Add Analyst Assist Agent Policy document

This document outlines the operational policies and functions of AI agents assisting analysts, including their allowed and prohibited actions, model sources, and trust model.

governance/AGENT_POLICY.md

@@ -0,0 +1,60 @@
+# Analyst Assist Agent Policy
+
+This document defines how AI agents operate across applications.
+
+---
+
+## Purpose of Agents
+
+Agents exist to assist analysts by:
+- Explaining system behavior
+- Interpreting findings
+- Suggesting investigative or operational next steps
+- Highlighting risks, assumptions, and alternatives
+
+Agents are collaborators, not decision-makers.
+
+---
+
+## Allowed Agent Functions
+
+Agents may:
+- Summarize data and findings
+- Answer analyst questions
+- Propose plans or hypotheses
+- Highlight inconsistencies or gaps
+- Explain tool outputs
+
+Agents may not:
+- Execute tools or workflows
+- Escalate findings to alerts autonomously
+- Modify data models or contracts
+- Act without analyst confirmation
+
+---
+
+## Model Sources
+
+Agents may use:
+- Local LLMs
+- Networked/shared LLM services
+- Online hosted LLM APIs
+
+No assumption is made about model provider or capability.
+All agents must degrade gracefully if a backend is unavailable.
+
+---
+
+## Trust Model
+
+- Agent output is advisory
+- Analysts retain final authority
+- Actions require explicit human approval
+- All agent interactions are logged
+
+---
+
+## Consistency Rule
+
+Agent behavior and tone should be consistent across applications,
+even if implementation details differ.