Why fail-closed governance matters: a LangGraph agent post-mortem

A production LangGraph agent silently continued executing after a policy gate returned an inconclusive result. Here is the exact failure mode, the trace, and what fail-closed enforcement would have caught.

The Incident

At 14:23 UTC on March 28, 2026, a LangGraph agent processing insurance claims continued execution after the governance policy gate returned status: INCONCLUSIVE. The agent treated INCONCLUSIVE as a soft pass and proceeded to generate a coverage recommendation that was sent to a human reviewer.

The Trace

The execution trace shows the following sequence:

1. Agent receives claim payload
2. Policy gate invoked with claim context
3. Gate returns: { "status": "INCONCLUSIVE", "reason": "Unable to determine risk tier from provided data" }
4. Agent interprets non-DENY as ALLOW
5. Agent generates recommendation
6. Recommendation queued for human review

Why This Is a Governance Failure

In a fail-closed system, INCONCLUSIVE halts execution. The agent should have returned to the caller with a request for additional context or escalated to a human operator. Instead, it made a decision without sufficient governance authority.

The Fix

Fail-closed enforcement means: if the policy gate does not return an explicit ALLOW, execution stops. There are only two valid forward states: ALLOW (continue) and everything else (halt + escalate). This is not a suggestion. It is a structural requirement.

Lessons

1. Default-deny is not the same as fail-closed. Default-deny handles missing policies. Fail-closed handles ambiguous responses.
2. Test your governance gates with INCONCLUSIVE inputs, not just ALLOW and DENY.
3. Audit logs must capture the gate response AND the agent's interpretation of that response.