[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74232":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":24,"topics":25,"createdAt":9,"pushedAt":9,"updatedAt":37,"readmeContent":38,"aiSummary":39,"trendingCount":15,"starSnapshotCount":15,"syncStatus":40,"lastSyncTime":41,"discoverSource":42},74232,"agent-governance-toolkit","microsoft\u002Fagent-governance-toolkit","microsoft","AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10\u002F10 OWASP Agentic Top 10.",null,"Python",4189,579,30,22,0,135,639,2690,405,30.29,"MIT License",false,"main",true,[26,27,28,29,30,7,31,32,33,34,35,36],"agent-framework","ai-agents","ai-safety","compliance","governance","owasp","policy-engine","python","security","trust","zero-trust","2026-06-12 02:03:24","🌍 [English](\u002FREADME.md) | [日本語](.\u002Fdocs\u002Fi18n\u002FREADME.ja.md) | [简体中文](.\u002Fdocs\u002Fi18n\u002FREADME.zh-CN.md) | [한국어](.\u002Fdocs\u002Fi18n\u002FREADME.ko.md)\n\n![Agent Governance Toolkit](docs\u002Fassets\u002Freadme-banner.svg)\n\n# Agent Governance Toolkit\n\n\u003Cp align=\"center\">\n  \u003Cstrong>\n    📖 \u003Ca href=\"https:\u002F\u002Fmicrosoft.github.io\u002Fagent-governance-toolkit\">Documentation Site\u003C\u002Fa> ·\n    🚀 \u003Ca href=\"#get-started-in-90-seconds\">Quick Start\u003C\u002Fa> ·\n    📦 \u003Ca href=\"https:\u002F\u002Fpypi.org\u002Fproject\u002Fagent-governance-toolkit\u002F\">PyPI\u003C\u002Fa> ·\n    📝 \u003Ca href=\"CHANGELOG.md\">Changelog\u003C\u002Fa>\n  \u003C\u002Fstrong>\n\u003C\u002Fp>\n\n[![CI](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fagent-governance-toolkit\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fagent-governance-toolkit\u002Factions\u002Fworkflows\u002Fci.yml)\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg)](LICENSE)\n[![PyPI version](https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fv\u002Fagent-governance-toolkit?label=PyPI)](https:\u002F\u002Fpypi.org\u002Fproject\u002Fagent-governance-toolkit\u002F)\n[![npm](https:\u002F\u002Fimg.shields.io\u002Fnpm\u002Fv\u002F%40microsoft\u002Fagent-governance-sdk?label=npm)](https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002F@microsoft\u002Fagent-governance-sdk)\n[![NuGet](https:\u002F\u002Fimg.shields.io\u002Fnuget\u002Fv\u002FMicrosoft.AgentGovernance?label=NuGet)](https:\u002F\u002Fwww.nuget.org\u002Fpackages\u002FMicrosoft.AgentGovernance)\n[![GitHub stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fmicrosoft\u002Fagent-governance-toolkit?style=flat&label=Stars)](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fagent-governance-toolkit)\n[![Contributors](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fcontributors\u002Fmicrosoft\u002Fagent-governance-toolkit?label=Contributors)](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fagent-governance-toolkit\u002Fgraphs\u002Fcontributors)\n[![OWASP Agentic Top 10](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FOWASP_Agentic_Top_10-10%2F10_Covered-blue)](docs\u002FOWASP-COMPLIANCE.md)\n[![OpenSSF Scorecard](https:\u002F\u002Fapi.scorecard.dev\u002Fprojects\u002Fgithub.com\u002Fmicrosoft\u002Fagent-governance-toolkit\u002Fbadge)](https:\u002F\u002Fscorecard.dev\u002Fviewer\u002F?uri=github.com\u002Fmicrosoft\u002Fagent-governance-toolkit)\n[![OpenSSF Best Practices](https:\u002F\u002Fwww.bestpractices.dev\u002Fprojects\u002F12085\u002Fbadge)](https:\u002F\u002Fwww.bestpractices.dev\u002Fprojects\u002F12085)\n[![Ask DeepWiki](https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg)](https:\u002F\u002Fdeepwiki.com\u002Fmicrosoft\u002Fagent-governance-toolkit)\n\n> [!IMPORTANT]\n> **Public Preview** — Microsoft-signed, production-quality releases. May have breaking changes before GA.\n> [Open a GitHub issue](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fagent-governance-toolkit\u002Fissues) for feedback.\n\n> [!TIP]\n> **v3.5.0 is out!** Latest stable release with Bedrock adapter, prompt defense improvements, and governance hardening. [Changelog →](CHANGELOG.md)\n\n**Runtime governance for AI agents** -- deterministic policy enforcement, zero-trust identity, execution sandboxing, and SRE for autonomous agents. Covers all **10 OWASP Agentic risks** with **13,000+ tests**.\n\n**Works with any stack** — AWS Bedrock, Google ADK, Azure AI, LangChain, CrewAI, AutoGen, OpenAI Agents, and 20+ more. Python · TypeScript · .NET · Rust · Go.\n\n---\n\n## What This Is (and Isn't)\n\n**What it does:** Sits between your agent framework and the actions agents take. Every tool call, resource access, and inter-agent message is evaluated against policy *before* execution. Deterministic — not probabilistic.\n\n**What it doesn't do:** This is not a prompt guardrail or content moderation tool. It governs agent *actions*, not LLM inputs\u002Foutputs. For model-level safety, see [Azure AI Content Safety](https:\u002F\u002Flearn.microsoft.com\u002Fazure\u002Fai-services\u002Fcontent-safety\u002F).\n\n```\nAgent Action ──► Policy Check ──► Allow \u002F Deny ──► Audit Log    (\u003C 0.1 ms)\n```\n\n**Why it matters:** Prompt-based safety (\"please follow the rules\") has a [26.67% policy violation rate](docs\u002FBENCHMARKS.md) in red-team testing. AGT's deterministic application-layer enforcement: **0.00%**.\n\n---\n\n## Get Started in 90 Seconds\n\n```bash\n# 1. Install\npip install agent-governance-toolkit[full]\n\n# 2. Check your installation\nagt doctor\n\n# 3. Verify OWASP compliance\nagt verify\n\n# 4. Verify runtime evidence, when available\nagt verify --evidence .\u002Fagt-evidence.json\n\n# 5. Fail CI on weak runtime evidence\nagt verify --evidence .\u002Fagt-evidence.json --strict\n\n# 6. Red-team your agent's security posture\nagt red-team scan .\u002Fprompts\u002F --min-grade B --strict\n```\n\nThen govern your first action:\n\n```python\nfrom agent_os.policies import PolicyEvaluator, PolicyDocument, PolicyRule, PolicyCondition, PolicyAction, PolicyOperator, PolicyDefaults\n\nevaluator = PolicyEvaluator(policies=[PolicyDocument(\n    name=\"my-policy\", version=\"1.0\",\n    defaults=PolicyDefaults(action=PolicyAction.ALLOW),\n    rules=[PolicyRule(\n        name=\"block-dangerous-tools\",\n        condition=PolicyCondition(field=\"tool_name\", operator=PolicyOperator.IN, value=[\"execute_code\", \"delete_file\"]),\n        action=PolicyAction.DENY, priority=100,\n    )],\n)])\n\nresult = evaluator.evaluate({\"tool_name\": \"web_search\"})    # ✅ Allowed\nresult = evaluator.evaluate({\"tool_name\": \"delete_file\"})   # ❌ Blocked deterministically\n```\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>TypeScript\u003C\u002Fb>\u003C\u002Fsummary>\n\n```typescript\nimport { PolicyEngine } from \"@microsoft\u002Fagent-governance-sdk\";\n\nconst engine = new PolicyEngine([\n  { action: \"web_search\", effect: \"allow\" },\n  { action: \"shell_exec\", effect: \"deny\" },\n]);\nengine.evaluate(\"web_search\"); \u002F\u002F \"allow\"\nengine.evaluate(\"shell_exec\"); \u002F\u002F \"deny\"\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>.NET\u003C\u002Fb>\u003C\u002Fsummary>\n\n```csharp\nusing AgentGovernance;\nusing AgentGovernance.Extensions.ModelContextProtocol;\nusing AgentGovernance.Policy;\n\nvar kernel = new GovernanceKernel(new GovernanceOptions\n{\n    PolicyPaths = new() { \"policies\u002Fdefault.yaml\" },\n});\n\nvar result = kernel.EvaluateToolCall(\"did:mesh:agent-1\", \"web_search\",\n    new() { [\"query\"] = \"latest AI news\" });\n\u002F\u002F result.Allowed == true\n\nbuilder.Services\n    .AddMcpServer()\n    .WithGovernance(options => options.PolicyPaths.Add(\"policies\u002Fmcp.yaml\"));\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Rust\u003C\u002Fb>\u003C\u002Fsummary>\n\n```rust\nuse agent_governance::{AgentMeshClient, ClientOptions};\n\nlet client = AgentMeshClient::new(\"my-agent\").unwrap();\nlet result = client.execute_with_governance(\"data.read\", None);\nassert!(result.allowed);\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Go\u003C\u002Fb>\u003C\u002Fsummary>\n\n```go\nimport agentmesh \"github.com\u002Fmicrosoft\u002Fagent-governance-toolkit\u002Fagent-governance-golang\"\n\nclient, _ := agentmesh.NewClient(\"my-agent\",\n    agentmesh.WithPolicyRules([]agentmesh.PolicyRule{\n        {Action: \"data.read\", Effect: agentmesh.Allow},\n        {Action: \"*\", Effect: agentmesh.Deny},\n    }),\n)\nresult := client.ExecuteWithGovernance(\"data.read\", nil)\n\u002F\u002F result.Allowed == true\n```\n\n\u003C\u002Fdetails>\n\n> **Full walkthrough:** [quickstart.md](docs\u002Fquickstart.md) — zero to governed agents in 10 minutes with YAML policies, OPA\u002FRego, and Cedar support.\n> 🌍 Also available in: [日本語](docs\u002Fi18n\u002Fquickstart.ja.md) | [简体中文](docs\u002Fi18n\u002Fquickstart.zh-CN.md) | [한국어](docs\u002Fi18n\u002Fquickstart.ko.md)]\n\n---\n\n## What You Get\n\n| Capability | What It Does | Links |\n|---|---|---|\n| **Policy Engine** | Every action evaluated before execution — sub-millisecond, deterministic. Supports YAML, OPA\u002FRego, and Cedar policies | [Agent OS](agent-governance-python\u002Fagent-os\u002F) · [Benchmarks](docs\u002FBENCHMARKS.md) |\n| **Contributor Reputation** | Screens PR\u002Fissue authors for social engineering: credential laundering, spray patterns, network coordination. Reusable GitHub Action for any repo | [Action](.github\u002Factions\u002Fcontributor-check\u002F) · [Scripts](scripts\u002F) |\n| **Zero-Trust Identity** | Ed25519 + quantum-safe ML-DSA-65 credentials, trust scoring (0–1000), SPIFFE\u002FSVID | [AgentMesh](agent-governance-python\u002Fagent-mesh\u002F) |\n| **Execution Sandboxing** | 4-tier privilege rings, saga orchestration, kill switch | [Runtime](agent-governance-python\u002Fagent-runtime\u002F) · [Hypervisor](agent-governance-python\u002Fagent-hypervisor\u002F) |\n| **Agent SRE** | SLOs, error budgets, replay debugging, chaos engineering, circuit breakers | [Agent SRE](agent-governance-python\u002Fagent-sre\u002F) |\n| **MCP Security Scanner** | Detect tool poisoning, typosquatting, hidden instructions in MCP definitions | [MCP Scanner](agent-governance-python\u002Fagent-os\u002Fsrc\u002Fagent_os\u002Fmcp_security.py) |\n| **Shadow AI Discovery** | Find unregistered agents across processes, configs, and repos | [Agent Discovery](agent-governance-python\u002Fagent-discovery\u002F) |\n| **Agent Lifecycle** | Provisioning → credential rotation → orphan detection → decommissioning | [Lifecycle](agent-governance-python\u002Fagent-mesh\u002Fsrc\u002Fagentmesh\u002Flifecycle\u002F) |\n| **Governance Dashboard** | Real-time fleet visibility — health, trust, compliance, audit events | [Dashboard](examples\u002Fdemos\u002Fgovernance-dashboard\u002F) |\n| **Unified CLI** | `agt verify`, `agt red-team`, `agt doctor`, `agt lint-policy` — one command for everything | [CLI](agent-governance-python\u002Fagent-compliance\u002Fsrc\u002Fagent_compliance\u002Fcli\u002Fagt.py) |\n| **PromptDefense Evaluator** | 12-vector prompt injection audit for compliance testing | [Evaluator](agent-governance-python\u002Fagent-compliance\u002Fsrc\u002Fagent_compliance\u002Fprompt_defense.py) |\n\n---\n\n## Works With Your Stack\n\n| Framework | Integration |\n|-----------|-------------|\n| [**Microsoft Agent Framework**](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fagent-framework) | Native Middleware |\n| [**Semantic Kernel**](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fsemantic-kernel) | Native (.NET + Python) |\n| [Microsoft AutoGen](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fautogen) | Adapter |\n| [LangGraph](https:\u002F\u002Fgithub.com\u002Flangchain-ai\u002Flanggraph) \u002F [LangChain](https:\u002F\u002Fgithub.com\u002Flangchain-ai\u002Flangchain) | Adapter |\n| [CrewAI](https:\u002F\u002Fgithub.com\u002FcrewAIInc\u002FcrewAI) | Adapter |\n| [OpenAI Agents SDK](https:\u002F\u002Fgithub.com\u002Fopenai\u002Fopenai-agents-python) | Middleware |\n| GitHub Copilot CLI | Governance installer package |\n| [pi-mono](https:\u002F\u002Fgithub.com\u002Fbadlogic\u002Fpi-mono\u002Ftree\u002Fmain\u002Fpackages\u002Fcoding-agent) | TypeScript SDK Integration |\n| [Google ADK](https:\u002F\u002Fgithub.com\u002Fgoogle\u002Fadk-python) | Adapter |\n| [LlamaIndex](https:\u002F\u002Fgithub.com\u002Frun-llama\u002Fllama_index) | Middleware |\n| [Haystack](https:\u002F\u002Fgithub.com\u002Fdeepset-ai\u002Fhaystack) | Pipeline |\n| [Dify](https:\u002F\u002Fgithub.com\u002Flanggenius\u002Fdify) | Plugin |\n| [Azure AI Foundry](https:\u002F\u002Flearn.microsoft.com\u002Fazure\u002Fai-studio\u002F) | Deployment Guide |\n\nFull list: [Framework Integrations](agent-governance-python\u002Fagentmesh-integrations\u002F) · [Quickstart Examples](examples\u002Fquickstart\u002F)\n\n---\n\n## OWASP Agentic Top 10 — 10\u002F10 Covered\n\n| Risk | ID | AGT Control |\n|------|----|-------------|\n| Agent Goal Hijacking | ASI-01 | Policy engine blocks unauthorized goal changes |\n| Excessive Capabilities | ASI-02 | Capability model enforces least-privilege |\n| Identity & Privilege Abuse | ASI-03 | Zero-trust identity with Ed25519 + ML-DSA-65 |\n| Uncontrolled Code Execution | ASI-04 | Execution rings + sandboxing |\n| Insecure Output Handling | ASI-05 | Content policies validate all outputs |\n| Memory Poisoning | ASI-06 | Episodic memory with integrity checks |\n| Unsafe Inter-Agent Comms | ASI-07 | Encrypted channels + trust gates |\n| Cascading Failures | ASI-08 | Circuit breakers + SLO enforcement |\n| Human-Agent Trust Deficit | ASI-09 | Full audit trails + flight recorder |\n| Rogue Agents | ASI-10 | Kill switch + ring isolation + anomaly detection |\n\nFull mapping: [OWASP-COMPLIANCE.md](docs\u002FOWASP-COMPLIANCE.md) · Regulatory alignment: [EU AI Act](docs\u002Fcompliance\u002F), [NIST AI RMF](docs\u002Fcompliance\u002Fnist-ai-rmf-alignment.md), [Colorado AI Act](docs\u002Fcompliance\u002F)\n\n---\n\n## Performance\n\nGovernance adds **\u003C 0.1 ms per action** — roughly 10,000× faster than an LLM API call.\n\n| Metric | Latency (p50) | Throughput |\n|---|---|---|\n| Policy evaluation (1 rule) | 0.012 ms | 72K ops\u002Fsec |\n| Policy evaluation (100 rules) | 0.029 ms | 31K ops\u002Fsec |\n| Policy enforcement | 0.091 ms | 9.3K ops\u002Fsec |\n| Concurrent (50 agents) | — | 35,481 ops\u002Fsec |\n\n> **Note:** These numbers measure policy evaluation only. In distributed multi-agent\n> deployments, add ~5–50ms for cryptographic verification and mesh handshake on\n> inter-agent messages. See [Limitations — Performance](docs\u002FLIMITATIONS.md#3-performance-policy-eval-vs-end-to-end) for full breakdown.\n\nFull methodology: [BENCHMARKS.md](docs\u002FBENCHMARKS.md)\n\n---\n\n## Install\n\n| Language | Package | Command |\n|----------|---------|---------|\n| **Python** | [`agent-governance-toolkit`](https:\u002F\u002Fpypi.org\u002Fproject\u002Fagent-governance-toolkit\u002F) | `pip install agent-governance-toolkit[full]` |\n| **TypeScript** | [`@microsoft\u002Fagent-governance-sdk`](agent-governance-typescript\u002F) | `npm install @microsoft\u002Fagent-governance-sdk` |\n| **Copilot CLI** | [`@microsoft\u002Fagent-governance-copilot-cli`](agent-governance-copilot-cli\u002F) | `npx @microsoft\u002Fagent-governance-copilot-cli install` |\n| **.NET** | [`Microsoft.AgentGovernance`](https:\u002F\u002Fwww.nuget.org\u002Fpackages\u002FMicrosoft.AgentGovernance) | `dotnet add package Microsoft.AgentGovernance` |\n| **.NET MCP** | `Microsoft.AgentGovernance.Extensions.ModelContextProtocol` | `dotnet add package Microsoft.AgentGovernance.Extensions.ModelContextProtocol` |\n| **Rust** | [`agent-governance`](https:\u002F\u002Fcrates.io\u002Fcrates\u002Fagent-governance) | `cargo add agent-governance` |\n| **Go** | [`agent-governance-toolkit`](agent-governance-golang\u002F) | `go get github.com\u002Fmicrosoft\u002Fagent-governance-toolkit\u002Fagent-governance-golang` |\n\nAll five language packages implement core governance (policy, identity, trust, audit). Python has the full stack, and the Copilot CLI package is a first-party install surface built on the TypeScript SDK.\nSee **[Language Package Matrix](docs\u002FPACKAGE-FEATURE-MATRIX.md)** for detailed per-language coverage.\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Individual Python packages\u003C\u002Fb>\u003C\u002Fsummary>\n\n| Package | PyPI | Description |\n|---------|------|-------------|\n| Agent OS | [`agent-os-kernel`](https:\u002F\u002Fpypi.org\u002Fproject\u002Fagent-os-kernel\u002F) | Policy engine, capability model, audit logging, MCP gateway |\n| AgentMesh | [`agentmesh-platform`](https:\u002F\u002Fpypi.org\u002Fproject\u002Fagentmesh-platform\u002F) | Zero-trust identity, trust scoring, A2A\u002FMCP\u002FIATP bridges |\n| Agent Runtime | [`agentmesh-runtime`](agent-governance-python\u002Fagent-runtime\u002F) | Privilege rings, saga orchestration, termination control |\n| Agent SRE | [`agent-sre`](https:\u002F\u002Fpypi.org\u002Fproject\u002Fagent-sre\u002F) | SLOs, error budgets, chaos engineering, circuit breakers |\n| Agent Compliance | [`agent-governance-toolkit`](https:\u002F\u002Fpypi.org\u002Fproject\u002Fagent-governance-toolkit\u002F) | OWASP verification, integrity checks, policy linting |\n| Agent Discovery | [`agent-discovery`](agent-governance-python\u002Fagent-discovery\u002F) | Shadow AI discovery, inventory, risk scoring |\n| Agent Hypervisor | [`agent-hypervisor`](agent-governance-python\u002Fagent-hypervisor\u002F) | Reversibility verification, execution plan validation |\n| Agent Marketplace | [`agentmesh-marketplace`](agent-governance-python\u002Fagent-marketplace\u002F) | Plugin lifecycle management |\n| Agent Lightning | [`agentmesh-lightning`](agent-governance-python\u002Fagent-lightning\u002F) | RL training governance |\n\n\u003C\u002Fdetails>\n\n---\n\n## Documentation\n\n**Getting Started**\n- [Quick Start](docs\u002Fquickstart.md) — Zero to governed agents in 10 minutes\n- [Tutorials](docs\u002Ftutorials\u002F) — 40+ numbered tutorials + 7-chapter Policy-as-Code deep dive\n- [FAQ](docs\u002FFAQ.md) — Technical Q&A for customers, partners, and evaluators\n\n**Architecture & Reference**\n- [Language Package Matrix](docs\u002FPACKAGE-FEATURE-MATRIX.md) — Per-language capability comparison\n- [Architecture](docs\u002FARCHITECTURE.md) — System design, security model, trust scoring\n- [Architecture Decisions](docs\u002Fadr\u002FREADME.md) — ADR log\n- [Threat Model](docs\u002FTHREAT_MODEL.md) — Trust boundaries and STRIDE analysis\n- [API: Agent OS](agent-governance-python\u002Fagent-os\u002FREADME.md) · [AgentMesh](agent-governance-python\u002Fagent-mesh\u002FREADME.md) · [Agent SRE](agent-governance-python\u002Fagent-sre\u002FREADME.md)\n\n**Compliance & Deployment**\n- [Known Limitations](docs\u002FLIMITATIONS.md) — Honest design boundaries and recommended layered defense\n- [OWASP Compliance](docs\u002FOWASP-COMPLIANCE.md) — Full ASI-01 through ASI-10 mapping\n- [Deployment Guides](docs\u002Fdeployment\u002FREADME.md) — Azure (AKS, Foundry, Container Apps), AWS (ECS\u002FFargate), GCP (GKE), Docker Compose\n- [NIST AI RMF Alignment](docs\u002Fcompliance\u002Fnist-ai-rmf-alignment.md) · [EU AI Act](docs\u002Fcompliance\u002F) · [SOC 2 Mapping](docs\u002Fcompliance\u002Fsoc2-mapping.md)\n\n**Extensions**\n- [VS Code Extension](agent-governance-typescript\u002Fagent-os-vscode\u002F) · [Framework Integrations](agent-governance-python\u002Fagentmesh-integrations\u002F)\n\n---\n\n## Security\n\nThis toolkit provides **application-level governance** (Python middleware), not OS kernel-level isolation. The policy engine and agents run in the same process — the same trust boundary as every Python agent framework.\n\n**Production recommendation:** Run each agent in a separate container for OS-level isolation. See [Architecture — Security Boundaries](docs\u002FARCHITECTURE.md).\n\n> **📖 [Known Limitations & Design Boundaries](docs\u002FLIMITATIONS.md)** — what AGT does *not* do, honest performance numbers for distributed deployments, and the recommended layered defense architecture.\n\n| Tool | Coverage |\n|------|----------|\n| CodeQL | Python + TypeScript SAST |\n| Gitleaks | Secret scanning on PR\u002Fpush\u002Fweekly |\n| ClusterFuzzLite | 7 fuzz targets (policy, injection, MCP, sandbox, trust) |\n| Dependabot | 13 ecosystems |\n| OpenSSF Scorecard | Weekly scoring + SARIF upload |\n\n---\n\n## Contributing\n\n- [Contributing Guide](CONTRIBUTING.md) · [Community](docs\u002FCOMMUNITY.md) · [Security Policy](SECURITY.md) · [Changelog](CHANGELOG.md)\n\n**Using AGT?** Add your organization to [ADOPTERS.md](docs\u002FADOPTERS.md), it helps the project gain momentum and helps others discover real-world use cases.\n\n## Governance & Standards\n\nAGT follows open governance practices aligned with foundation incubation requirements:\n\n| Document | Purpose |\n|----------|---------|\n| [GOVERNANCE.md](GOVERNANCE.md) | Decision-making, roles, contributor ladder |\n| [CHARTER.md](CHARTER.md) | Technical charter (LF Projects format) |\n| [MAINTAINERS.md](MAINTAINERS.md) | 6 maintainers from 4 organizations |\n| [RELEASE.md](RELEASE.md) | Release process, versioning, registries |\n| [SECURITY.md](SECURITY.md) | Vulnerability reporting and response SLAs |\n| [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) | Microsoft Open Source Code of Conduct |\n| [CONTRIBUTING.md](CONTRIBUTING.md) | DCO, attribution policy, AI-assisted contribution rules |\n| [ADOPTERS.md](docs\u002FADOPTERS.md) | 9 adopters across production, pilot, and research |\n\n**Standards alignment:** [OWASP Agentic Top 10](docs\u002FOWASP-COMPLIANCE.md) (10\u002F10) · [NIST AI RMF](docs\u002Fcompliance\u002Fnist-ai-rmf-alignment.md) · [EU AI Act](docs\u002Fcompliance\u002F) · [OpenSSF Best Practices](https:\u002F\u002Fwww.bestpractices.dev\u002Fprojects\u002F12085) (100%)\n\n## Important Notes\n\nIf you use the Agent Governance Toolkit to build applications that operate with third-party agent frameworks or services, you do so at your own risk. We recommend reviewing all data being shared with third-party services and being cognizant of third-party practices for retention and location of data.\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE).\n\n## Trademarks\n\nThis project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft\ntrademarks or logos is subject to and must follow\n[Microsoft's Trademark & Brand Guidelines](https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Flegal\u002Fintellectualproperty\u002Ftrademarks\u002Fusage\u002Fgeneral).\nUse of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.\nAny use of third-party trademarks or logos are subject to those third-party's policies.\n","微软的Agent Governance Toolkit是一个用于AI代理治理的工具包，提供策略执行、零信任身份验证、执行沙箱和可靠性工程等功能。该项目覆盖了OWASP Agentic Top 10中的所有风险，并通过超过13,000个测试确保其安全性与合规性。它支持包括AWS Bedrock、Google ADK、Azure AI等在内的多种技术栈，适用于Python、TypeScript、.NET等多种编程语言。该工具包非常适合需要在生产环境中部署自主AI代理的企业使用，特别是在对安全性和合规性有高要求的应用场景中，如金融、医疗保健等行业。",2,"2026-06-11 03:49:37","high_star"]