// The Governance Framework

SOSA™
Supervised · Orchestrated · Secured · Agents

SOSA™ is the four-pillar governance framework behind every OpsAgents deployment. It reconciles agent autonomy with organizational accountability — so autonomous AI can run on real business data and still be trusted, audited, and controlled.

Supervised Orchestrated Secured Agents
Research Framework

Autonomy you can hold accountable

A formal framework for deploying autonomous AI agents in enterprise operations — without trading away supervision, security, or auditability.

Abstract

Most agent frameworks treat autonomy and control as opposing forces — ending up either too brittle to scale or too opaque to trust. SOSA™ — Supervised Orchestrated Secured Agents is a four-pillar methodology that reconciles agent autonomy with organizational accountability, and OpsAgents is its production reference implementation across multiple business verticals. Every pillar is a load-bearing engineering decision, not a marketing slogan — backed by graduated human-in-the-loop checkpoints, a real orchestration layer, zero-trust isolation, and an immutable, verifiable audit trail.

The Four Pillars

What each letter means

Each pillar answers one of the four questions every enterprise asks before it puts an AI agent in production.

S

Supervised

Human-in-the-loop checkpoints are first-class primitives, not add-ons. Supervision is graduated: routine, low-risk tasks run autonomously, while high-stakes actions — financial transactions, external communications, anything irreversible — require explicit human approval before they execute.

Daily briefings surface every action taken, and an agent that consistently meets its success criteria earns wider autonomy over time; one that drifts is escalated back to tighter supervision.

Answers: “Who is accountable for what this agent does?” — a human, with a configurable approval boundary, always.
O

Orchestrated

An orchestration layer coordinates agents across time, context, and toolchains. Agents share structured context and run on business-logic DAGs — not ad-hoc cron triggers or brittle message passing.

A centralized scheduler sequences 18+ agent types across their temporal and data dependencies, so the right agent acts on the right context at the right moment, with no two agents stepping on the same outcome.

Answers: “How do many agents work together without chaos?” — through a coordinated execution graph, not a pile of scripts.
S

Secured

Security is a property of every layer, not a perimeter. Each agent runs isolated, with scoped credentials, zero-trust boundaries, and verifiable audit trails — no access beyond its declared permission set.

Each client runs on an isolated environment with scoped OAuth credentials; zero business data is stored on OpsAgents servers, and every single action is written to an immutable audit store before it leaves the system.

Answers: “What can this agent reach, and can I prove what it did?” — only its declared scope, and yes, verifiably.
A

Agents

Not scripts with LLM wrappers — goal-directed entities with persistent context, real tool use, and adaptive planning. Each agent has a defined role, explicit success metrics, and a failure-recovery path.

They reach real systems — calendars, CRMs, accounting, recruiting pipelines — and own a business outcome end-to-end: reasoning, deciding, and acting, then verifying the result against their success criteria.

Answers: “Is this actually an agent, or a demo?” — a goal-directed entity with memory, tools, and recovery, measured by outcomes.
Proof, not promises

Every action logged. Every decision auditable.

SOSA™ isn’t a diagram — every run writes an audit trail. Below is a real, unedited slice recorded from one production worker run (service opsagent-recruiter, 2026-06-07), tenant identities redacted and everything else verbatim: action types, decisions, timestamps, and the governance gates that blocked ungoverned sends before they left the system. The two highlighted rows are those gates in action.

How it runs

The SOSA™ execution model

Every agent runs a three-phase loop — Plan, Act, Verify — with each action executed against real systems and logged to an immutable audit store. Agents that consistently meet their success criteria earn wider autonomy; those that drift are escalated to tighter supervision. The result is a trust gradient that addresses the three barriers to enterprise adoption of autonomous AI: accountability, reliability, and compliance.

OpsAgents: SOSA™ in production

OpsAgents is the first commercial implementation of the SOSA framework. Every architectural decision — from isolated environments to the orchestration scheduler to the human-approval gates — maps directly to a SOSA pillar.

Supervised

Configurable approval workflows per agent. Daily briefings surface all actions taken. High-impact operations (financial transactions, external communications) require explicit human sign-off.

Orchestrated

A centralized scheduler coordinates 18+ agent types across temporal and data dependencies. Agents share context through structured registries, not ad-hoc message passing.

Secured

Each client runs on an isolated environment with scoped OAuth credentials. Zero business data is stored on OpsAgents servers. Every action is logged to an immutable audit trail.

Agents

Goal-directed agents with persistent memory, real tool access (calendars, CRMs, accounting systems), and adaptive planning — not scripts, not wrappers, not demos.

Read the full SOSA™ white paper

The complete methodology, the execution model, and the production architecture — written up as a formal framework paper from OpsAgents Research.

Read the white paper → Download PDF ↓ View on GitHub ↗

Run autonomous agents you can actually trust

Bring SOSA™ to your operations. Book a SOSA security review and we’ll walk your team through the supervision gates, the isolation model, and the audit trail — against your real workflows.

Book a SOSA Security Review →

Shatz, M. (2026). “SOSA™: Supervised Orchestrated Secured Agents — A Methodology for Production-Grade Autonomous AI Operations.” OpsAgents Research.