# 5 Roadmap Recommendations ### 5.1 Capability Discovery and The Service Catalogue For autonomous agents to navigate a complex government landscape, they require a centralized directory. Just as a human needs a contact list to find the right department, a software agent needs a "Phonebook" to discover which services are available and how to use them. Governments must therefore implement a centralized Service Catalogue that indexes machine-readable Capability Statements. * **The Repository:** This catalogue serves as the single source of truth for the entire digital estate. It allows an agent to query the network and instantly identify which endpoint handles "Vehicle Registration" or "Business Licensing" without hard-coded assumptions. * **Quality Gates:** The catalogue is not merely a list but an active enforcement mechanism. It must function as an automated gatekeeper. We recommend implementing strict "Quality Gates" where the catalogue automatically rejects any service registration that does not pass automated Conformance Tests. This ensures that no broken or non-compliant API is ever exposed to the wider network, preserving the hygiene of the ecosystem. ### 5.2 The "Human-in-the-Loop" Handover Protocol Autonomy is not absolute. There will always be edge cases where an AI agent lacks the confidence or the authority to proceed. To handle this safely, we must standardize the "Human-in-the-Loop" protocol. This is a technical handshake that defines exactly how a machine delegates back to a civil servant when it encounters ambiguity. 1. **Pause and Preserve:** When confidence drops below a defined threshold, the Agent pauses its internal workflow. It serializes its current state - preserving all data collected so far - so that no information is lost during the transition. 2. **Ticket Generation:** The Agent should not just "stop", it should proactively create a "Ticket" in the existing human Case Management System or an equivalent. This ticket includes the transaction history and the specific reason for the handover, ensuring the human officer has full context. 3. **Asynchronous Wait:** The Agent enters a dormant state and waits for a specific callback event. This allows the human process to take minutes or days without blocking the technical infrastructure. 4. **Resumption:** Once the human officer resolves the issue and updates the case, the system triggers the callback event. The Agent wakes up, ingests the human decision and resumes execution to finalize the process. ### 5.3 Procurement and Vendor Requirements Architecture is theoretical until it is purchased and implemented. To ensure that new systems are compatible with this agentic future, we must update the legal language of our contracts. The most powerful lever for change is the procurement requirement. We recommend inserting specific, non-negotiable clauses into all future tenders to mandate AI Readiness. * **Mandatory Specifications:** Insert a clause stating that "Delivered software must provide OpenAPI 3.1 specifications." This ensures that every new piece of software comes with a machine-readable manual by default. * **Automated Compliance:** Insert a clause stating that the "System must comply with GovStack requirements" or an equivalent. This shifts the burden of proof to the vendor, requiring them to demonstrate interoperability before the contract is signed. * **Supply Chain Security:** To mitigate the risks of hidden vulnerabilities in AI-generated code, contracts must mandate a Software Bill of Materials (SBOM) and SLSA Level 2 provenance. Think of the SBOM as a mandatory "ingredients list" that reveals every component inside the software, and SLSA Level 2 as a "tamper-evident seal" that proves the code's origin and integrity. Together, they provide the essential transparency required to audit the supply chain and verify that no malicious flaws have been injected .