AI-Agent Use and Governance Policy

AI coding agents can do real engineering work, and they can also make mistakes with real consequences. SICKR exists to make that work observable, governable, and accountable — so teams can expand what agents do with confidence rather than hope.

Through Prime Workflow, agent work runs inside defined workflows with tickets, workflow graphs, agent leases, approvals, evidence, comments, planning records, and audit logs. The intent is that an agent acts within a clear scope, on the right work, with a record of what it did and why.

Human oversight is a first-class part of the model, not an afterthought. Workflows can require human approval and human-intervention states at sensitive points. AI-generated outputs require human review where appropriate, and you decide what is accepted, merged, deployed, or run.

You — not SICKR — are responsible for deciding:

• which agents may act;
• what tools they may use;
• which repositories or systems they may access;
• when human approval is required; and
• how outputs are reviewed before use.

Governed workflows produce evidence and audit records so consequential work is traceable. These records are server-side product records by design and are intended to support review, accountability, and continuous improvement of your operating model.

Production access, sensitive data, deployments, and irreversible actions should be introduced through deliberate scope expansion, customer approval, and appropriate security review. SICKR does not enable such actions autonomously by default, and we do not recommend running agents with production authority outside of a governed workflow with approvals and review.

Do not place credentials, secrets, or regulated data into agent prompts or connected contexts without appropriate controls. The CLI’s redaction is a safety net for known patterns, not a guarantee, and is not a substitute for careful handling. Process personal data only with a lawful basis and necessary consent.

You bring your own AI/model providers and agents (for example Claude Code, Codex, Gemini CLI, or local/Ollama runners). Their behavior, availability, and terms are governed by those providers, and when you enable a cloud-hosted provider your data may be processed by it. Choose agents, models, and configurations appropriate to the work and its risk.

You are responsible for the agents, tools, credentials, and systems you authorize, for complying with the Acceptable Use Policy and applicable law, and for the consequences of actions you enable agents to take. SICKR provides governance surfaces; it does not assume responsibility for your operating decisions.

We recommend a staged rollout as confidence grows:

• Observe — watch and replay agent sessions before granting new authority.
• Simulate — run governed, dependency-gated workflows before they touch real systems.
• Expand — grow scope deliberately, with approvals, evidence, and review at each step.

For questions about responsible AI-agent use, use the support contact form. For legal or policy questions, use the legal contact form. For security concerns, use the security disclosure form.