Jump to the sections that matter for your role. Executive Summary remains Section 01 for leadership readers who want the verdict first.
Acme Manufacturing has decomposed a Support Triage Agent workflow into 7 steps. 2 of 7 steps meet production-ready thresholds. Overall readiness is 48/100 (FAIR). Primary gaps are in entity resolution and source of truth, not necessarily in the AI models themselves. Overall governance risk: MEDIUM.
Data orchestration is the production layer between enterprise data and AI agent action.
The agent reasons. Data orchestration prepares, routes, validates, governs, and records what the agent is allowed to reason on - trusted data, approved rules, permissions, tools, approvals, logs, and rollback paths.
The agent reasons. Data orchestration prepares, routes, validates, governs, and records what the agent is allowed to reason on - trusted data, approved rules, permissions, tools, approvals, logs, and rollback paths.
Each question maps to Prepare · Route · Validate · Govern · Record - gap rows link to KFix playbooks; live controls via KFix deploy + KCyber.
3 yes · 7 partial · 0 gap - spec in KAssess; live controls via KFix deploy + KCyber.
Each dimension scored 0-100 across all workflow steps. 80+ is production-ready; 70+ on audit & compliance readiness supports enterprise security reviews. Scores reflect uploaded artifacts and workflow context, platform-agnostic.
Agent risk register for Support Triage Agent. Risk rated High / Medium / Low per dimension.
Recommendations prioritized by enterprise deal impact and production readiness lift. Effort: S (1-2 weeks) / M (2-4 weeks) / L (4-8 weeks).
What work is required and which roles typically own it. If you have these skills in-house, staff it internally, every item in this report can be executed by your team. TekCapitol is optional delivery support if you want help implementing.
Effort in person-months and person-days - fixed-scope deliverables, not a fractional hire recommendation.
Each row is a scoped deliverable with role, skills, and estimated effort. Staff in-house or with TekCapitol - your choice.
Person-months of effort (1.0 ≈ 20 working days). Scoped deliverables, not a headcount or hire recommendation.
Model routing, token estimates, cost projection, and human-in-the-loop gates per workflow step. Generated from your decomposed agent workflow.
5 of 7 steps need no LLM · 2 uses LLM
Based on recommended models and token estimates at 450 runs/day. List prices only; excludes caching, batch discounts, and platform fees.
Permission audit, compliance mapping, and kill-switch authority matrix, aligned to NIST AI RMF and SP 800-53.
Data quality alerts, LLM eval criteria, circuit breakers linked to kill-switch levels, ops runbook, and KPIs.
Kyklos360 is Diagnose · Fix · Protect. This KAssess report identified production gaps; KFix and KCyber are the next steps in the app - or assign the roadmap to your team.
Draft answers to the 5 most common enterprise AI security questions, based on this assessment. Review with legal before submitting to prospects.
One catalog row per assessed workflow - for your agent inventory, GRC tool, or vendor file. Included in the WGR JSON export.
| Agent name | Support Triage Agent · Acme Manufacturing |
|---|---|
| Owner | Support Operations Manager |
| Business purpose | Classify inbound support tickets by severity and product area, enrich with Salesforce account tier and SAP credit status, route to the right queue or auto-respond with KB articles |
| Systems touched | Salesforce, SAP, Zendesk, Snowflake, Custom / Proprietary |
| Data accessed | Salesforce (read: SAP KNA1 read, credit_hold flag); SAP (read: SAP KNA1 read, credit_hold flag); Zendesk (read: SAP KNA1 read, credit_hold flag) |
| Tools/actions allowed | Ingest and classify inbound ticket; Enrich with Salesforce account tier; Check SAP credit and delivery block; Load ticket history from Snowflake mart; Apply routing and auto-response rules; Human approval for high-risk cases · Denied: SAP write on customer master; FD32 transaction; Case auto-close without CSM approval |
| Human approval points | - |
| Risk level | medium |
| Go-live status | Not approved - remediate before production |
| Kill-switch owner | Support Ops Director + Platform Engineering |
| Audit log location | Kill-switch audit spec (WGR) |
Registry v1.0 · Workflow wgr_sample_acme-manufacturing · Updated 2026-07-07
Machine-readable governance contract for this workflow - for vendor risk, SOC 2, and internal audit file. Export Evidence Pack (HTML + WGR JSON + agent registry CSV) or Registry CSV from the report toolbar.
GDPR · SOC2
Kill switch stops forward. Rollback undoes backward. Kill switch stops future runs; rollback undoes completed writes via compensating transactions.
Hybrid - ReBAC for data access + OPA/Cedar at orchestrator + KCyber run gate · Primary engines: OpenFGA
Hybrid - ReBAC for data access + OPA/Cedar at orchestrator + KCyber run gate. Primary: OpenFGA. Principal: hybrid. KAssess specifies architecture; customer or TekCapitol deploys the PDP.