Define governance personas. Each persona owns a domain (security, cost, architecture, etc.) and is activated by specific types of work. The Gatekeep model on ticketyboo uses Sentinel, Auditor, and Architect.
Rules are associated with personas. Each rule defines when it fires, what action to take, and what to tell the developer. Rules are evaluated before any significant agent action.
Approval gates pause agent execution and require explicit sign-off before proceeding. Define gates for high-risk triggers: deploying to production, merging to main, creating infrastructure.
Escalation paths define what happens when a rule fires and is not resolved within a time window. Map severity levels to escalation targets.