Implementation Guide¶
This guide provides step-by-step instructions for implementing the RMACD Framework in your organization.
Prerequisites¶
Before implementing RMACD, ensure you have:
- Inventory of AI agents — Document all deployed or planned autonomous agents
- Identified stakeholders — Change management, security, compliance teams
- Approval workflow infrastructure — Ticketing system, notification capabilities
Step 1: Choose Your Implementation Model¶
Two-Dimensional Model (RMACD + HITL)¶
Choose this if: - Your organization does not have formal data classification - You need rapid adoption - You're piloting with a limited scope
Three-Dimensional Model (RMACD + HITL + Data Classification)¶
Choose this if: - You have an established data classification scheme - You operate in a regulated industry - Your agents access data across multiple sensitivity levels
Step 2: Define Permission Profiles¶
Start with the provided templates:
- Observer — Read-only agents
- Logistics — Read + Move agents
- Provisioning — Read + Move + Add agents
- Operations — Read + Move + Add + Change agents
- Administrator — Full RMACD (with restrictions on Restricted data)
Customize as needed for your agent types.
Step 3: Configure Policy Enforcement¶
Integrate RMACD with your agent runtime:
- Load permission profiles from your policy store
- Intercept agent operation requests
- Evaluate against the governance matrix
- Enforce autonomy requirements (allow, notify, queue for approval, deny)
- Log all decisions for audit
Step 4: Integrate Approval Workflows¶
Map autonomy levels to your existing systems:
| Autonomy Level | Integration |
|---|---|
| Autonomous | No integration needed |
| Logged | Enhanced logging pipeline |
| Notification | Email, Slack, Teams alerts |
| Approval | ServiceNow, Jira, custom ticketing |
| Elevated Approval | CAB workflow, senior management queue |
| Prohibited | Block with explanation |
Step 5: Test and Validate¶
Before production enforcement:
- Run in audit-only mode (log decisions, don't enforce)
- Review logs for unexpected denials or approvals
- Adjust profiles and matrix as needed
- Gradually enable enforcement
Step 6: Monitor and Iterate¶
Ongoing operations:
- Review agent behavior patterns
- Adjust permissions based on demonstrated trustworthiness
- Respond to incidents and update profiles
- Conduct periodic compliance audits
Python Tools Registry¶
A reference Python implementation is available in the tools-registry/ directory:
tools-registry/
├── rmacd_tools_registry.py # Core implementation (750+ lines)
├── example_usage.py # Usage examples with 27 pre-configured tools
├── test_registry.py # Test suite (43 tests)
├── mcp_integration.py # MCP auto-classification bridge
├── rmacd_tools_catalog.json # Pre-configured tool catalog
├── rmacd_permission_profiles.json # Standard permission profiles
└── README.md # Detailed documentation
Key features: - Tool registration with RMACD classification - Permission validation against agent profiles - Risk scoring for tools and workflows - Audit logging for compliance - MCP tool auto-classification
See tools-registry/README.md for detailed usage instructions.
Platform-Specific Guides¶
Coming soon:
- Kubernetes / Container orchestration
- AWS / Azure / GCP agent integration
- LangChain / AutoGPT integration
- ServiceNow integration
Need Help?¶
- Email: contact@rmacd-framework.org
- Web: rmacd-framework.org
- GitHub Discussions: rmacdframework/spec/discussions