ITIL for the Agentic Era
The RMACD Framework (Read, Move, Add, Change, Delete) is a governance model for autonomous AI agents in enterprise IT operations. It integrates:
- Operational Permissions — Five graduated tiers (R→M→A→C→D) based on risk
- Human-in-the-Loop Controls — Six autonomy levels from fully autonomous to prohibited
- Data Classification — Optional integration with enterprise data sensitivity tiers
RMACD answers the fundamental governance question: "What can this agent do, to what data, with what oversight?"
| Operation | Risk Level | Description |
|---|---|---|
| Read | Near-Zero | Observe, query, analyze — no state change |
| Move | Low-Medium | Relocate, transfer — reversible |
| Add | Medium | Create, provision — additive impact |
| Change | High | Modify, update — state mutation |
| Delete | Critical | Remove, destroy — potentially irreversible |
| Model | Dimensions | Best For |
|---|---|---|
| Two-Dimensional | RMACD × HITL | Organizations without formal data classification |
| Three-Dimensional | RMACD × HITL × Data Classification | Regulated industries, mature data governance |
| Public | Internal | Confidential | Restricted | |
|---|---|---|---|---|
| Read | Auto | Auto | Logged | Notify |
| Move | Auto | Notify | Approve | Elevated |
| Add | Notify | Approve | Elevated | Elevated |
| Change | Approve | Approve | Elevated | Prohibited |
| Delete | Approve | Elevated | Elevated | Prohibited |
- Full Specification (Markdown) — Recommended for reading on GitHub
- Full Specification (Word) — Original document format
- Framework Diagram (PNG) — Visual overview
- Framework Diagram (draw.io) — Editable source
- Implementation Guide
- Python Tools Registry — Reference implementation
- JSON Schema Templates
- Website
RMACD is a governance specification, not a software package. To implement:
- Assess your organization's data classification maturity
- Select the Two-Dimensional or Three-Dimensional model
- Define permission profiles for your agent types
- Integrate with your agent runtime/orchestration platform
See the Implementation Guide for details.
Example profile for a read-only monitoring agent:
{
"$schema": "https://rmacd-framework.org/schema/v1/profile-2d.json",
"profile_id": "rmacd-2d-observer-v1",
"profile_name": "Observer",
"model": "two-dimensional",
"version": "1.0",
"permissions": ["R"],
"constraints": {
"environments": ["development", "staging", "production"],
"rate_limits": {
"queries_per_minute": 100
}
}
}See schemas/examples/ for more profiles.
If you use the RMACD Framework in your work, please cite:
@misc{rmacd2026,
author = {Kash Kashyap},
title = {RMACD: AI Agent Governance Framework},
year = {2026},
url = {https://rmacd-framework.org},
note = {Version 1.2}
}Or see CITATION.cff for machine-readable citation.
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
This work is licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).
You are free to share and adapt this material with appropriate attribution.
Created by Kash Kashyap — January 2026
Email: kash@rmacd-framework.org
Web: rmacd-framework.org
ORCID: 0009-0005-0127-6265
LinkedIn: linkedin.com/in/kashkashyap
RMACD: AI Agent Governance Framework — ITIL for the Agentic Era
