The Principle × Lifecycle Matrix
Each cell is an intersection of a governing principle and a lifecycle stage. Tap any chip to open the pattern — or browse the full catalogue via the tab above.
Pattern Field Guide
A compact, Google Cloud Architecture-style reference for every agentic pattern referenced across Tiers 1–3, grouped by source. Each pattern gets a clean diagram, a one-paragraph description, a use case, and the primary trade-offs. Tier 4 — governance and regulatory patterns — appears at the bottom as a Standards Mesh Reference list. For deep treatment of the 61 composable patterns (context · forces · solution · applicability · anti-patterns · standards mesh), see the Deep Catalogue tab.
The Deep Pattern Catalogue
Index of Patterns
| ID | Pattern | Principle | Runtime Stage | AgentOps Stage | Tier |
|---|
Standards Reference
Every pattern carries a standards mesh pointing to articles, principles, or controls it helps satisfy. Below is the consolidated reference set.
| Framework | Scope & Relevance to Agentic AI |
|---|---|
| IMDA MGF (2026) | Singapore Model AI Governance Framework for Agentic AI. Four dimensions: (1) assess and bound risks upfront; (2) make humans meaningfully accountable; (3) implement technical controls and processes throughout the agent lifecycle; (4) enable end-user responsibility. World's first agentic-specific governance framework. |
| EU AI Act | Arts. 9 (risk management), 10 (data governance), 11 (technical documentation), 12 (record-keeping/logging), 13 (transparency), 14 (human oversight), 15 (accuracy/robustness/cybersecurity), 50 (transparency obligations), 72 (post-market monitoring). Many agentic use cases (credit scoring, employment screening) fall under "High-Risk". |
| NIST AI RMF 1.0 | Four core functions: Govern, Map, Measure, Manage. Supplemented by NIST AI 600-1 (Generative AI Profile) covering 12 risk categories. Outcome-oriented rather than prescriptive; pairs well with EU AI Act (obligations) and ISO 42001 (management system). |
| ISO/IEC 42001:2023 | AI Management System (AIMS) standard. Certifiable via accredited bodies per ISO/IEC 42006:2025. Paired with ISO/IEC 23894 (AI risk management). Covers data governance, transparency, performance evaluation, continual improvement. |
| MAS FEAT | Monetary Authority of Singapore: Fairness, Ethics, Accountability, Transparency principles. Applies to use of AI and data analytics in Singapore's financial sector. Complemented by MAS TRMG (Technology Risk Management Guidelines). |
| HKMA GL-1 | Hong Kong Monetary Authority: High-level Principles on Use of Generative AI by Authorized Institutions. Emphasis on governance, accountability, fair treatment of customers, data management, cybersecurity. |
| BNM RAI | Bank Negara Malaysia: Responsible AI principles. Covers soundness, accountability, fairness, data integrity, transparency for financial institutions. |
| OWASP LLM Top 10 | Top 10 threats for LLM applications: prompt injection, insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, excessive agency, overreliance, model theft. OWASP AIVSS extends to agentic scoring. |
| Gartner TRiSM | AI Trust, Risk, and Security Management. Pillars: explainability/model monitoring, ModelOps, AI application security, privacy. Industry-standard framing for enterprise AI risk. |
| CSA SG Addendum | Cyber Security Agency of Singapore — Addendum on Securing Agentic AI (Oct 2025). Practical controls for agent system owners: identity, tool whitelisting, memory poisoning defence, sandboxing. |
| AAGMM | Agentic AI Governance Maturity Model (arxiv 2604.16338): 5 levels × 12 governance domains grounded in NIST AI RMF and ISO 42001. Includes sprawl taxonomy: functional duplication, shadow agents, orphaned agents, permission creep, unmonitored delegation chains. |
| GDPR · PDPA | Data protection. PDPA (Singapore) advisory guidelines on use of personal data in AI recommendation and decision systems (2024). GDPR Art. 22 (automated decision-making), data residency, purpose limitation. |
| BCBS 239 | Principles for effective risk data aggregation and risk reporting. Relevant to agents in risk and regulatory reporting flows — especially observability, lineage, adaptability, accuracy. |
Bibliography & Primary Sources
Every pattern in this catalogue is synthesised from one or more of the following primary references. Books and papers are cited with author and year; regulatory frameworks with publisher and effective date; vendor documentation with publisher and current page title.
Colophon & Method
Why a Pattern Catalogue
Software architecture matured once its patterns were codified. Data architecture is following the same arc. Agentic AI is at the earliest phase — patterns are described variously across blog posts, vendor docs, one book, and a handful of arXiv pre-prints.
This catalogue treats each design decision as a reusable primitive — a named solution to a recurring problem in a specific context — rather than as a framework feature. Reflection is a pattern; LangGraph is an implementation.
Every pattern has three depths: a sketch (card), a reference (modal body), and a mapping (standards grid). Start shallow. Deepen only when implementing.
Primary Sources
S1. Anthropic — Building Effective Agents (Schluntz & Ingham, Dec 2024) and Building Effective AI Agents: Architecture Patterns and Implementation Frameworks (2025).
S2. Antonio Gulli (Google, Office of CTO) — Agentic Design Patterns: A Hands-On Guide to Building Intelligent Systems (Springer, Dec 2025, 424 pp, 21 patterns).
S3. Dao et al. — Agentic Design Patterns: A System-Theoretic Framework (arXiv 2601.19752, Jan 2026).
S4. Agentic AI: Architectures, Taxonomies, and Evaluation of LLM Agents (arXiv 2601.12560).
S5. AWS Prescriptive Guidance — Foundations of Agentic AI on AWS.
S6–S10. Google Cloud Architecture Center, Microsoft Agent Factory, Salesforce Enterprise Agentic Architecture, LangChain / LangGraph, Hugging Face Agents Course.
R1–R12. IMDA MGF for Agentic AI · CSA SG Addendum · EU AI Act · NIST AI RMF · ISO/IEC 42001/23894 · MAS FEAT · HKMA GL-1 · BNM RAI · OWASP LLM Top 10 · Gartner TRiSM · AAGMM · GDPR/PDPA.
Honest Caveats
The agentic AI field is three years old. Unlike BCBS 239 (2013) or DAMA-DMBOK, there is no ISO-grade canonical pattern list yet. This catalogue synthesises the authoritative sources named above; it is not a standard.
Gulli's 21-pattern corpus is the closest to a standard — but it is one author's synthesis, not a committee standard. Anthropic's six workflow patterns are the most widely replicated.
The IMDA Model Governance Framework for Agentic AI (22 Jan 2026) is the world's first agentic-specific governance framework. Singapore is ahead of the regulatory curve.
Standards mesh mappings are indicative. They do not constitute legal advice or regulatory endorsement.
Every pattern in this catalogue is traceable to at least one public reference. Where the field lacks a widely recognised name, the more general name is preferred. No proprietary methodology is reproduced.