01
Build conversion gate
Lock the diagnostic packet. Run the agent necessity kill test. Confirm scope, owners, environments, access limits, budget, and timebox. The handoff freezes here.
Section 02 · Operating Implementation
Build the platform first. Build the agents on top.
After the Operating Diagnostic clears Step 18 and a separate implementation approval is signed, the work moves into Operating Implementation. The first wedge of the Operating Intelligence Platform — a Minimum Viable Foundry — is built inside your environment, then the first agent capabilities are layered on top under controlled pilot.
Step 18 hard gate
Implementation starts only on a clean handoff.
The Operating Diagnostic ends at Step 18 with an approved decision packet, an approved managed lifecycle object, and a signed method-to-build handoff contract. Implementation starts only after a separate approval names scope, owners, environments, access limits, budget, and timebox.
Required to cross the gate
Approved decision packet
From the Operating Diagnostic. Names the recommendation, controls, value case, and risk.
Approved lifecycle object
Names the operating owner, cadence, escalation, and revisit triggers.
Method-to-build handoff contract
Document that transfers the diagnostic outputs to implementation. Lists return-to-method triggers.
Separate implementation approval
Names scope, owners, environments, access limits, budget, timebox, and security review path.
Build sequence
Eight phases. Platform first. Agents last.
The implementation does not start with the agent. It starts with the build conversion gate, then the Minimum Viable Foundry, then the agent architecture, then evals and observability, then sandbox, then pilot, then production. Agents come on top of governed structure or they fail.
02
Build the Minimum Viable Foundry
First wedge of the Operating Intelligence Platform: source inventory, canonical entities, semantic and truth layer, document set, permissions, query layer. Built inside your environment.
03
Define agent architecture and tool contracts
Architecture record, runtime, tools, data, identity, permissions, and revocation contracts. Each tool has a typed contract; each capability has a permission scope.
04
Set up environment and access progression
Sandbox / pilot / production environments with separate test data, secrets, provisioning, and access review. Stages advance only on evidence.
05
Build evals, guardrails, and observability
Eval harness with behavioral and output cases. Guardrails on retrieval, tool use, and output. Trace policy, metrics, dashboards, alerts.
06
Sandbox prototype and pilot readiness
Run the agent against governed sources in a sandbox. Capture evidence. Pass the production readiness gate before any pilot user touches it.
07
Controlled pilot
Bounded user set, bounded scope, full observability. Production readiness gate and readiness scoring confirm the agent operates at the intended rung.
08
Production release and handoff to AgentOps
Release manifest with version, deployment record, compatibility, and rollback package. Handoff to Managed AgentOps for continuous operation.
Data access progression
Five staged access points, advanced only on approval.
Each stage has its own purpose and its own controls. A wedge can stop at any stage if evidence does not support advancing.
01
Metadata scaffold
System names, source inventory, owners, field lists, workflow maps, KPI definitions, synthetic examples.
02
Redacted samples
Validate schemas, mappings, query behavior, evals, and platform assumptions on redacted exports.
03
Client-controlled environment
Approved source connections inside your cloud or tenant. Security review, identity, audit, network, logging, retention.
04
Production operating layer
Approved production sources and governed documents are queryable. RBAC/ABAC, monitoring, lineage, access review, incident path.
05
Agent layer
Agents deployed on top of the governed platform with tool contracts, guardrails, traces, eval thresholds, and revocation.
Architecture detail lives on /platform. Definitions live on /concepts.
Agent Safety Ladder
Every agent starts at rung one. Climbs only on evidence.
Implementation does not deliver a rung-eight bounded autonomous agent on day one. The agent enters at the lowest rung that delivers value, and climbs only when evals, eval thresholds, control verification, and a separate approval support the move.
01
Read-only query
02
Evidence-grounded summarization
03
Classification or routing
04
Recommendation with evidence
05
Drafting with human approval
06
Tool-using with scoped read tools
07
Approval-gated action
08
Bounded autonomous
Handoff to AgentOps
Production is the start of operations, not the end of build.
At production release, the implementation engagement hands the agent and the platform layers it depends on to Managed AgentOps. The release manifest, eval suite, guardrail matrix, trace policy, and incident runbook travel with the handoff. The agent is not done; it has just started its operating life.
Next step
Diagnostic first. Implementation second. Operations continuously.
Most engagements start with the Operating Diagnostic. If you already have an approved decision packet and are ready to discuss implementation, the next step is the conversation that scopes it.