance matters. It is who ships it fastest.

6,098 Lines in One Commit

On March 5, 2026, we shipped the largest governance release in JieGou’s history. Four features, 6,098 lines of production code, in a single commit:

Agent Identity with Scoped RBAC (~1,400 lines)

Every chat agent and workflow now has its own identity. Not the identity of the human who created it, but a scoped permission profile that limits what the agent can access and do.

  • Per-agent permissions from a deliberately minimal set (content:read, content:run, chat:use, etc.)
  • Department scoping that restricts agents to specific departments
  • Per-agent rate limits independent of user rate limits (requests per minute, tokens per hour, concurrent requests)
  • Audit context propagation through the entire execution pipeline

When an agent sends a LINE message or invokes an MCP tool, the audit trail shows which agent did it, not just which human created the agent. This closes a fundamental governance gap: attribution.

Auto-provisioning means every new chat agent gets a sensible default identity. No manual configuration required.

EU AI Act Compliance Engine (~720 lines)

The EU AI Act reaches general application on August 2, 2026 — five months from now. We shipped a compliance engine that maps 10 articles (Art. 9-17, 52) to JieGou’s existing features:

  • Risk-level classification (unacceptable, high, limited, minimal) for every workflow and chat agent
  • Article-by-article mapping showing which JieGou feature satisfies each requirement
  • Compliance checks that evaluate an account’s readiness across all 10 articles
  • Evidence generation for regulatory documentation

No competitor has shipped a dedicated EU AI Act compliance engine. This is first-to-market for the AI automation category.

Tool Approval Gates (~340 lines)

Admin-controlled per-tool approval workflows. When a workflow invokes a flagged MCP tool, execution pauses, an approval request is created showing the tool name and input parameters, and an approver decides before the tool executes.

This extends our governance from 9 to 10 layers. It is more enterprise-grade than n8n’s tool-level HITL because it is admin-controlled organizational policy, not user-controlled individual preference.

Governance Readiness Assessment (~700 lines)

A self-serve scoring tool that evaluates an account’s governance maturity across all layers. Each layer gets a 0-10 score based on actual account configuration and usage. The overall grade comes with actionable recommendations linking to the relevant settings.

Why Speed Matters

Microsoft, OpenAI, and Anthropic operate on quarterly planning cycles with thousands of engineers. Their governance features will improve over time. But their pace is measured in quarters.

We identified three governance gaps on Tuesday and shipped production code on Wednesday. This is not about being reckless. Every feature has types, tests, and passes the full quality gate. It is about operational tempo.

In the governance arms race, depth compounds faster than breadth. Each new layer builds on the existing stack. Agent identity integrates with tool approval gates. The EU AI Act engine references existing audit logging and PII detection. The governance assessment scores all 10 layers together.

The 10-Layer Stack

After this release, JieGou’s governance stack has 10 layers:

  1. Role-based access control (6 roles, 24 permissions)
  2. Agent identity with scoped permissions
  3. Audit logging (280+ action types)
  4. PII detection + reversible tokenization
  5. Graduated Autonomy (4 levels)
  6. Tool approval gates
  7. Data residency controls
  8. Envelope key encryption (AES-256-GCM)
  9. Compliance dashboard + SOC 2
  10. EU AI Act compliance engine
  11. Governance readiness assessment

No competitor has this depth. Not yet. But they are building. The advantage is not just what we have shipped. It is how fast we can ship the next layer.

While others plan quarterly, we ship daily.

Explore the governance stack | See the EU AI Act engine

governance agent-identity eu-ai-act tool-approval velocity

Explore more

📖 What is AI Governance? ⚙️ Governance Score ⚙️ Why JieGou?
Share this article

Related articles

LangSmith Fleet Is Here. Here's What It Means for Department Teams.

LangChain launched Fleet for agent governance. It's built for developers managing LangGraph agents. Department teams need something different.

Make Shipped AI Agents. Here's What They're Missing.

Make's visual AI Agents and Maia NL interface are impressive. But autonomous agents without governance create risk. Here's the gap.

Connected Systems Beat Isolated Tasks — And Zapier's Own Data Proves It

Zapier's internal AI hackathon proved what department teams already know: isolated automations aren't enough. Here's what connected AI systems look like.

Enjoyed this post?

Get workflow tips, product updates, and automation guides in your inbox.

No spam. Unsubscribe anytime.

← Back to all posts