№ 07·0307 · AI Agent System3 min read · Section 3 of 5

7.3 Agent life cycle

Register, authorize, run, monitor, upgrade, suspend, exit; align model governance, auditing and third-party due diligence FAQ list.

UpdatedOct 20, 2018

7.3 · Life cycle

Agents must be identifiable, constrainable, upgradeable, and revocable.

Agents need a life cycle like employee accounts and model versions: who can create it, who can authorize it, how to monitor it during operation, how to pause it when an accident occurs, and how to process the data after it is eliminated. Without a state machine, there is no trusted execution layer, and it is impossible to explain to the auditor “what was running in the system at that time.”

What this page doesState machine + governance action + audit response

core themesFull link from Registered to Retired

Reading highlightsAuthorization boundaries, suspension triggers, upgrade control

critical state

RegisteredRegistered in the catalog (name, type, default model, owner node, usage description). The business data has not been received yet, which is equivalent to "the account has been created but the permissions have not been activated".

AuthorizedComplete the permission review: data domain, tool whitelist, daily call limit, and whether writing to external systems is allowed. Corresponds to role binding in enterprise IAM.

ActiveExecute tasks within the scope of authorization and write structured logs continuously (input summary, output hash, tool calls, approval results).

Paused / SuspendedExamples of trigger conditions: abnormal unauthorized attempts, consecutive failures in output quality sampling, security incidents, and compliance bans. Pausing should cut off tools and external callbacks with one click.

UpgradedModel version, prompt, tool or limit changes; change order number, approver, effective time and rollback package must be recorded. Benchmark MLOps with change management (such as ITIL).

RetiredIf the business is offline or does not meet the standards, it will be eliminated; the read-only log retention period will be retained, and sensitive fields used for training will be deleted or anonymized (according to policy).

life cycle path

Registration → Risk assessment and authorization → Online (Active) → Continuous monitoring and random inspection → Event-driven suspension → Change upgrade (with approval) → Retirement and retention strategy

access

Clarify business scenarios, data classification, whether to process PII/confidentiality terms; prohibit "get in first and figure out a solution later".

Authorize

Minimum permissions: Split API scope by Agent type; two-person rule for sensitive operations or Human in the Loop (HITL).

run

SLA: Customer complaint labels for latency, error rate, and hallucinations; similar indicators to observability tools such as LangSmith, but the results must be entered into the WCN task system.

Review

Regular spot checks: comparison of multiple versions of models with the same input, red team prompt samples, and whether tool calls are out of bounds.

quit

Retired Agents must no longer appear in the dispatch list; historical output can still be referenced by Proof but marked with the model version.

Life cycle design goal: answer at any time - which Agent is running, what model is used, what can be accessed, and who approved the last change.

Governance and Risk Management Framework (Condensed)

Dimensions	Key points
Ownership	Each Agent has an owning node or platform responsible person; if there is a running incident, please contact the owner first
Change	Production changes go through the change window and rollback; major model switching can require parallel grayscale
Data	Training/log retention and cross-border transmission comply with node location and contract
Security	Escrow of keys and tool credentials; prohibiting agents from persistently holding user plaintext passwords
Audit	Log retention period ≥ business dispute tracing requirements; support exporting to third-party due diligence

The lack of the ability to suspend and retire tacitly allows "zombie agents" to hold expired permissions for a long time - a common source of data breaches and compliance penalties.

The fundamental difference from AutoGPT-style "normally open loop"

The autonomous loop defaults to no clear endpoint; the WCN life cycle ties each run to task and authorization aging. The task ends or the authorization expires → Agent calls should be rejected or entered read-only instead of continuing to "think" in the background.

One sentence when explaining to an auditor or LP: **Our Agents are like controlled batch jobs, not like tireless automated workers. **

← Previous7.2 Agent type Next →7.4 Boundaries of Agent