Modern agents no longer execute within predictable application boundaries. They invoke APIs dynamically, retrieve enterprise context through MCP servers, orchestrate workflows across multiple platforms and interact with structured and unstructured data sources in real time. As these systems become more autonomous, organizations lose visibility into what data influenced an outcome, what systems were touched during execution and whether governance policies were enforced consistently.
Traditional data governance platforms were designed around deterministic pipelines, scheduled ETL jobs and relatively stable application architectures. But agentic systems behave differently. Runtime execution paths change continuously based on prompts, retrieved context, orchestration logic and tool selection. The result is a growing governance gap between enterprise AI execution and enterprise observability.
To tackle this, Salesforce is integrating Agent Fabric with Informatica’s enterprise Cloud Data Governance & Catalog (CDGC). Together, they form Agent Fabric Context Catalog — a unified governance control plane for AI services and data assets built to deliver end-to-end visibility across agents, MCP infrastructure, APIs, agent execution trace and enterprise data systems.
Deterministic Linkage Point in Agentic Systems
The hardest problem in this space is constructing accurate lineage between APIs and the underlying datasets those APIs ultimately access. Traditional APIs expose contracts but not downstream data bindings. Agents construct execution paths at runtime, so the bindings cannot be declared in advance either. Observability is fragmented across orchestration platforms, gateways, catalogs and warehouse query logs and no single system holds the full picture.
Most governance tools infer API to dataset relationships through fuzzy name matching, semantic inference from API docs or cross system metadata correlation. These produce plausible mappings, not auditable ones.
Agents and integrations governed by MuleSoft platform expose a strong signal. Their runtime configuration declares which data sources each API binds to at execution time — that binding is observed, not inferred. For MuleSoft APIs reading Informatica managed datasets, lineage is established directly from this configuration. External APIs still require semantic inference, but the deterministic core shrinks the inference surface significantly.
Agent Fabric catalogs agents and MCP servers. MuleSoft exposes runtime activity across APIs, gateways and MCP infrastructure. Informatica contributes dataset metadata, policies, sensitive field tags and quality scores. Joined on shared identifiers, they produce a lineage graph from agent execution to enterprise data source.
End-to-end AI lineage: Agents→ MCP server → APIs→ datasets.
Reconstructing Execution Paths with Gateway Level Tracing
Lineage tells you what an agent could touch. Tracing tells you what it actually did on a specific call.
Consider an Agent Broker workflow where an agent invokes an MCP server that calls a MuleSoft API connected to Snowflake datasets cataloged inside Informatica. As requests traverse that workflow, MuleSoft Omni Gateway injects trace identifiers into downstream transactions. Those identifiers allow the system to reconstruct the execution path across otherwise disconnected platforms.
Once that path is reconstructable, several operational capabilities become possible. Teams can identify which datasets influenced a specific agent response. Governance and data quality signals can be surfaced before a response reaches a user rather than after, sensitive agents can be quarantined, runtime policies can be applied selectively. The blast radius of a hallucination or a policy drift event can be contained rather than discovered weeks later.
The same infrastructure improves agent discovery. Before building a new orchestration workflow, a developer can search certified agents, inspect governance metadata, review data quality scores and check whether trusted datasets already exist for the intended use case. Governance becomes a precondition for development rather than a review step after it.
Agent Fabric Context Catalog surfaces the full data hierarchy via Informatica.
Confidence Based Lineage — Where Determinism Ends and Inference Begins
Not every relationship can be observed deterministically. External APIs, third-party MCP servers, and agents operating outside MuleSoft’s execution layer don’t expose the runtime metadata needed to trace lineage directly.
Instead of hiding the underlying problem by using complicated statistical systems, the platform surfaces confidence ranges explicitly. A lineage edge derived from MuleSoft metadata is labeled as such, an edge inferred from semantic similarity is labeled differently and carries a confidence score. Consumers of the lineage graph can filter by confidence and make policy decisions accordingly.
This matters for enterprise trust. A governance system that claims certainty it cannot defend will lose credibility the first time a regulator or an internal auditor asks how a specific edge was derived. A system that distinguishes between observed and inferred relationships keeps that credibility intact.
Human in the Loop: Validating Low Confidence Mappings
When confidence scores fall below an acceptable threshold, the system routes the mapping to a human reviewer rather than committing it silently. Reviewers can approve, reject or correct the inferred relationship. Approved corrections feed back into the system and improve future inference on similar patterns.
The validation workflow is not a quality gate bolted on at the end. It is a continuous mechanism that strengthens lineage accuracy over time and creates an audit trail showing exactly which relationships were observed, which were inferred and which were human verified.
From Static Compliance to Continuous Runtime Governance
Autonomous agents evolve at runtime as MCP servers, models and APIs change underneath them. Governance built around static compliance checkpoints cannot keep up. Agent Fabric is therefore moving towards continuous runtime evaluation, monitoring hallucination drift, policy compliance, runtime toxicity, governance violations and behavioral change over time.
What Trustworthy Enterprise AI Actually Requires
The challenge in enterprise AI is no longer building agents quickly. It is building agents that organizations can trust.
Trust depends on visibility across every layer of the agent lifecycle — agents, MCP infrastructure, APIs, runtime execution paths, datasets, governance policies, and distributed observability. Any single layer left dark becomes a blind spot that surfaces eventually as a hallucination, a leak, or a compliance failure.
Combining the orchestration and API visibility of Agent Fabric with the data governance depth of Informatica’s CDGC produces a single operational layer where lineage, explainability and policy enforcement live together rather than in separate tools.
As autonomous AI becomes core enterprise infrastructure, governance visibility becomes the layer that determines whether any of it can be trusted.
Learn more
- Stay connected — join our Talent Community!
- Check out our Technology and Product teams to learn how you can get involved.
- Learn more about Agent Fabric
