AI agents need a rights-stack contract

Harry Floyd's dev.to essay frames AI agent autonomy as an action contract rather than raw tool access [Dev.to]. He defines a five-layer rights stack that any production-grade agent must satisfy before it can mutate a business-critical object.

The five layers are:

1. Visibility – the set of data, APIs, and logs the agent may inspect. A Slack-search token that returns only message IDs is visibility-only; it cannot post.
2. Mutation – the objects the agent may alter. Drafting a reply is a mutation of a draft buffer; sending the email is a mutation of the outbound mailbox.
3. Proof – the evidence the agent must produce before a mutation is committed. Floyd cites test runs, diff patches, policy checks, or a required human signature as proof mechanisms [Dev.to].
4. Escalation – a named condition that forces the agent to hand off to a human. Examples include “payment > $10 k”, “privilege change”, or “legal exposure”.
5. Revocation – the loss of a permission after a failed run. Floyd notes that most agents simply patch bugs and retain the same rights, which he calls “amnesia with API keys” [Dev.to].

The Microsoft Responsible AI framework already mandates human-in-the-loop checks for high-impact actions [Microsoft Responsible AI]. Companies that embed the five-layer stack into their agent platforms will meet compliance audits faster than those that rely on ad-hoc tool integrations.

Floyd predicts a split between vendors that sell “reach” – more connectors, larger context windows – and those that sell “agency” – permissioned actions, escalation hooks, revocation policies. The former will win demos; the latter will survive post-mortems [Dev.to].