The Enterprise Control Plane; Execution Admissibility Architecture; AI-Ready Enterprise Semantics; The Semantic Contract Surface; Architecture of Record; Assurance; Patterns
From AI Features to Governed Runtime Actors
Accepted Agent Architecture β Agent Control Contract β Conformant Operational Agent Runtime
From AI Features to Governed Runtime Actors
How enterprise agents become accountable participants in closed-loop operational systems
Arqua Architecture Paper
Version 1.0 | July 2026
Mark Tovey, Arqua Pty Ltd
Agents are not merely AI features. In enterprise settings, agents become governed runtime actors.
No agent without identity. No action without authority. No authority without scope. No scope without enforcement. No enforcement without evidence. No evidence without lifecycle control. No lifecycle control without offboarding.
Download the architecture paper
Title: Agent Architecture and the Enterprise Control Plane
Subtitle: From AI Features to Governed Runtime Actors
Paper type: Arqua Architecture Paper
Version/date: Version 1.0 | July 2026
Download PDF: PDF forthcoming
Companion guide: Agent Control Plane Reference Guide
CTA: Request a Briefing
Suggested citation
Tovey, M. Agent Architecture and the Enterprise Control Plane: From AI Features to Governed Runtime Actors. Arqua Architecture Paper, Version 1.0, July 2026.
Category statement
Agent architecture is one of the clearest applied cases of the Enterprise Control Plane.
The Enterprise Control Plane preserves institutional continuity as accepted architecture becomes implementation, AI-mediated execution, decision, action, consequence and revision.
Agent architecture applies that control-plane pattern to AI agents.
Its governing transformation is:
Accepted Agent Architecture
β
Agent Control Contract
β
Conformant Operational Agent RuntimeThe central claim of this paper is:
An enterprise agent is a governed runtime actor whose identity, authority source, delegation boundary, permitted use, lifecycle and reconstructability must be explicit.
The relevant architectural threshold is not whether a system contains an AI model.
The relevant question is whether the system can exercise task-level discretion inside an enterprise authority boundary.
Once an AI-enabled system can retrieve governed context, interpret intent, select tools, shape recommendations, coordinate workflow or influence operational consequence, it must be governed as a runtime actor.
Abstract
Enterprise AI agents are often introduced as productivity tools, copilots, assistants or workflow accelerators. This framing is useful but incomplete.
The relevant architectural question is not whether a system contains an AI model. The relevant question is whether it can exercise task-level discretion inside an enterprise authority boundary.
Once an AI-enabled system can combine context, interpret intent, retrieve governed information, select tools, call APIs, generate recommendations, coordinate workflows, support decisions or trigger action, it becomes a governed runtime actor.
That actor must operate inside the Enterprise Control Plane.
Agent architecture applies the Enterprise Control Plane to AI runtime actors. It preserves identity, authority, permitted use, provenance, lineage, conformance, accountability, lifecycle control and reconstructability as accepted agent architecture becomes operational agent runtime.
This paper defines the Agent Control Plane as the applied control architecture that governs enterprise agents through registry, identity, ownership, delegation, authority, permitted-use control, runtime enforcement, Responsible AI approval, observability, evals, monitoring, security, cost control, lifecycle management and offboarding.
Its governing transformation is: Accepted Agent Architecture β Agent Control Contract β Conformant Operational Agent Runtime.
The core operating principle is: Agents must operate inside the Enterprise Control Plane, not outside it.
Executive summary
Enterprise agents change the architecture problem.
Traditional systems expose capabilities through applications, APIs, dashboards, workflows and services. Agents are different. They can retrieve, interpret, reason, select tools, recommend, coordinate, monitor and influence action.
The question is no longer only whether the system uses AI. The question is whether it can exercise task-level discretion inside an enterprise authority boundary.
When it can, it must be governed as a runtime actor.
That creates the defining control question: When an agent acts, whose authority is it exercising?
An agent has no independent institutional authority of its own. It only exercises authority that has been delegated, configured, approved or derived from a worker, role, process, policy, governance body or execution permission.
Agents are accountable objects, not accountable parties. Accountability remains with the institution, owner, worker, role, process or approving authority.
The Agent Control Plane exists because enterprises need to prove not only that an agent worked, but that it operated legitimately.
Key concepts
- Enterprise Agent
- Agentic Threshold
- Agent Control Plane
- Accepted Agent Architecture
- Agent Control Contract
- Effective Actor
- Agent Run Record
- Ghost Agent
- Authority Laundering
Table of contents
- Why agents change the architecture problem
- The agentic threshold
- The governing transformation and object model
- The authority question and effective actor
- The Agent Control Plane
- The Agent Control Contract and runtime enforcement
- Observability, evidence and reconstructability
- Lifecycle control and ghost agents
- Cross-domain, multi-agent, vendor and execution risks
- Minimum viable Agent Control Plane
- Boundary statement
- Conclusion
Full paper
1. Why agents change the architecture problem
Traditional enterprise systems usually expose capabilities through applications, APIs, dashboards, workflows or services.
Agents are different. They can retrieve information, interpret instructions, combine context, select tools, invoke APIs, generate claims, recommend action, draft decisions, coordinate workflows, monitor outcomes, learn from feedback and influence operational consequence.
This means agents do not simply consume enterprise systems. They may become active participants in enterprise operation.
The enterprise cannot govern agents as if they were ordinary software features. It must govern them as runtime actors.
When an agent acts, whose authority is it exercising?
2. The agentic threshold
Not every AI-enabled feature is an enterprise agent. The relevant threshold is not whether a system uses a model. The relevant threshold is whether the system can exercise task-level discretion inside an enterprise authority boundary.
AI feature β assistant β delegated agent β process participant β execution actorEach step increases the control burden. The question is no longer only: Is the agent useful? The question becomes: Is the agent legitimate, authorised, constrained, monitored, accountable and reconstructable?
3. The governing transformation and object model
Accepted Agent Architecture
β
Agent Control Contract
β
Conformant Operational Agent RuntimeArchitecture approval is not runtime legitimacy.
A registry records legitimacy. A contract enforces legitimacy. A run record proves what happened. An evidence bundle supports reconstruction. Lifecycle state determines whether the agent may still exist.
4. The authority question and effective actor
An agent has no independent institutional authority of its own. It only exercises authority that has been delegated, configured, approved or derived from a worker, role, process, policy, governance body or execution permission.
The agent may be a runtime actor for architectural control purposes, but it is not the accountable institutional party. Agents are accountable objects, not accountable parties.
effective_actor = agent_id + contract_version + initiating_context + authority_context + purpose + task + environment + lifecycle_stateAccess is not permitted use.
Delegation is not unlimited authority.
Agent output is not institutional meaning.
Recommendation is not decision.
Decision is not execution.
Execution requires admissibility.5. The Agent Control Plane
The Agent Control Plane is the applied control architecture that ensures agents are registered, authorised, constrained, enforced, observed, evaluated, monitored, cost-controlled, reviewed and offboarded.
It is not a single product. It is not only an AI governance workflow, registry, observability layer, access-control product or model registry. It coordinates all of these into a continuity-preserving control fabric.
The Agent Control Plane applies regardless of where the agent is hosted. An agent does not escape governance because it is embedded in a SaaS product, packaged as a copilot, configured by a user, exposed through a workflow tool or supplied by a vendor.
6. The Agent Control Contract and runtime enforcement
An Agent Control Contract is the versioned, machine-readable and enforceable expression of accepted agent architecture. It binds a deployed runtime to approved identity, purpose, authority, data, tools, memory, monitoring, cost, evidence and lifecycle controls.
Not every control-plane obligation must block runtime behaviour. But every material obligation must either enforce, escalate, evidence or correct.
A registry without enforcement becomes inventory. Enforcement without evidence becomes opacity. Evidence without lifecycle control becomes retained risk.
7. Observability, evidence and reconstructability
Agent monitoring requires more than traditional application performance monitoring. Agent observability asks what the agent received, retrieved, called, generated, triggered, cost and influenced.
Every material agent run should produce an Agent Run Record. For high-consequence use, the run record becomes part of the evidence basis for decision reconstructability.
Reconstructability does not always mean exact replay. The control objective is to preserve enough evidence to explain what happened, test whether the agent conformed to accepted architecture and understand what consequence it influenced.
Agent evidence should be sufficient for assurance, but governed as sensitive enterprise evidence.
8. Lifecycle control and ghost agents
Agent lifecycle state must be explicit and enforceable. A suspended or retired agent must not be callable merely because its endpoint still exists.
No agent should survive the authority from which it derives legitimacy unless that authority is explicitly renewed, transferred or reapproved.
A ghost agent is an agent that continues operating after its worker, role, project, process or approval basis has ended. Ghost agents are the AI-era equivalent of orphaned service accounts, but potentially more dangerous because they can reason, retrieve, recommend, coordinate and act.
9. Cross-domain, multi-agent, vendor and execution risks
A cross-domain agent is an institutional interface. It does not merely answer across domains. It carries meaning, policy, provenance and authority across boundaries.
Multi-agent systems create a delegation-chain problem. The Agent Control Plane must preserve the chain of authority, not merely the final output.
Agent-to-agent delegation must not create authority that neither agent independently possesses.
Vendor and embedded agents must be governed by capability and authority, not by hosting model.
Execution agents require the strongest controls. Recommendation is not decision. Decision is not execution. Execution requires admissibility at the point consequence binds.
10. Minimum viable Agent Control Plane
The minimum viable Agent Control Plane is the smallest useful control model for one material agent or agent-enabled flow. It is not a platform procurement exercise. It is a legitimacy proof for an enterprise runtime actor.
The minimum evidence set includes agent registry record, ownership, authority source, approved scope, permitted data, Agent Control Contract, model and prompt versions, monitoring, evals, cost attribution, human review, offboarding trigger and reconstructability evidence.
11. Boundary statement
The Agent Control Plane connects several architecture and governance concerns but does not replace them.
- It does not replace the Enterprise Control Plane. It is an applied instance of it.
- It does not replace Responsible AI governance. It operationalises Responsible AI conditions at agent runtime.
- It does not replace identity governance. It extends identity governance to AI runtime actors.
- It does not replace data governance. It preserves permitted use, lineage and provenance through agent retrieval and output.
- It does not replace security monitoring. It gives security monitoring agent identity, tool use, authority and behavioural context.
- It does not replace observability. It turns traces, evals and run history into conformance and reconstructability evidence.
- It does not replace cost management. It makes agent cost attributable to agent identity, purpose, process and owner.
- It does not replace execution admissibility. Execution admissibility evaluates whether a proposed action may bind at the point of consequence.
12. Conclusion
Agent architecture is not separate from the Enterprise Control Plane. It is one of its most important applied cases.
As enterprises move from AI experimentation toward closed-loop operational orchestration, agents will increasingly sit between representation and action. They will retrieve evidence, interpret context, recommend decisions, coordinate workflows, trigger tasks and generate feedback.
The final principle is: An enterprise agent must never be treated as an unowned technical component. It is a governed runtime actor whose identity, authority source, delegation boundary, permitted use, lifecycle and offboarding path must be explicit.
If the enterprise cannot prove, for each material agent run, that the agent was registered, authorised, operating within approved purpose, using permitted data and tools, constrained by applicable policy, monitored at runtime, within lifecycle and reconstructable after the fact, the enterprise does not yet have an Agent Control Plane. It has agent activity with partial governance around it.
Related Arqua pages
- Architecture Papers
- The Enterprise Control Plane
- Enterprise Intelligence Architecture
- Execution Admissibility Architecture
- AI-Ready Enterprise Semantics
- The Semantic Contract Surface
- Architecture of Record
- Assurance
- Patterns
- Agent Control Plane Reference Guide
Use this paper to start a conversation
Start with one agent. Identify whether it is personal productivity, worker-delegated, role-delegated, process-owned, cross-domain or execution-authorised. Then define the control surfaces required to preserve identity, authority source, effective actor, delegation boundary, approved purpose, permitted use, tool access, runtime enforcement, observability, evals, security monitoring, cost control, lifecycle governance, offboarding and reconstructability through the agentβs full lifecycle.
Request a briefing