The Missing Commit Layer in the Governance Control Stack: Action Governance at the Moment of Execution

Patrick McFadden • December 23, 2025

The Commit Layer is the execution boundary where Action Governance is enforced before a high-risk action is allowed to proceed.


AI makes this urgent, but AI is not the whole problem.


The actor may be a human, script, workflow automation, service account, integrated system, or AI agent.


The control question is the same:


Is this actor authorized to take this action, in this context, under this authority, before the action executes?


Action Governance is the missing discipline. The Commit Layer is where it lives: a pre-execution authority control point that can Approve, Refuse (fail-closed), or Supervised Override (named accountability) before irreversible actions run.

For the last twenty years, we’ve been building governance for humans, automation, and now AI in the wrong order.


We focused on data governance.

Then we layered on model governance.

All on top of long-standing identity and access governance.


All of that matters.


But in the middle of the excitement, we skipped the one control point that decides whether an organization survives contact with AI in the real world:


The Commit Layer — the execution boundary where Action Governance is enforced before a system is allowed to act.


Every headline you’ve seen about “AI gone wrong” is a symptom of that missing discipline.


  • We have rules for information.
  • We have rules for models.
  • We have rules for access.
  • We have rules for intruders.


We do not have consistent, runtime-enforced authority rules at the moment of execution across AI-enabled workflows.


That’s the hard truth.

And it’s where the next decade of governance will be won or lost.


Action Governance is the missing discipline. The Commit Layer is where it lives: a pre-execution authority control point that can Approve, Refuse (fail-closed), or Supervised Override (named accountability) before irreversible actions run.


AI did not create the authority problem.


AI exposed it.


The same failure can happen when the actor is a lawyer, employee, script, workflow automation, service account, integrated system, or AI agent.


The real question is not “was this AI?”


The real question is:


Was this actor authorized to take this action before it executed?


1. How We Got Here: Three Discplines and a Blind Spot


The modern enterprise did what made sense at the time.


Data governance:

  • What data do we have?
  • Who owns it?
  • Where does it live?
  • How do we classify, retain, and protect it?


Model governance:

  • How is the model trained?
  • What data went into it?
  • Does it drift?
  • Is it biased?
  • How do we monitor performance?


Identity & access governance:

  • Who can log in?
  • What systems can they see?
  • What can reach execution systems?
  • Where are the firewalls, the IAM, the SOC?


Those three discplines grew up in a world where systems were mostly deterministic:

If input = A, output = B. Every time. Predictably. Testably.

You could put a control behind the system and feel safe:


  • If something looked wrong, you patched it.
  • If a user misbehaved, you revoked access.
  • If a report was off, you traced it back and fixed the data.


The assumption was always the same:

“We control the box. We can fix it after the fact.”

AI — especially generative, autonomous, and agentic AI — made that assumption impossible to ignore.


But the authority problem is older than AI.


Humans, scripts, workflow automations, service accounts, and integrated systems have always been able to take actions that existing governance stacks were not built to evaluate at the moment of execution.

2. What AI Changed: Speed, Autonomy, and Distance From Oversight


In an AI-mediated environment, three things happen at once:


  1. Speed - Systems act in milliseconds. Governance thinks in meetings.
  2. Autonomy - Agents make decisions and trigger actions without a human in the loop at every step.
  3. Distance - The people accountable for outcomes are often far away from where the system takes action.


That’s how you end up with:


  • A model that was approved for fraud analysis quietly denying credit.
  • A chatbot turning a customer complaint into a legal promise.
  • An AI assistant generating a court filing under the wrong attorney’s authority.
  • A coding agent deleting a live database because a prompt “sounded” close enough.


None of these failures start with bad data or a malicious actor. They start with something much simpler:


The system was allowed to act without an execution-time authority check at the commit boundary.


The question that should have been asked first — but wasn’t — is:


“Is this specific action, in this context, allowed to run at all?”


That is the question data governance, model governance, and identity & access governance (IAM) do not answer.


Which is why we need a fourth discipline.

3. The Missing Discipline: Action Governance


Let’s name it plainly:


Action Governance is the discipline of enforcing who may do what, on what, under what authority, before any system — human or AI — is allowed to act.


It is not:


  • a dashboard
  • a log sink
  • an ethics policy
  • an AI wrapper
  • an explainability report
  • a model card


In practice, Action Governance is enforced by a pre-execution authority gate at the Commit Layer.


A gate that can say, for every attempted action:


  • Who is acting? (Identity)
  • In what role? (Authority)
  • On what object, matter, or domain? (Scope)
  • In what situation? (Context, jurisdiction, urgency)
  • Under what rules? (Policy, regulation, contract, ethics)


…and then do one of three things:


  • Approve and record that approval.
  • Refuse and record that refusal.
  • Supervised Overrided and record that supervision.


Before anything happens, not after.


  • Data governance asks: “Is this information appropriate?”
  • Model governance asks: “Is this logic acceptable?”
  • Identity & access governance (IAM) asks: “Is this person allowed in?”


Action governance asks a stricter question:


“Regardless of who they are, is this action allowed to exist?”


Until that question is enforced in the runtime, every other control is five steps too late.


4. Why the Old Stack Fails Under Real Pressure


Consider a simple but common scenario:


Example 1: Legal Filings


  • A firm has AI tools that can draft motions, summarize case law, and prepare templates.
  • Policies say “humans are always in the loop.”
  • Security ensures only licensed attorneys can access certain tools.


Then:


  • An associate uses AI to generate a filing for a jurisdiction they’re not licensed in.
  • A partner, under time pressure, approves with a quick glance.
  • The filing contains fabricated cases and misstates authority.


Data governance didn’t stop it. Model governance didn’t stop it. Security governance didn’t stop it.


What was missing?


A gate that said:

“This role is not authorized to file this type of motion, in this court, under this client’s matter, without specific supervision.”

That’s action governance.


No Commit Layer enforced authority at the moment the action became irreversible.


A Current Legal Proof Point


In legal, the first narrow implementation is wrong-authority filing refusal at the final-submit boundary.

The question is simple:


Is this actor authorized to submit this filing, in this matter, under this authority, before it leaves the firm?


The actor may be a lawyer, staff member, AI agent, script, workflow, service account, or integrated system.


The governed outcome is not a chatbot answer. It is one of three runtime outcomes:


  • Approve.
  • Refuse.
  • Route for supervised override.


Each governed outcome should produce a sealed, reviewable artifact showing what the control did at the moment of action.

5. Why Insurers, Regulators, and Boards Now Care About This Discpline


Insurers don’t need perfect models. They need provable control.

Regulators don’t need every decision to be right. They need evidence that decisions were made under an enforceable standard.


Boards don’t need to understand every model weight. They need to know:


“When this system took action in our name, can we show who allowed it, which rules applied, and what refused to run?”


Right now, most organizations can’t.

They have logs. They have policies. They may even have beautiful dashboards.


What they lack is:


  • A sealed record of authority at the moment of action.
  • A structured way to prove that authorized users could not execute unauthorized actions.


When those execution decisions produce sealed artifacts, you get a Risk Ledger: Refusals (prevented loss), Supervised Overrides (accepted risk), and Approvals (authorized execution).


Without that, “AI risk” remains a floating, unpriceable abstraction.


With it, AI risk becomes a governable category.

That’s the difference between “uninsurable” and “controlled”.


Screenshot below is from a simulated matter where a paralegal tried to take an action not allowed by firm owned rules. The pre-execution authority gate refused the action and emitted a refusal artifact the firm can hand to regulators or insurers later.

6. What Action Governance Must Include (A Practical Definition)


If this discipline is going to mean anything, it has to be concrete.


An action governance layer — whether homegrown or purchased — must be able to do at least this:


Sit upstream of execution

  • Before filings, submissions, approvals, releases, workflow commits, privileged sends, destructive actions, regulated decisions, or other high-risk actions.
  • Not as an after-the-fact audit tool.


Non-bypassable for governed paths, with measurable coverage

  • When a workflow is wired through the Commit Layer, the governed path should not have a side route around the gate.
  • The system should also maintain a coverage map showing which execution paths are governed and which remain outside the gate.


Bind actions to identities and roles

  • Every attempted action knows who — person or system — is behind it.
  • That identity is mapped to a role, license, or authority envelope.


Tie scope to context

  • Jurisdiction, client, environment, sensitivity, urgency.
  • “Allowed on test, refused on prod” is action governance, not just DevOps.


Enforce “allowed / refused / supervised override” as first-class outcomes

  • Refusal is not an error. It’s a valid, designed outcome.
  • Escalation routes actions to supervision when conditions aren’t met.


Generate integrity-verifiable decision artifacts 

Integrity-verifiable, timestamped decision artifacts that answer:


  • who attempted the action
  • what governed action was attempted
  • which policy context applied
  • why the request was refused


Belong to the institution, not the vendor

  • The governance perimeter must be controlled by the enterprise.
  • Models, tools, and assistants can change. The action boundary must persist.


If a “governance solution” doesn’t do these things, it’s not Action Governance. It’s monitoring with better branding.


7. How This Reframes AI Strategy


Once you see the missing discpline, certain questions stop being optional.


Instead of:


  • “What can this model do for us?”
  • You start with: “What actions are we willing to let any system take under our name?”


Instead of:


  • “How fast can we automate this?”
  • You ask: “What must always be refused or escalated, no matter how fast we move?”


Instead of:


  • “Can we explain what the model did?”
  • You ask: “Can we prove this action passed through an enforceable standard of authority?”


And instead of:


  • “Who owns AI?”
  • You ask: “Who owns the gate?”


Because in a world of autonomous systems, the pre-execution authority gate is where governance actually lives.

8. A Simple Way to Remember the Four Disciplines


If you want a shorthand for the next board meeting, use this:


  • Data governance: What do we know?
  • Model governance: How do we reason?
  • Identity & access governance (IAM): Who can see and touch the system?
  • Action governance: What are we allowed to do?


The first three are about capability. The last one is about permission.


And permission is where law, ethics, and liability actually converge.

9. Ten Years From Now


Ten years from now, action governance will sound obvious.


Every regulated enterprise will have:


  • A pre-execution authority gate that sits at the execution boundary for high-risk actions (file/send/approve/move)
  • Sealed records of what was approved, refused, or supervised-overridden.
  • A clear separation between “where work happens” and “where authority lives.”
  • A measurable coverage map of governed vs ungoverned workflows


Insurers will ask for it in underwriting.

Regulators will reference it in guidance.

Courts will expect it in discovery.


And someone will ask:


“When did we start talking about Action Governance as its own discipline?”


I’m writing this so there’s a clear answer.


It started when we were finally honest that:

The world built three discplines first — data, model, identity/access — and forgot to govern the only point that actually counts: the moment of action.

We don’t need to fear AI. We need to refuse what should never be allowed to run and record what we decide to let through.


That’s Action Governance. And it’s the discpline we can’t afford to ignore anymore.


In legal, Thinking OS is applying this first to wrong-authority filing refusal at the final-submit boundary.


Action Governance is the discipline. The Commit Layer is the missing control point where it lives. Refusal Infrastructure is the architecture that makes it real. SEAL Legal Runtime is our implementation for high-risk legal actions.

What Is the Commit Layer?

By Patrick McFadden April 7, 2026
The Commit Layer is the execution-boundary control point where a system decides, before an irreversible action runs, whether that action may proceed under authority, in context. It applies to humans, agents, systems, tools, and workflows.

What Is Action Governance?

By Patrick McFadden April 7, 2026
Action Governance is the discipline of deciding whether a specific action may execute under authority, in context, before it runs. Learn how it differs from IAM, model governance, and monitoring — and why it lives at the Commit Layer.

Execution-Time Authority Control: Why IAM, Guardrails, GRC, and Monitoring Still Don’t Decide What May Execute

By Patrick McFadden April 2, 2026
Most enterprises already have more controls than they can name. They have IAM. They have model guardrails. They have GRC platforms. They have dashboards, logs, alerts, and post-incident reviews. And yet one question still goes unanswered at the exact moment it matters: May this action run at all? That is the gap. Not a visibility gap. Not a policy gap. Not a “we need one more dashboard” gap. A control gap. The problem is not that enterprises have no governance. The problem is that their existing layers stop short of the final decision that matters at the moment of action. The market has language for identity, model safety, policy management, and monitoring. What it still lacks, in most stacks, is a control that decides whether a governed high-risk action may execute under the organization’s authority before anything irreversible happens. That is what I mean by execution-time authority control . Not a new category. A clearer control-language translation for what Action Governance does at the Commit Layer .

Security Keeps Intruders Out. Action Governance Decides What Your Own Systems May Do.

By Patrick McFadden March 17, 2026
Most governance conversations around AI-enabled systems stop at models, monitoring, and security. The missing runtime discipline is Action Governance.

Is This Really AI Governance? 7 Questions Boards Can Ask in One Meeting

By Patrick McFadden March 10, 2026
Most “AI governance” decks sound impressive but leave one blind spot: Who is actually allowed to do what, where, under which authority, before anything executes? These seven questions let a board test, in one meeting, whether the organization has real governance or just model settings and policies on paper.

AI Risk P&L: The Prevented-Loss Ledger (with Refusal Artifacts)

By Patrick McFadden March 6, 2026
Define AI Risk P&L and the prevented-loss ledger. Learn how refusals, overrides, and sealed artifacts make AI governance provable.

The Missing Layer Between Model Governance and Audit

By Patrick McFadden March 3, 2026
Why You Still Get AI Incidents Even When Both Look “Mature”

How to Govern AI Decisions at Runtime (By Governing Actions at the Execution Gate)

By Patrick McFadden March 1, 2026
Everyone’s asking how to govern AI decisions at runtime. The catch is: you can’t govern “thinking” directly – you can only govern which actions are allowed to execute . Serious runtime governance means putting a pre-execution authority gate in front of file / send / approve / move and deciding, for each attempt: may this action run at all – yes, no, or escalate?

The Missing Commit Layer: Why “Safety” Isn’t Enough When Systems Can Act

By Patrick McFadden February 28, 2026
The Commit Layer is the missing control point in AI governance: the execution-boundary checkpoint that can answer, before an action runs.

Why You Need a AI Governance Control Stack (and Where a Pre-Execution Authority Gate Fits)

By Patrick McFadden February 26, 2026
AI governance isn’t one product—it’s a 5-layer control stack. See where vendors mislead, where a pre-execution gate fits, and how to close the gaps that matter.