End-to-End Governance for AI Agent Ecosystems
This document explains how Agent OS and AgentMesh work together to provide comprehensive governance for AI agents, from single-host development to distributed production deployments.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DISTRIBUTED LAYER (AgentMesh) β
β β
β Agent A Agent B Agent C Agent D β
β (Host 1) (Host 2) (Host 3) (Host 4) β
β β β β β β
β ββββββββββββββββββ΄βββββββββββββββββ΄βββββββββββββββββ β
β β β
β βββββββββββΌββββββββββ β
β β AgentMesh β β
β β Trust Layer β β
β β β β
β β β’ Identity β β
β β β’ Trust Scoring β β
β β β’ Delegation β β
β β β’ Protocol Bridge β β
β βββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LOCAL LAYER (Agent OS) β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Per-Host Kernel β β
β β β β
β β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β β
β β β Policy β β Flight β β Signal β β β
β β β Engine β β Recorder β β Dispatch β β β
β β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β β
β β β β
β β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β β
β β β VFS β β Tool β β Framework β β β
β β β (Memory) β β Registry β β Adapters β β β
β β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β Your Agent Code (LangChain, CrewAI, OpenAI, etc.) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Use Agent OS when you need to:
- Govern individual agents running on a single host
- Enforce local policies (file access, SQL safety, rate limits)
- Audit agent actions with detailed logging
- Integrate with frameworks (LangChain, CrewAI, etc.)
- Develop and test governance policies locally
Example scenarios:
- A coding assistant that shouldn't delete production files
- A data analyst agent with SQL injection protection
- A customer service bot with PII handling rules
Use AgentMesh when you need to:
- Coordinate multiple agents across hosts or services
- Establish trust between agents from different systems
- Enforce organization-wide policies consistently
- Track agent identity with human sponsor accountability
- Bridge protocols (A2A, MCP, IATP)
Example scenarios:
- Multi-agent customer service with handoffs
- Cross-team agent collaboration with trust scoring
- Enterprise deployment with compliance requirements
Use both for production deployments:
Agent OS handles: AgentMesh handles:
βββββββββββββββββ ββββββββββββββββββ
β’ Local action safety β’ Cross-agent identity
β’ Per-host rate limits β’ Trust handshakes
β’ Framework integration β’ Scope chains
β’ Detailed audit logs β’ Organization policies
Agent OS provides application-level middleware that intercepts agent actions:
from agent_os import KernelSpace
# Create a governed execution environment
kernel = KernelSpace(policies=[
Policy.no_destructive_sql(),
Policy.file_access("/workspace"),
Policy.rate_limit(100, "1m"),
])
# Your agent runs in "user space"
@kernel.govern
async def my_agent(task: str):
# Every action is intercepted and validated
return await llm.generate(task)Key components:
| Component | Purpose |
|---|---|
| Policy Engine | Evaluates actions against rules |
| Flight Recorder | Audit log of all actions |
| Signal Dispatch | POSIX-style agent control |
| VFS | Agent memory filesystem |
| Tool Registry | Safe tool discovery |
| Framework Adapters | LangChain, CrewAI, etc. |
AgentMesh provides the infrastructure for multi-agent coordination:
from agentmesh import AgentIdentity, TrustBridge
# Create identity with human sponsor
identity = AgentIdentity.create(
name="research-agent",
sponsor="alice@company.com",
capabilities=["read:data", "write:reports"],
)
# Verify peer before communication
bridge = TrustBridge()
verification = await bridge.verify_peer(
peer_id="did:mesh:other-agent",
required_trust_score=700,
)
if verification.verified:
await bridge.send_message(peer_id, message)Key components:
| Component | Purpose |
|---|---|
| Identity Registry | Agent identity management |
| Trust Scoring | Behavioral reputation (0-1000) |
| Delegation Manager | Scope-narrowing delegation |
| Protocol Bridge | A2A, MCP, IATP translation |
| Policy Engine | Organization-wide rules |
| Compliance Engine | SOC 2, HIPAA, GDPR mapping |
Agent OS and AgentMesh share IATP for trust handshakes:
# Agent OS provides the local IATP implementation
from agent_os.iatp import TrustHandshake
# AgentMesh uses it for cross-agent trust
from agentmesh.protocols.iatp import AgentMeshIATP
# The handshake works the same way
handshake = TrustHandshake()
result = await handshake.initiate(peer_identity)Both projects can use the same policy format:
# This policy works in both Agent OS and AgentMesh
version: "1.0"
policies:
- name: no_pii_export
condition: "action.type == 'export' and data.contains_pii"
action: deny
- name: rate_limit_api
condition: "action.type == 'api_call'"
limit: "100/hour"Agent OS flight recorder integrates with AgentMesh hash-chained audit:
# Local logs from Agent OS
from agent_os import FlightRecorder
recorder = FlightRecorder()
local_logs = recorder.get_logs(agent_id)
# Sync to AgentMesh for tamper-evident storage
from agentmesh import AuditBridge
bridge = AuditBridge()
await bridge.sync_logs(local_logs)Here's a complete example showing both layers working together:
# ============================================
# STEP 1: Create Agent OS kernel (local)
# ============================================
from agent_os import KernelSpace, Policy
kernel = KernelSpace(policies=[
Policy.no_destructive_sql(),
Policy.file_access("/workspace"),
Policy.rate_limit(100, "1m"),
])
# ============================================
# STEP 2: Register with AgentMesh (distributed)
# ============================================
from agentmesh import AgentIdentity, TrustBridge
identity = AgentIdentity.create(
name="data-analyst",
sponsor="alice@company.com",
capabilities=["read:data", "write:reports"],
kernel=kernel, # Link to local kernel
)
bridge = TrustBridge(identity)
# ============================================
# STEP 3: Define your agent
# ============================================
@kernel.govern
async def data_analyst(task: str):
# Local governance by Agent OS
result = await llm.generate(f"Analyze: {task}")
return result
# ============================================
# STEP 4: Receive delegated work from other agents
# ============================================
async def handle_delegation(delegation):
# Verify delegation came from trusted source
if not await bridge.verify_delegation(delegation):
raise PermissionError("Delegation not verified")
# Execute within delegated scope
with kernel.scoped(delegation.scope):
result = await data_analyst(delegation.task)
# Report completion to AgentMesh
await bridge.report_completion(delegation.id, result)
return resultDeveloper Machine
βββ Agent OS
βββ Your Agent (LangChain, etc.)
Good for local development and testing.
Production Server
βββ Container
βββ Agent OS
βββ Your Agent
Good for single-agent services.
AgentMesh Control Plane
β
βββββββββββββββββΌββββββββββββββββ
βΌ βΌ βΌ
βββββββββββ βββββββββββ βββββββββββ
β Host A β β Host B β β Host C β
β βββββββ β β βββββββ β β βββββββ β
β βA-OS β β β βA-OS β β β βA-OS β β
β βAgentβ β β βAgentβ β β βAgentβ β
β βββββββ β β βββββββ β β βββββββ β
βββββββββββ βββββββββββ βββββββββββ
Full governance stack for enterprise.
apiVersion: v1
kind: Pod
metadata:
name: agent-pod
spec:
containers:
# Your agent with Agent OS embedded
- name: agent
image: my-agent:latest
# AgentMesh sidecar for trust
- name: agentmesh-sidecar
image: agentmesh/sidecar:latestpip install agent-osfrom agent_os import KernelSpace
kernel = KernelSpace(policy="strict")
@kernel.govern
def my_agent(task):
return llm.generate(task)pip install agentmesh-platformfrom agentmesh import AgentIdentity
identity = AgentIdentity.create(
name="my-agent",
sponsor="you@company.com",
)
agentmesh.register(identity)See deployment guides:
| Aspect | Agent OS | AgentMesh |
|---|---|---|
| Scope | Single host | Distributed |
| Focus | Action governance | Trust & identity |
| Key feature | Policy enforcement | Trust scoring |
| Primary use | Local safety | Multi-agent coordination |
| Analogy | OS kernel | Service mesh |
Together they provide:
- Local + distributed governance
- Action safety + identity trust
- Detailed auditing + hash-chain proof
- Framework integration + protocol bridging
Start with Agent OS for immediate safety benefits, add AgentMesh when you need multi-agent coordination.
Questions?