The 14 Domains of AI Agent Actions

Why Domains Matter

Governance does not work without classification. If you cannot describe what an AI agent is doing in a consistent, structured way, you cannot write policies against it, score its risk, or audit it meaningfully. You are left with raw action logs -- "called API," "wrote file," "sent request" -- that tell you almost nothing about intent or impact.

The MIR taxonomy solves this by organizing AI agent actions into 14 enterprise domains. Each domain represents a distinct area of business operations where AI agents act. Each domain contains categories that describe the specific actions within that area. Together, they provide the vocabulary that makes AI governance possible.

Here is every domain, what it covers, and why it matters.

MIR-100: Software Development

This domain covers actions related to the software development lifecycle. AI agents operating in this domain deploy code, create pull requests, merge branches, manage releases, run tests, update configurations, and perform rollbacks.

Key categories include deploy, merge, release, rollback, branch-create, test-execute, config-update, and dependency-update.

Why it matters: software development is where most AI agent adoption starts. Copilots, code review bots, deployment automators, and CI/CD agents all operate here. Governance ensures that an AI agent deploying to production is held to different standards than one deploying to staging.

MIR-200: Security Operations

This domain covers security-related actions. AI agents handling security operations manage access grants and revocations, respond to incidents, run vulnerability scans, rotate credentials, update firewall rules, and investigate threats.

Key categories include access-grant, access-revoke, incident-respond, vulnerability-scan, credential-rotate, firewall-update, and threat-investigate.

Why it matters: security operations have the highest consequence per action. A misconfigured access grant or an incorrect firewall rule can expose the entire organization. AI agents in this domain need the tightest governance.

MIR-300: Infrastructure

This domain covers cloud and on-premise infrastructure operations. AI agents here provision resources, scale services, terminate instances, configure networking, manage storage, update DNS, and handle load balancing.

Key categories include provision, scale-up, scale-down, terminate, network-configure, storage-manage, dns-update, and load-balance.

Why it matters: infrastructure actions are often irreversible or have cascading effects. Terminating the wrong instance or misconfiguring a network route can cause outages. Domain-specific governance ensures that high-impact infrastructure changes get the scrutiny they require.

MIR-400: Data Operations

This domain covers data management actions. AI agents handling data operations perform migrations, transformations, backups, restores, schema changes, ETL jobs, and data quality checks.

Key categories include migrate, transform, backup, restore, schema-change, etl-execute, quality-check, and archive.

Why it matters: data is often the most sensitive asset in an enterprise. Actions that modify, move, or expose data need governance that understands the sensitivity of the data involved, not just the type of operation.

MIR-500: Financial Operations

This domain covers financial actions. AI agents in finance approve payments, change budgets, process invoices, handle expense reports, manage subscriptions, execute transfers, and generate financial reports.

Key categories include payment-approve, budget-change, invoice-process, expense-approve, subscription-manage, transfer-execute, and report-generate.

Why it matters: financial operations are among the most regulated. Every action has a dollar value, and governance needs to account for thresholds, dual authorization requirements, and audit trail mandates that are specific to financial compliance.

MIR-600: HR Operations

This domain covers human resources actions. AI agents managing HR operations handle employee onboarding, offboarding, access reviews, role changes, benefits administration, performance reviews, and organizational updates.

Key categories include onboard, offboard, access-review, role-change, benefits-update, performance-review, and org-update.

Why it matters: HR actions involve personally identifiable information and have legal implications. Onboarding and offboarding affect system access across the entire organization. Governance here prevents unauthorized access changes and ensures compliance with employment regulations.

MIR-700: Customer Operations

This domain covers customer-facing actions. AI agents in customer operations handle ticket escalations, account modifications, SLA reviews, satisfaction surveys, communication sends, and customer data updates.

Key categories include ticket-escalate, account-modify, sla-review, survey-send, communication-send, and data-update.

Why it matters: customer operations directly affect revenue and reputation. An AI agent that sends the wrong communication, modifies the wrong account, or escalates incorrectly can damage customer relationships. Domain-specific governance ensures appropriate handling.

MIR-800: Legal and Compliance

This domain covers legal and regulatory actions. AI agents here review contracts, update policies, respond to audits, manage regulatory filings, handle data subject requests, and track compliance controls.

Key categories include contract-review, policy-update, audit-respond, regulatory-file, dsr-process, and control-track.

Why it matters: legal and compliance actions carry regulatory risk. A missed filing, an incorrect policy update, or a mishandled data subject request can result in fines and legal liability. Governance ensures that these high-stakes actions are properly authorized and documented.

MIR-900: Sales Operations

This domain covers sales-related actions. AI agents managing sales operations approve deals, authorize discounts, change territories, update forecasts, manage pipeline stages, and generate proposals.

Key categories include deal-approve, discount-authorize, territory-change, forecast-update, pipeline-manage, and proposal-generate.

Why it matters: sales operations involve revenue commitments. An unauthorized discount or an incorrect deal approval can affect financial projections. Governance ensures that sales actions comply with pricing policies and approval hierarchies.

MIR-1000: Marketing Operations

This domain covers marketing actions. AI agents in marketing launch campaigns, allocate budgets, publish content, manage social media, execute email sends, and update audience segments.

Key categories include campaign-launch, budget-allocate, content-publish, social-manage, email-send, and audience-update.

Why it matters: marketing actions have public-facing impact. A campaign launched with incorrect messaging or an email sent to the wrong audience can damage brand reputation. Governance ensures that public-facing actions are reviewed before execution.

MIR-1100: Supply Chain

This domain covers supply chain and procurement actions. AI agents here approve orders, change vendors, update logistics, manage inventory, process returns, and handle supplier communications.

Key categories include order-approve, vendor-change, logistics-update, inventory-manage, return-process, and supplier-communicate.

Why it matters: supply chain actions affect physical goods and contractual relationships. An incorrect order or vendor change can disrupt operations. Governance ensures that supply chain decisions comply with procurement policies.

MIR-1200: Research and Development

This domain covers R&D activities. AI agents in R&D launch experiments, allocate resources, file IP claims, manage lab environments, process research data, and coordinate collaboration.

Key categories include experiment-launch, resource-allocate, ip-file, lab-manage, data-process, and collaborate.

Why it matters: R&D actions involve intellectual property, research integrity, and resource allocation. Governance ensures that experiments are properly authorized, IP is protected, and resources are allocated according to organizational priorities.

MIR-1300: IT Operations

This domain covers internal IT service management. AI agents handling IT operations manage service changes, incident management, capacity planning, asset tracking, configuration management, and service desk operations.

Key categories include service-change, incident-manage, capacity-plan, asset-track, config-manage, and service-desk.

Why it matters: IT operations affect every other domain. A service change or configuration update can have cascading effects across the organization. Governance ensures that IT changes are evaluated for impact before execution.

MIR-1400: Executive Operations

This domain covers high-level organizational actions. AI agents supporting executive operations handle board reporting, strategic decisions, M&A workflows, investor communications, organizational restructuring, and executive approvals.

Key categories include board-report, strategic-decide, ma-workflow, investor-communicate, restructure, and executive-approve.

Why it matters: executive operations have the highest organizational impact. These actions affect the direction and structure of the entire company. Governance ensures that AI agents supporting executive functions operate within strict authorization boundaries.

Domain Awareness in Practice

Each domain is not just a label -- it is a governance context. When Intended classifies an action under MIR-500 (Financial Operations), the Domain Intelligence Pack for FinOps activates. That pack knows that payment approvals above $10,000 require dual authorization, that budget changes above 20% trigger executive review, and that all financial actions must produce evidence bundles that map to SOX compliance controls.

This domain awareness is what separates classification from governance. Classification tells you what is happening. Domain awareness tells you what to do about it.

Explore the complete MIR taxonomy. Install @intended/open-intent-layer to start classifying AI agent actions across all 14 domains.