The Metrics
The unattended rate is the most honest single measure of whether human oversight exists outside the policy document: the approval mechanism existed, and nobody decided in time. A stale-pending request counts as expired the moment its expiry passes, even before the background sweeper updates its status.
Per-Agent Scorecard
Tenant-Wide Summary
agents_evaluated (distinct agents with policy evaluations in the window).
Window Semantics
- Both endpoints accept
startandendquery parameters (ISO 8601). Default window is the last 30 days; the maximum range is 180 days. - Timestamps without a timezone offset are treated as UTC.
- Historical windows are reproducible. Approval expiry is judged as of the window end, not the current time, so a report for a closed period returns the same numbers every time you run it. A request that lapsed after your window closed was still pending within it.
- Requires the
governance:readscope.
How Defer-to-Human Counting Works
defer_to_human_policies counts enabled policies of type require_approval or require_human_review whose conditions match the agent, using the same condition matcher the policy engine uses at evaluation time, including risk-tiered scoping. An unclassified agent never matches a policy scoped to specific risk levels, so classifying your agents is a prerequisite for risk-tiered oversight coverage.
Related
- Approvals: the human-in-the-loop workflow these metrics measure
- Risk Classification: risk levels that scope defer-to-human policies
- Incident Reporting: the evidence pack cites oversight activity in the incident window

