№ 07·0307 · AI Agent System3 min read · Section 3 of 5

7.3 The Agent life cycle

Register, authorize, run, review, upgrade, suspend, and retire — the state machine that keeps every Agent identifiable, constrainable, and revocable.

Updated
7.3 · The Agent life cycle

An Agent must be identifiable, constrainable, upgradeable, and revocable.

An Agent needs a life cycle, the way an account and a model version do. Who may create it, who may authorize it, how it is watched while it runs, how it is stopped when something goes wrong, and how its data is handled once it retires. Without a state machine there is no trusted execution layer, and no way to tell an auditor what was running at a given time.

What this page doesDefines the state machine, the governance actions, and the audit response
Core spanThe full path from Registered to Retired
You will learnAuthorization limits, suspension triggers, and upgrade control

The core states

RegisteredRecorded in the catalog with a name, type, default model, owner node, and description. It holds no business data yet — the account exists, but its permissions are not active.
AuthorizedPermission review is complete: data domain, tool list, daily call limit, and whether it may write to external systems. This is the capability manifest that fixes the Agent's reach.
ActiveExecutes scoped tasks and writes structured logs continuously — an input summary, an output hash, the tool calls, and the review result.
SuspendedTriggered by an unauthorized attempt, repeated failures in output sampling, a security incident, or a compliance block. Suspension cuts off tools and external callbacks at once.
UpgradedA change to the model, prompt, tools, or limits. The change record, approver, effective time, and rollback package are all written down before it takes effect.
RetiredTaken offline when the work ends or the Agent fails to meet standard. The log is kept read-only for its retention period, and sensitive fields are deleted or anonymized by policy.

The life-cycle path

Register, then review and authorize, then run as Active, then monitor and sample continuously, then suspend on a triggering event, then upgrade through an approved change, then retire under a retention policy.

Register
State the business scenario, the data classification, and whether the work touches personal or confidential data. "Get in first and sort it out later" is not allowed.
Authorize
Grant least privilege: scope the tools by Agent type, and require a two-person rule or a human in the loop for any sensitive action.
Run
Hold a service standard for latency, error rate, and unsupported claims. Observability is useful, but the result must land in the WCN task system.
Review
Sample on a schedule: compare model versions on the same input, run adversarial prompts, and check whether any tool call went out of bounds.
Retire
A retired Agent no longer appears in the dispatch list. Its past output can still be cited by Proof, marked with the model version it ran.
The aim of the life cycle is to answer, at any time: which Agent is running, on what model, with access to what, and who approved the last change.

Governance and risk, in brief

DimensionKey point
OwnershipEach Agent has an owning node or responsible person; on an incident, the owner is the first contact
ChangeProduction changes pass through a change window with a rollback; a major model switch can require a parallel rollout
DataTraining data, log retention, and any cross-border transfer follow the node's location and contract
SecurityKeys and tool credentials are held in escrow; an Agent never holds a user's plaintext password
AuditLogs are kept at least as long as a dispute may take to trace, and can be exported for third-party review

Without the ability to suspend and retire, an Agent can hold expired permissions long after its work ends. That standing access is a common source of data breaches and compliance penalties.

The difference from an always-on loop

An autonomous loop has no defined endpoint by default. The WCN life cycle ties every run to a task and to the term of its authorization. When the task ends or the authorization expires, the Agent's calls are rejected or made read-only. It does not keep running in the background.

The line to give an auditor is short: WCN Agents are scoped, recorded jobs with a defined end, not tireless workers that run on their own.