Agentic Governance — Meta-Agents That Watch Other Agents
Why this layer exists
Chapter 15 establishes that Compai implements McKinsey's five pillars of the agentic organization. Pillar 3 — Governance — is the pillar McKinsey flags as the rate-limiting factor:
"The scale of agentic adoption will be capped by how much oversight capacity humans can provide — making governance itself a potential bottleneck to productivity."
The compliance package shipped in repo v2.0 (DPIA, AI System Register, Annex III guardrails, Article 50 transparency) handles static governance — the documents regulators want to see. Chapter 16 introduces dynamic governance — three meta-agents that watch the seven domain agents in real time, so that human oversight capacity can scale sub-linearly as the agent fleet grows.
McKinsey names the pattern explicitly:
"Critic agents will challenge outputs, guardrail agents will enforce policy, and compliance agents will monitor regulation." — McKinsey, Sep 2025
Compai repo v2.5 ships exactly these three.
The three meta-agents
Meta-agent 1 — Critic Agent
Purpose: challenge high-stakes outputs before they reach customers, finance systems, or public surfaces. Catch hallucinations, tone drift, brand inconsistencies, and logical errors.
How it works:
- Every domain agent (CS, Finance, Marketing, etc.) emits a proposed action to its review queue.
- If the action is customer-facing, financial, legal, HR, irreversible, source-conflicted, or otherwise above its configured risk threshold, the critic-agent is invoked. Low confidence can add review priority but never grants or removes authority.
- The critic runs adversarial cross-model deliberation across independently configured provider paths and emits one of three verdicts:
-
approve— consensus, proceed -revise— one or more models dissent, specific revision proposed -escalate— multi-model dissent or policy concern; human T-shaped specialist invoked - Every verdict is logged to
brain/memory/critic/YYYY-MM-DD.logwith full reasoning.
Cost: ~€0.10-1.00 per deliberation. Runs only on high-stakes cases (~5-10% of agent outputs in a mature deployment).
Meta-agent 2 — Guardrail Agent
Purpose: enforce fleet-wide policy at write-time. A single authority on what every agent is allowed to do.
How it works:
- Intercepts every tool call that crosses a policy boundary: write to production DB, send email to customer, post to Slack, trigger a refund, modify an order.
- Evaluates the call against the brand's policy bundle: - ACK rule: agent must acknowledge what it's doing; silent operations blocked - Article 50 (EU AI Act): customer-facing text must carry AI disclosure if required - Annex III guardrails: refuse actions affecting hiring, firing, performance evaluation, credit decisions, biometric inference - Brand voice compliance: outbound copy checked against the brand's style guide - Financial thresholds: escalate any single-action impact > €X (founder-configurable) - PII handling: reject any action that would write PII to a non-evidence store
- Returns
allow/deny/modifydecisions in <200ms (rule-based, no LLM for standard checks; LLM-assisted for ambiguous copy). - Every denial is logged + escalated to the founder's
#compai-opsSlack channel.
Cost: near zero per call (mostly rule-based). LLM calls only for ambiguous policy interpretations.
Meta-agent 3 — Compliance Agent
Purpose: monitor the regulatory environment and flag DPIA/Register updates the brand's data controller needs to sign off on.
How it works:
- Weekly cron pulls regulatory updates from a curated list of sources: EUR-Lex (AI Act amendments), AEPD guidance, EDPB statements, CNIL publications.
- For each update, runs a relevance classifier against the brand's DPIA and AI System Register: "does this change require action?"
- If yes, drafts a proposed amendment to
/opt/compai/compliance/dpia.mdorai-system-register.mdand files it in the Review Queue. - The data controller (founder) reviews and signs or rejects the amendment via
compai-init governance review. - All changes are version-tracked in Git inside
/opt/compai/compliance/for audit trail.
Cost: a few LLM calls per week — classification + drafting, not monitoring 24/7. ~€2-5/month.
Installation
As of repo v2.5:
# Install the three meta-agents (systemd units + SOUL templates + config)
compai-init governance enable
# Check status
compai-init governance status
# View recent critic verdicts
compai-init governance logs --since 24h --agent critic
# Review pending compliance updates
compai-init governance review
# Disable (emergency only — recorded in audit log)
compai-init governance disable --reason "debugging issue X" --by founder
After enable, three new systemd units run alongside the existing agents:
compai-critic.servicecompai-guardrail.servicecompai-compliance.service
Each has its own SOUL.md at /opt/compai/agents/<meta>/SOUL.md, interpolated from templates shipped in repo/init/governance/.
Where this fits in the ACL model
Meta-agents operate with a dedicated role tier: meta-admin. They can read everything (including evidence store, in audit mode), but they cannot write anywhere except:
- Their own memory log (
brain/memory/critic/,brain/memory/guardrail/,brain/memory/compliance/) - The Review Queue (propose changes, never apply directly)
- The audit trail (append-only log at
brain/audit/)
This is by design. Meta-agents surface decisions — they don't make them. Humans remain accountable. McKinsey again:
"The challenge is finding the sweet spot: enough oversight to manage risk without pulling agents back to human speed."
The three meta-agents shift that sweet spot rightward by doing most of the oversight work at machine speed, escalating to humans only on genuine ambiguity.
What changes for the founder
Before repo v2.5: founder reviews every flagged agent output manually, occasionally misses things, and compliance is a quarterly fire drill.
The target operating state is measurable rather than assumed: - the critic samples high-impact work and records disagreements; - deterministic guardrails block declared policy violations before execution; - compliance monitoring prepares amendments for a named human to accept or reject.
The human oversight ratio shifts from "founder as bottleneck" to "founder as final authority." This is the operational definition of McKinsey's "humans above the loop."
Economic model
| Meta-agent | Ongoing cost (per brand) |
|---|---|
| Critic | €5-30/month (depends on high-stakes call volume) |
| Guardrail | €0-5/month (mostly rule-based) |
| Compliance | €2-5/month (weekly batch) |
| Total add-on | €7-40/month |
The current EUR631/month reference cost already includes the operating stack described in Chapter 12. Additional governance model usage is estimated at EUR7-40/month when it is not already covered; add that to your own baseline rather than substituting a lower total. The reference ROI model is 16.2:1 before any incremental governance add-on.
Limitations shipped in v2.5
Honest scoping:
- Critic is Punta de Flecha only. Can be extended to richer multi-agent jury protocols in v0.6.
- Guardrail policy bundle is configurable, not learnable. Brands express policy as rules, not through examples. A future version can learn policy from the Pattern Library.
- Compliance agent relies on a curated source list. Brands outside EU/ES get a reduced source list; we ship EU-focused defaults and document how to extend.
- No real-time dashboarding. Logs are queryable via CLI; a web UI for founder review comes in v0.6.
What this gives the brand that deploys Compai
- One command installs three meta-agents. No custom LLM pipeline, no vendor integrations.
- Governance scales with agent count, not linearly with founder attention.
- Every high-stakes action carries an audit trail — specifically the trail a DPO or regulator asks for.
- The McKinsey Pillar 3 box is ticked, not aspirationally but with running code.