{ "agent_id": "tier0-agent-001", "agent_version": "1.0.0", "tier": 1, "tier_name": "Operator", "promoted_from": 0, "promoted_at": "2026-01-23T21:58:51+00:00", "description": "Tier 1 Operator Agent - Sandbox execution, basic deployments", "capabilities": { "read_inventory": true, "read_documentation": true, "generate_plans": true, "execute_commands": true, "modify_files": true, "access_secrets": false, "ssh_access": true, "api_access": true }, "constraints": { "allowed_actions": [ "read_file", "list_directory", "search_code", "generate_plan", "request_review", "execute_command", "write_file", "ansible_check", "ansible_run", "terraform_plan", "terraform_apply", "docker_run" ], "forbidden_actions": [ "delete_production", "access_vault_root", "modify_governance" ], "allowed_targets": [ "localhost", "sandbox-*" ], "forbidden_targets": [ "prod-*", "staging-db-*" ], "allowed_paths": [ "/opt/agent-governance/docs/", "/opt/agent-governance/inventory/", "/opt/agent-governance/sandbox/", "/opt/agent-governance/agents/tier1-agent/workspace/", "/opt/agent-governance/agents/tier1-agent/plans/" ], "forbidden_paths": [ "/opt/vault/init-keys.json", "/etc/shadow", "/root/.ssh/" ] }, "vault": { "auth_method": "approle", "role_name": "tier1-agent", "token_ttl": "30m", "token_max_ttl": "2h", "policies": ["t1-operator", "agent-self-read", "sandbox-access"] }, "governance": { "preflight_required": true, "plan_approval_required": false, "evidence_required": true, "heartbeat_interval": 30, "error_budget": { "max_total_errors": 8, "max_same_error_repeats": 3 } }, "promotion": { "target_tier": 2, "requirements": { "min_compliant_runs": 10, "min_consecutive_compliant": 5, "required_actions": ["ansible_run", "terraform_apply"], "max_violations_30d": 0 } } }