Edda: Constitutional Governance for AI Agent Systems

AI agent systems — from supervised copilots executing tool calls with human approval to fully autonomous agents managing files, triaging email, and executing workflows — create governance challenges at every point on the autonomy spectrum. Current approaches treat the LLM as a software component and apply software security controls: sandboxing, input validation, and API access lists. We argue these controls are necessary but insufficient because LLMs behave like human actors: capable, productive, unpredictable under novel conditions, susceptible to compromise, and capable of exceeding their authorized scope. We propose the governed actor thesis: the natural framework for constraining AI agents is not software security alone, but institutional governance — structural controls developed over centuries for managing capable but unpredictable human actors within organizations. The genuinely novel contributions are: (1) an information asymmetry mechanism enforcing structural independence between reasoning and evaluation layers, and (2) an institutional governance lineage argument connecting AI agent governance to centuries of organizational control practice. We present Edda, a constitutionally-constrained agent framework implementing eleven governance principles drawn from NIST SP 800-53, ISO 27001, SOX Section 404, the EU AI Act, and the OWASP Top 10 for Agentic Applications. Edda enforces separation of duties through information asymmetry between reasoning and evaluation, maintains cryptographically verifiable audit trails, and prevents privilege escalation by design. A three-tier trust model scales oversight to autonomy level — from per-action human approval through batch-level review to pre-authorized execution — applying the same constitutional architecture across the full deployment spectrum. We map these principles to seven compliance frameworks and provide evidence through a 460-test suite, independent quality assurance review, and Common Criteria EAL 2 self-assessment. We further explore three practical implications: monitoring human oversight quality to detect automation complacency, establishing evidentiary chain of custody for regulatory admissibility, and applying governance principles as procurement evaluation criteria. The central finding is that governance-first architecture produces multi-framework compliance alignment as a structural consequence of the design rather than an aftermarket addition. The framework is released as open-source software under Apache License 2.0. AI Tools (Anthropic Claude) were used in research, analysis, and drafting as decribed in the paper's "Use of AI Tools" section.