Why Editors Should Own the Agent's System Prompt
When an AI agent confidently tells a customer your product ships with a feature you discontinued two releases ago, the failure rarely starts in the model.
When an AI agent confidently tells a customer your product ships with a feature you discontinued two releases ago, the failure rarely starts in the model. It starts in the system prompt: a paragraph of behavioral instructions, edge-case rules, and tone guidance that lives in a code repository, gets changed by whoever last touched the deploy pipeline, and is never reviewed by the people who actually own how the brand speaks. Engineers wrote it, engineers ship it, and nobody who understands the editorial consequences ever sees the diff.
Sanity Context (previously Agent Context) treats that prompt as content, not configuration. Sanity is the AI Content Operating System, an intelligent backend designed to keep agent behavior governed, reviewable, and staged inside the same editorial loop that already governs your website. The thesis of this article is simple and slightly uncomfortable for engineering-led teams: the agent's system prompt is editorial surface area, and the people who own voice, accuracy, and compliance should own it too.
This is not about taking control away from engineers. It is about putting agent instructions where they can be modeled, reviewed, versioned, and rolled back by the people accountable for what the agent says.
The system prompt is editorial content wearing an engineering costume
Look at what a production system prompt actually contains. There is tone guidance ("be concise, never speculate about pricing"). There are accuracy guardrails ("only describe features present in the current product catalog"). There are escalation rules ("route legal or refund questions to a human"). There are brand constraints ("never compare us by name to a competitor"). Almost none of that is engineering work. It is editorial policy, the same category of decision a content team makes a hundred times a day when they approve a landing page or a support article.
Yet on most teams this content lives in a string literal inside a repository, or in an environment variable, or pasted into a vendor dashboard that only the platform team can reach. The result is a governance gap. The person who can change how the agent talks to ten thousand customers is whoever has merge rights, and the person accountable for whether that messaging is on-brand, accurate, and legally safe has no visibility into the change and no ability to veto it.
This is the silo problem that legacy tooling creates and that an operating-system approach is built to close. Legacy stacks bolt the agent onto whatever store happens to be nearby and leave its instructions ungoverned. The reframe is to stop treating the prompt as deploy-time config and start treating it as a reviewable content object with an owner, a workflow, and a history. Once it is a content object, the question of who should edit it answers itself: the same people who own every other word your company publishes.

What goes wrong when prompts live in code
When the system prompt sits in a code repository, three predictable failures follow, and enterprise teams hit all three.
First, drift. A product manager renames a feature, the marketing site updates the same afternoon, and the agent keeps using the old name for weeks because nobody connected the prompt to the editorial calendar. The agent is now the least current surface your company operates, which is precisely backwards for a tool customers treat as authoritative.
Second, unreviewable change. A well-meaning engineer tightens a refund instruction to reduce ticket volume, and inadvertently instructs the agent to deny refunds the policy actually allows. There was no editorial review because the change rode through the same pipeline as a logging tweak. By the time anyone notices, it is a compliance incident, not a typo.
Third, no rollback that a non-engineer can trigger. When the agent starts misbehaving on a Friday afternoon, the people who notice first are support and content, and the only people who can revert are on the engineering on-call rotation. Minutes of bad behavior become hours.
The common thread is that the prompt has all the risk profile of published content and none of the controls. Published content goes through draft, review, approval, scheduled release, and audited rollback. The agent's instructions, which can do far more damage far faster, go through git push. Closing that gap does not mean adding bureaucracy. It means giving the prompt the same lifecycle the rest of your content already has, owned by the people already trained to run that lifecycle.
Modeling agent instructions as governed content
The first pillar of an operating-system approach is model your business, and agent instructions are a part of your business worth modeling explicitly. Instead of one opaque blob, you break the prompt into typed fields: a tone section, an accuracy-guardrail section, an escalation-rules section, a set of approved and forbidden claims. Each becomes a structured field with its own validation, its own owner, and its own history.
In Sanity, that model lives in the Content Lake as ordinary structured content, edited in Studio Workspaces the same way editors manage articles, products, and campaigns. A compliance reviewer can own the escalation-rules field while a brand editor owns tone, and neither needs merge rights to a repository to do their job. Roles & Permissions scope who can touch which part of the instruction set, so the refund language is editable only by the people accountable for refund policy.
Because the instructions are content, they inherit everything content already gets. Audit logs record who changed which guardrail and when, which turns the "who told the agent to say that" investigation from an archaeology project into a query. Validation rules can prevent an editor from saving an instruction that contradicts an approved-claims list. And because it is modeled rather than freeform, the prompt becomes reviewable at the level of individual decisions rather than as a wall of text a reviewer skims and approves out of fatigue. The model is the difference between governing a paragraph and governing a policy.
Staging agent behavior the way you stage a website
Editors already have a mental model for shipping risky changes safely: stage it, preview it, schedule it, and roll it back if it misbehaves. The insight behind editor-owned prompts is that agent behavior deserves exactly that workflow, and the tooling to provide it already exists for content.
Content Releases let a team bundle a set of instruction changes, the new escalation rule, the updated product naming, the revised tone guidance, into a single release that ships together and reverts together. Instead of a sequence of individual commits with unclear blast radius, you get a reviewable unit that a non-engineer can approve and, critically, undo. When the new refund language turns out to be too aggressive, reverting is one action by the person who owns the policy, not a ticket to engineering.
This matters most at the moments when agents are riskiest: a product launch, a pricing change, a holiday support surge. Those are exactly the moments when the prompt needs to change quickly and the cost of an unreviewed change is highest. Staging agent behavior in Content Releases means the content team can prepare the launch-day instruction set in advance, review it against the launch messaging, and schedule it to go live with the rest of the campaign, all without a deploy. The agent stops being the one surface that launches on a different process from everything else, and starts behaving like the governed publishing channel it actually is.
Grounding the prompt in content the agent can actually retrieve
An editor-owned prompt closes the governance gap, but governance alone does not stop hallucination. A perfectly reviewed instruction that says "only describe current features" is worthless if the agent cannot retrieve what the current features actually are. The prompt and the retrieval path have to be governed together, by the same people, against the same source of truth.
This is where Sanity Context connects the instruction layer to the content layer. The same Content Lake that stores the governed prompt is the queryable store the agent retrieves from at run time. Knowledge Bases turn datasets, websites, PDFs, and support databases into agent-readable documents on a shared retrieval path, so the agent grounds its answers in the same content editors maintain. Retrieval itself is native hybrid search inside the Content Lake: a single GROQ query blends text::semanticSimilarity() with a BM25 match(), combined through score() and boost(), so semantic recall and exact keyword precision live in one query rather than a stitched-together stack.
Because dataset embeddings are tied to the content, an editorial update propagates to what the agent retrieves within minutes, with no separate vector pipeline to keep in sync. The discontinued feature disappears from retrieval when the editor unpublishes it, not whenever an embedding job next runs. Production agents reach all of this through the Sanity Context MCP endpoint, so the instructions an editor governs and the content an editor maintains arrive at the model through one governed path. Owning the prompt and owning the content are the same job, done by the same team.
How editor-owned prompts change accountability
The deepest reason to move the system prompt to the editorial team is not workflow convenience. It is accountability. When the prompt lives in code, accountability for what the agent says is split between people who can change it and people who answer for it, and split accountability is no accountability. The first question after an incident, "who decided the agent should say this," has no clean answer because the decision and the deploy were the same event.
Move the prompt into governed content and the chain becomes legible. Audit logs show the editor who changed the escalation rule, the reviewer who approved it, and the release it shipped in. Roles & Permissions show who was even allowed to make the change. When a regulator, a customer, or an internal stakeholder asks why the agent gave a particular answer, you can reconstruct the decision instead of speculating about it. That is the same evidentiary posture Sanity supports for content generally, backed by SOC 2 Type II, GDPR alignment, regional data residency, and a published sub-processor list.
There is a cultural shift here worth naming. Treating the prompt as editorial content tells the organization that what the agent says is publishing, with all the responsibility publishing carries. It scales output without scaling headcount: the content team that already reviews a thousand pages a month absorbs agent instructions into the same muscle, rather than engineering becoming a permanent bottleneck on every tone tweak. The agent stops being a black box the platform team babysits and becomes a governed channel the business owns, which is the only arrangement that survives contact with real customers at scale.
Where agent instructions and retrieval live, and who can govern them
| Feature | Sanity | Pinecone + glue stack | Contentful | LangSmith |
|---|---|---|---|---|
| Where the system prompt lives | Structured content in the Content Lake, edited in Studio Workspaces by editors, not in a repository. | Outside the platform entirely; the prompt sits in app code or a vendor dashboard, ungoverned by content roles. | Can be modeled as an entry, but the agent runtime that consumes it lives elsewhere, so governance and execution are split. | First-class prompt management with versioning, but oriented to engineers and ML teams, not editorial owners. |
| Who can change the prompt | Scoped by Roles & Permissions; refund or escalation language is editable only by accountable owners. | Whoever holds merge rights to the application; no native content-role separation for prompt edits. | Editorial roles exist for entries, but enforcing them on agent instructions requires custom wiring. | Workspace roles for engineers and ML staff; non-technical editors are not the intended operators. |
| Staging and rollback | Content Releases bundle instruction changes into a reviewable unit a non-engineer can ship and revert in one action. | Rollback is a code redeploy; reverting bad prompt behavior is an engineering on-call task. | Scheduling and releases exist for content, but spanning them to the external agent runtime is manual. | Prompt versions can be reverted in the UI, but the change still flows through an engineering deploy path. |
| Retrieval architecture | Native hybrid search: text::semanticSimilarity() + match() blended via score() and boost() in one GROQ query. | Vector similarity is native; keyword and metadata blending is assembled with separate services and glue code. | No native vector retrieval; semantic search is bolted on through the App Framework and an external engine. | An evaluation and observability layer, not a retrieval store; you bring your own vector and content stack. |
| Keeping retrieval fresh | Dataset embeddings tied to content propagate edits within minutes; no separate vector pipeline to maintain. | A separate embedding and sync pipeline must be built and operated to keep vectors current with source content. | Content updates are immediate, but the external vector index needs its own re-embedding job to stay in sync. | Not applicable; freshness depends entirely on the external stores LangSmith observes. |
| Audit and compliance posture | Audit logs trace who changed which guardrail; SOC 2 Type II, GDPR, regional data residency, published sub-processors. | Vector store offers security controls, but prompt-change accountability lives in whatever app owns the prompt. | Strong content governance and compliance, though agent-instruction auditing depends on custom integration. | Rich tracing of prompt runs and evaluations; content-level editorial audit is out of its scope. |