Regulated cyber-physical enterprises increasingly connect foundation-model agents to cloud data pipelines, PMU streams, API gateways, LLM workloads, retrieval systems, calibration programs, anonymized data products, sequential recommendation services, and long-horizon forecasting workflows. The main governance problem is not whether each local system can enforce its own policy, but whether an agent can compose policies across domains before choosing tools, evidence, models, and operational actions. This paper proposes PCFA, a Policy-Composable Foundation Agent architecture. PCFA represents each governed domain as a policy capsule with authority, predicate, privacy, freshness, calibration, risk, tool-contract, and evidence obligations. A composition controller intersects these capsules into a task-specific policy envelope, detects conflicts, routes admissible evidence and tools, and refuses or escalates actions that violate the composed envelope. In a simulated benchmark over 24,000 regulated cyber-physical tasks, PCFA increases policy-valid autonomous completion from 0.68 to 0.91, reduces simulated unauthorized tool attempts from 4.7% to 0.3%, improves audit reconstruction from 0.73 to 0.96, and reduces adverse-action CVaR by 39.1% relative to the strongest contract-only baseline.
Saha et al. (Fri,) studied this question.