Task Classification and Routing¶
Every task an AI agent performs in this repository falls into one of three risk tiers. The tier determines how much process is required. This is the agent-facing counterpart to docs/governance/change-management.md.
Low risk — proceed freely¶
Fixing broken links, wording improvements that do not change meaning, updating indexes, and formatting corrections. No plan or work log required beyond normal care; no human review gate.
Examples: fixing a typo, repairing a relative link, reformatting a table, updating a README index after a file was added elsewhere.
Moderate risk — plan and note in a work log¶
Changes with real substantive content but bounded, reversible scope. Requires a brief plan (see planning-and-work-logs.md) and a note in the work log; does not by itself require human sign-off before proceeding, but should be reviewable after the fact.
Examples: a new product specification (draft), a venture standard change (draft/proposed), a component contract change, a calculation implementation update.
High risk — human review required, never auto-approved¶
Work that touches company policy, security controls, privacy practices, legal claims, financial models used for real decisions, food-safety guidance, medical/nutrition claims, destructive migrations, or public product claims.
High-risk work must require explicit human review and must never be auto-approved by an
agent. An agent may draft high-risk content, but it stays at status: draft or
status: proposed (see
docs/governance/document-metadata-standard.md)
until a human with the relevant decision rights (see
docs/governance/decision-rights.md) reviews and approves it.
See human-review-and-approval.md for how that review is requested
and recorded.
Examples: a company policy change, a new security control, a privacy-practice change, a legal claim, a financial model that will inform a real decision, food-safety guidance, a destructive migration, a marketing claim about product capability.
Routing summary¶
| Tier | Process required | Can agent mark it done/approved? |
|---|---|---|
| Low | None beyond normal care | Yes — no approval concept applies |
| Moderate | Brief plan + work-log note | Agent can complete the work; approval to approved status still follows normal document-lifecycle rules |
| High | Explicit human review, always | No — agent must never self-approve high-risk output |
When a task's tier is unclear, or a task spans tiers (e.g. a moderate-risk spec change that touches a high-risk financial model), treat the whole task at its highest applicable tier.