Governance
Keeping a multi-agent knowledge base trustworthy, auditable, and correctable.
When multiple agents write to the same knowledge base, you need governance -- rules that control what changes land, who made them, and how to undo mistakes. Omnigraph builds governance into the database layer so you don't have to build it yourself.
Core principles
Every change to an Omnigraph repository is:
- Versioned -- Every mutation creates a new version. You can inspect any historical state.
- Isolated -- Changes happen on branches. Nothing touches main until explicitly merged.
- Auditable -- Every branch, merge, and mutation records who did what and when.
- Reversible -- You can inspect earlier graph commits and restore state with explicit branch workflows.
- Gated -- Merge can require validation, review, or automated checks before landing.
Patterns
Branch-per-action
Every agent action gets its own branch. This is the simplest governance pattern: nothing goes to main without a merge.
omnigraph branch create --uri ./repo.omni --from main agent-enrichment-042
# Agent does work on the branch
# Review the branch with snapshot and validation queries
omnigraph snapshot ./repo.omni --branch agent-enrichment-042
omnigraph branch merge --uri ./repo.omni agent-enrichment-042 --into mainIf the agent's work is bad, you don't merge. The branch can be inspected, fixed, or deleted.
Human-in-the-loop
Require human review before merging agent branches. The agent writes to a branch and signals that it's ready for review. A human (or a review agent) inspects the diff and approves.
# Agent creates and populates the branch
omnigraph branch create --uri ./repo.omni --from main agent-analysis-run
# Agent writes analysis results...
# Human reviews
omnigraph read --uri ./repo.omni --query review.gq --name pending_review --branch agent-analysis-run
# Human approves
omnigraph branch merge --uri ./repo.omni agent-analysis-run --into mainAutomated quality gates
Run validation queries against a branch before allowing a merge. If the queries find problems, the merge is blocked.
query orphaned_nodes() {
match {
$n: Contact
not { $n belongsTo $a: Account }
}
return { $n.name }
}If this query returns results on the branch, the agent created contacts without linking them to accounts. Block the merge until fixed.
Time-travel debugging
When something goes wrong, inspect the graph at any previous point in time.
omnigraph snapshot ./repo.omni
omnigraph commit list ./repo.omni --branch main
omnigraph read --uri ./repo.omni --query diagnostic.gq --snapshot <graph-commit-id>Compare the current state to a historical state to find when a problem was introduced.
Parallel experiments
Run multiple approaches on separate branches and compare results before committing to one.
omnigraph branch create --uri ./repo.omni --from main approach-a
omnigraph branch create --uri ./repo.omni --from main approach-b
# Agent A works on approach-a
# Agent B works on approach-b
omnigraph snapshot ./repo.omni --branch approach-a
omnigraph snapshot ./repo.omni --branch approach-b
# Compare, pick the better one, merge it
omnigraph branch merge --uri ./repo.omni approach-a --into mainDecisions as data
When the trail of why a change happened needs to be queryable — not just the data change itself — model decisions as nodes:
node Decision {
outcome: String
rationale: String
decided_at: DateTime
decided_by: String
evidence_refs: [String]
}
edge HasDecision: Review -> DecisionCombined with branch history, you can trace who recorded what decision, when, and which graph commit captured the resulting data change. This is a data modeling pattern, not a compliance certification — Omnigraph does not sign or cryptographically chain these records.
Choosing a governance level
| Level | Pattern | Good for |
|---|---|---|
| 0 - None | Write directly to main | Prototyping, single-user exploration |
| 1 - Branch isolation | Branch-per-action, merge without review | Development, trusted agents |
| 2 - Automated gates | Validation queries before merge | Any setting with known quality rules |
| 3 - Human review | Human approves branch snapshots and validation reads before merge | Changes that need explicit sign-off |
| 4 - Decisions as data | Decision nodes referencing evidence, plus branch history | Workflows where the decision trail itself must be queryable |
Start at the lowest level that meets your needs. You can increase governance later without changing your schema or queries.
What happens without governance
| Problem | Symptom | Prevention |
|---|---|---|
| Bad data lands on main | Downstream agents produce wrong results | Validation queries as merge gates |
| No one knows what changed | Debugging requires manual log trawling | Branch-per-action with descriptive names |
| Can't undo a mistake | Corrupted data stays corrupted | Versioned snapshots, branch rollback |
| Agents overwrite each other | Last-write-wins race conditions | Branch isolation, merge conflict detection |
| No record of why a change happened | No trail of who decided what | Decision nodes, branch history |