Codokey Reference Brief

AI Code Access Governance

Version:: 1.1
Date:: 2026-06-01
Status:: Canonical Reference
Scope:: Root category definition — Codokey as canonical reference model

Reference model document — not a formal certification, audit, or product specification. This is the root definition page for the discipline at codokey.com/category/

Canonical Definition

AI Code Access Governance is the discipline of governing what AI agents, AI-touched code, and agentic development workflows can access, expose, change, and move toward production.

AI coding did not merely change who writes software.
It changed where authority begins.

Foundational Shift

Before AI agents: Who wrote the code?

After AI agents: What can the code and the agent access, expose, change, and release?

Codokey is the canonical reference model for this category.

Seven Category Layers

01 — AI Agent Capabilities

What can the agent do? Each capability carries distinct governance weight.

02 — Codebase Access

Repository trust boundaries defined before agent execution.

03 — Secrets Boundary

Credential classes excluded from agent read context.

04 — Agent Authority

Total scope of agent permission — minimum privilege default.

05 — Deployment Authority

Production paths require human gates.

06 — Audit Memory

Reconstructable agent action history.

07 — Organizational Accountability

Who owns the governance model and reviews governance debt.

The Codokey Reference Stack

Charter — why the category exists
Protocol — how the category is governed
Scorecard — how posture is assessed
Cost of Undefined Agent Authority — what failure costs
Buyer Logic — who structurally needs the category