The Agent Action BOM template is a copyable review format for one AI-assisted delivery path. It records the workflow, agent or automation, credential, reachable action, target system, approval decision, and proof so the team can review a concrete path instead of debating AI usage in general.
Required vs optional fields
| Required for first map | Useful when visible |
|---|---|
| Owner, repo or workflow, credential, reachable action, target, approval point, proof gap. | Model/provider, exact token scope, runtime session ID, validation logs, revocation path. |
Markdown template
Copy into GitHub, Notion, Linear, Jira, or a security review doc
# Agent Action BOM ## Workflow - Name: - Owner: - Repo / project: - Trigger: - Human accountable owner: ## Agent or automation - Agent / tool: - Model or provider, if known: - Where introduced: - Task or purpose: ## Action path - Path: - Reachable actions: - Target systems: - Production-adjacent impact: ## Authority - Credential or identity source: - Standing, inherited, delegated, or scoped: - Token / service account / OAuth / CI secret involved: - Credential owner: ## Approval - Current approval point: - Actions that should be allowed: - Actions that should require approval: - Actions that should be blocked: ## Evidence - Human owner evidence: - Agent/session evidence: - Repo / branch / PR evidence: - Workflow or CI evidence: - Credential-use evidence: - Approval reason: - Final action and outcome: ## Open gaps - Missing owner: - Missing approval: - Missing policy: - Missing proof: - Follow-up owner:
GitHub issue prompt
Use this to review one workflow
Review AI-assisted delivery action path Can this workflow change code, CI/CD, secrets, cloud paths, package publishing, release workflows, or internal systems? Path to map: human -> agent -> repo/PR -> workflow/tool -> credential -> action -> target -> approval/proof Questions: - Who owns the workflow? - What can the agent or automation do? - Which credential or identity is used? - Is access standing, inherited, delegated, or scoped? - Which action should require approval? - What proof exists after the action?
Completed sample entry
human -> Codex -> PR -> release.yml -> package token -> publish package -> approval/proof gap
| Workflow | Release workflow in `.github/workflows/release.yml` |
|---|---|
| Authority | Package registry token available to release job |
| Approval | PR reviewed; credentialed publish approval not recorded separately |
| Open gap | Confirm token scope, owner, and retained evidence for publish outcome |
Slack review prompt
Try the template against a simulated path.
The lab generates an Agent Action BOM and downloadable PNG card from a simulated AI-assisted delivery path.
Open the lab