# AI Bill of Materials (AI-BOM) — Template
#
# One file per AI agent in production. Stored in source control alongside
# the agent's deployment manifest. Updated on every change. Exportable as
# the first artifact in any AI incident.
#
# Conforms to: AI IR Overlay™ Minimum Viable Overlay, Control 1 (Inventory)

agent:
  name: "sales-triage-copilot"
  display_name: "Sales Triage Copilot"
  business_owner: "VP Sales Ops <sales-ops@example.com>"
  technical_owner: "Platform Eng <platform-eng@example.com>"
  environment: "production"            # one of: dev, staging, production
  deployed_at: "2026-04-01T00:00:00Z"
  last_reviewed: "2026-06-15T00:00:00Z"

identity:
  type: "delegated_oauth"              # service_account | delegated_oauth | impersonation | shared_token
  principal: "svc-sales-copilot@example.com"
  scopes:
    - "salesforce.read"
    - "salesforce.write.opportunities"
    - "outlook.send.internal"
  rotation_cadence_days: 90

model:
  provider: "anthropic"
  model_id: "claude-opus-4-7"
  version_pinned: true
  fallback_provider: "openai"
  fallback_model_id: "gpt-4o"

tools:
  - name: "salesforce_query"
    type: "read"
    risk_tier: "low"
    description: "Read-only Salesforce SOQL queries"
  - name: "salesforce_update_opportunity"
    type: "write"
    risk_tier: "high"
    description: "Updates opportunity records"
    write_targets:
      - "Salesforce.Opportunity"
  - name: "outlook_send_email"
    type: "write"
    risk_tier: "high"
    description: "Sends email on behalf of the agent identity"
    write_targets:
      - "M365.Outlook.SentItems"
      - "external_recipients"          # flag: external write target
  - name: "internal_kb_search"
    type: "read"
    risk_tier: "low"

retrieval:
  enabled: true
  corpora:
    - name: "sales_playbook"
      type: "sharepoint"
      uri: "sites/sales/Playbook"
      access_scope: "read"
      sensitivity: "internal"
      refresh_cadence: "daily"
    - name: "product_catalog"
      type: "vector_store"
      uri: "vector://pinecone/sales-catalog"
      sensitivity: "internal"
      refresh_cadence: "on_change"

memory:
  enabled: true
  scope: "per_user"                    # off | per_user | shared
  retention_days: 30
  classification_in_memory: "internal"
  pii_allowed: false

guardrails:
  prompt_injection_detection: true
  pii_redaction: true
  external_email_approval: true        # requires Kill-Switch M2 default
  rate_limit_per_user_per_hour: 50

logging:
  prompt_response: true
  prompt_response_retention_days: 90
  tool_calls: true
  tool_call_retention_days: 180
  retrieval_traces: true
  retrieval_trace_retention_days: 90
  config_versioning: true

kill_switches:
  m1_read_only:
    implemented: true
    tested_at: "2026-05-10"
    tta_seconds: 180
  m2_approvals:
    implemented: true
    tested_at: "2026-05-10"
    tta_seconds: 240
  m3_tool_tiering:
    implemented: true
    tested_at: "2026-05-10"
    tta_seconds: 300
  m4_full_disable:
    implemented: true
    tested_at: "2026-05-10"
    tta_seconds: 60

evidence_export:
  runbook: "docs/runbooks/sales-copilot-evidence-export.md"
  emergency_access: "preapproved"      # preapproved | ticketed
  tested_export_minutes: 38

compliance_tags:
  - "SOC2"
  - "ISO_42001"
  - "EU_AI_Act_Article_26"             # if deployer in EU jurisdiction

incidents_history:
  - date: "2026-05-22"
    summary: "Tabletop drill — prompt-injection-via-email scenario"
    mode_activated: "M1"
    duration_minutes: 45
    outcome: "passed"