The Agent Registry

The foundation of confidence is a single, authoritative source of truth. The Corvair.ai Agent Registry is the design-time system of record that eliminates "Shadow AI" and gives you a complete, auditable picture of your agents' capabilities, permissions, and true risk posture before they are ever deployed.

The 10-Layer Governance Data Model

To systematically manage risk, the Registry stores each agent's authoritative profile using a structured, ten-layer data model. This model provides a machine-verifiable definition for every facet of an agent's existence, from its identity and authority to its mission and intent.

This isn't just an inventory; it's a living, breathing model of your AI workforce that allows you to quantify risk and enforce policy with mathematical precision.

Abstract image of layered data

A Complete, Verifiable Profile

Each layer of the model answers a critical governance question, creating a holistic profile that is consumed by our real-time engine.

These foundational layers establish a verifiable identity and a complete picture of an agent's power.

  • 1. Agent Identity: Establishes a "Digital Birth Certificate" with a unique cryptographic identity, owner, and version history.
  • 2. Authority: Catalogs all static roles, entitlements, and permissions the agent possesses.
  • 3. Delegated Authority: Defines who can invoke the agent (users, systems, other agents), modeling the chains that lead to Cumulative Operational Authority.

These layers define the agent's operational environment and its inherent abilities.

  • 4. Accessible Data Domains: Lists the specific data stores (e.g., PII database, financial records) the agent can touch, along with sensitivity classifications.
  • 5. Environment & Execution Context: Defines authorized environments (e.g., production, sandbox) and network zones.
  • 6. Connected Tools & Services: Inventories every API, library, or third-party service the agent is allowed to use.
  • 7. Inherent Agent Capabilities: Declares what the agent can do by design (e.g., code execution, network access), independent of external permissions.

These top layers encode the human element of governance, ensuring every agent acts in alignment with business objectives.

  • 8. Organizational Policy: Captures the specific, version-controlled policies and compliance constraints (e.g., GDPR, HIPAA) that govern the agent.
  • 9. Risk Profiles & Categorization: Consolidates risk classifications, threat models, and incident history into a quantitative, evidence-based profile.
  • 10. Mission & Intent: The "Commander's Intent." A human-readable and machine-interpretable description of the agent's approved purpose, goals, and operational boundaries.

Ready to See the Engine?

The Registry provides the authoritative baseline. The Governance Engine puts it into action. Explore how we provide preventative, per-action control in real time.

Explore the Governance Engine