Clyra

Sample artifact

Redacted Agent Action BOM sample

Download a three-page sample that shows how Clyra summarizes AI-assisted delivery paths, standing credentials, owner gaps, approval gaps, proof gaps, and recommended next actions.

Last updated: May 16, 2026

Download PDF sample Read the BOM guide

What is in the redacted Agent Action BOM sample? The sample shows scan scope, AI-assisted or automation paths, credentials, reachable actions, target systems, owner gaps, approval gaps, proof gaps, and recommended next actions in a shareable PDF artifact.

Inline preview

Sample field Redacted example
Control-first path GitHub Action running AI coding assistant
Credential GitHub PAT referenced from repository secret
Reachable actions Read, write, comment, modify PR branch
Missing Owner, approval evidence, policy coverage, proof coverage
Recommended action Assign owner, confirm credential scope, replace broad PAT, require approval for write actions

What the sample shows

Scan scope

Repo or workflow scope, source mode, raw-source retention, artifact type, and review purpose.

Path summary

Counts for AI-assisted or automation paths, write/deploy reachability, standing credentials, and missing owners.

Control-first path

A path from workflow to credential, reachable actions, targets, owner, approval evidence, policy coverage, and proof coverage.

Recommended action

Specific next steps such as assigning an owner, confirming credential scope, requiring approval, and recording proof.

Example path in the sample

The sample includes a GitHub Action running an AI coding assistant with a repository secret referencing a GitHub PAT. The point is not that this exact pattern is always present. The point is that a normal workflow can become a privileged actor if it has standing write access and weak evidence.

workflow -> AI coding assistant -> repository secret -> write-capable PR action -> missing owner / approval / proof

How to use it internally

  • Share it with platform, DevEx, CI/CD, release engineering, or security reviewers.
  • Pick one workflow and ask whether the same fields are knowable in your environment.
  • Use the missing owner, approval, policy, and proof fields as a short review agenda.
  • Keep normal AI coding adoption moving while separating low-risk edits from credentialed actions.

What it is not

This sample is not a vulnerability report and not a claim about your environment. It is a redacted artifact example for the control question: what can act, with which authority, against which target, and what proof exists afterward?

Download the sample

The PDF is ungated and safe to share internally. It is intended as a conversation starter for one workflow, not a comprehensive policy document.

Download PDF sample

Turn the sample into one real workflow map.

Clyra maps selected repos or workflows and returns a redacted Agent Action BOM, action-control graph, and evidence packet.

Map one workflow