Domain 6 of GH-600 (9% of the exam — the smallest domain, but arguably the most consequential in practice) covers responsible autonomy and governance. This is where certification prep meets real-world safety engineering.
The Autonomy Spectrum
The GH-600 study guide describes agent autonomy as a spectrum, not a binary. The Agentic Codex uses a five-level model (L0–L4):
| Level | Name | Agent Role | Human Role |
|---|---|---|---|
| L0 | Manual | No agent involvement | Human does everything |
| L1 | Assisted | Agent suggests, human executes | Human accepts/rejects every suggestion |
| L2 | Supervised | Agent acts, human reviews output | Human reviews before any output ships |
| L3 | Monitored | Agent acts and ships, human monitors | Human reviews metrics, intervenes on signals |
| L4 | Autonomous | Agent acts, ships, and self-monitors | Human audits periodically |
Most production uses of GitHub Copilot today are L1–L2. L3 is appropriate for lower-risk tasks in stable, well-understood codebases. L4 should be reserved for extremely well-defined, low-stakes, highly reversible tasks.
Task Classification Drives Level Assignment
The key question for sub-skill 6.1 is: what determines the right autonomy level for a task? The exam expects you to use a structured approach:
- Reversibility: Can the action be easily undone? (Higher reversibility → higher autonomy OK)
- Blast radius: What’s the worst-case impact if the agent does the wrong thing?
- Predictability: Is this a task the agent has done correctly many times before?
Guardrails: Three Implementations
Sub-skill 6.2 covers guardrails — constraints that limit what an agent can do regardless of what it’s instructed to do.
Guardrail 1: File-scope boundary (CODEOWNERS)
CODEOWNERS requires human approval before an agent’s PR can be merged to files in sensitive directories (infrastructure/, security/, _config.yml, etc.)
Guardrail 2: Environment approval gate GitHub Environments with required reviewers create a mandatory human checkpoint before deployment-related workflow jobs run.
Guardrail 3: Forbidden actions list (AGENTS.md)
The AGENTS.md file in the repository root documents actions that agents are explicitly forbidden from taking, regardless of instructions. This is a social and technical boundary.
The Audit Trail
Responsible autonomy requires an audit trail. Domain 6 expects you to know that agents must produce records of:
- What they were instructed to do
- What they actually did
- What the outcome was
In GitHub, this is the combination of workflow run logs, PR descriptions with auto-generated action summaries, and committed log files.
Domain 6 Quests
| Quest | Skill | Link |
|---|---|---|
| Q18 | Autonomy Levels Matrix | Autonomy Levels Matrix |
| Q19 | Guardrails & HITL | Guardrails & Human-in-the-Loop |
Q18 includes the full L0–L4 implementation matrix and task classification schema. Q19 includes the CODEOWNERS guardrail pattern, the environment approval gate workflow, and the forbidden actions list template.
Domain 6 is worth 9% of the exam, but the concepts it covers — responsible autonomy, human oversight, and audit trails — are the foundation of every trustworthy agentic system. Design the guardrails before you deploy the agents. It is much easier to add capability to a constrained system than to add constraints to an unconstrained one.