chore: Phase 2 repo polish — README + 215 URL migrations

* docs: add OpenSSF badges, update OWASP to 10/10, add v1.0.0 release notes

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore: Phase 2 repo polish — README, URLs, repo settings

README.md:
- Add CI status badge, navigation links, shield emoji
- Update Python version badge to 3.10+
- Fix agentmesh PyPI link (agentmesh -> agentmesh-platform)
- Add CSA ATF and Changelog to documentation links
- Add CLA bot info and Code of Conduct to Contributing section

URL migration (215 files):
- Replace all github.com/imran-siddique/* URLs with microsoft/agent-governance-toolkit
- Replace imran-siddique.github.io doc URLs with repo /docs links
- Replace HuggingFace dataset references to microsoft/ org
- Replace personal emails with agt@microsoft.com
- Update GHCR, Helm, MCP registry, ClawHub references
- Update Go module path to microsoft/
- Keep imran-siddique in CONTRIBUTORS.md (author attribution)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: imran-siddique

README.md

@@ -1,24 +1,27 @@
 <div align="center">
 
-# Agent Governance Toolkit
+# 🛡️ Agent Governance Toolkit
 
-**Runtime security and governance framework for autonomous AI agents**
+**The missing security layer for autonomous AI agents**
 
+*Policy enforcement · Zero-trust identity · Execution sandboxing · Reliability engineering*
+
+[![CI](https://github.com/microsoft/agent-governance-toolkit/actions/workflows/ci.yml/badge.svg)](https://github.com/microsoft/agent-governance-toolkit/actions/workflows/ci.yml)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
-[![Python](https://img.shields.io/badge/python-3.9+-blue.svg)](https://python.org)
-[![OWASP Agentic Top 10](https://img.shields.io/badge/OWASP_Agentic_Top_10-10/10_Covered-brightgreen)](docs/OWASP-COMPLIANCE.md)
+[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://python.org)
+[![OWASP Agentic Top 10](https://img.shields.io/badge/OWASP_Agentic_Top_10-10%2F10_Covered-brightgreen)](docs/OWASP-COMPLIANCE.md)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12085/badge)](https://www.bestpractices.dev/projects/12085)
 [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/microsoft/agent-governance-toolkit/badge)](https://scorecard.dev/viewer/?uri=github.com/microsoft/agent-governance-toolkit)
 
-</div>
+[Quick Start](#quick-start) · [Packages](#packages) · [Integrations](#framework-integrations) · [OWASP Coverage](#owasp-agentic-top-10-coverage) · [Contributing](CONTRIBUTING.md)
 
-> **The missing security layer for AI agents.** Policy enforcement, identity mesh, execution sandboxing, and reliability engineering — in one toolkit.
+</div>
 
 ---
 
 ## Why Agent Governance?
 
-Autonomous AI agents (LangChain, AutoGen, CrewAI, etc.) can call tools, spawn sub-agents, and take real-world actions — but have **no runtime security model**. The Agent Governance Toolkit provides:
+AI agent frameworks (LangChain, AutoGen, CrewAI, Google ADK, OpenAI Agents SDK) enable agents to call tools, spawn sub-agents, and take real-world actions — but provide **no runtime security model**. The Agent Governance Toolkit provides:
 
 - **Deterministic policy enforcement** before every agent action
 - **Zero-trust identity** with cryptographic agent credentials
@@ -62,7 +65,7 @@ Covers **10 of 10 [OWASP Agentic Top 10](https://owasp.org/www-project-agentic-a
 | Package | PyPI | Description |
 |---------|------|-------------|
 | **Agent OS** | [`agent-os-kernel`](https://pypi.org/project/agent-os-kernel/) | Kernel architecture — policy engine, capability model, audit logging, syscall interception, MCP gateway |
-| **AgentMesh** | [`agentmesh`](https://pypi.org/project/agentmesh/) | Inter-agent trust — Ed25519 identity, SPIFFE/SVID credentials, trust scoring, A2A/MCP/IATP protocol bridges |
+| **AgentMesh** | [`agentmesh-platform`](https://pypi.org/project/agentmesh-platform/) | Inter-agent trust — Ed25519 identity, SPIFFE/SVID credentials, trust scoring, A2A/MCP/IATP protocol bridges |
 | **Agent Hypervisor** | [`agent-hypervisor`](https://pypi.org/project/agent-hypervisor/) | Execution isolation — 4-tier privilege rings, saga orchestration, kill switch, joint liability, hash-chain audit |
 | **Agent SRE** | [`agent-sre`](https://pypi.org/project/agent-sre/) | Reliability engineering — SLOs, error budgets, replay debugging, chaos engineering, progressive delivery |
 | **Agent Compliance** | [`ai-agent-compliance`](https://pypi.org/project/ai-agent-compliance/) | Unified installer and compliance documentation |
@@ -136,6 +139,8 @@ Works with **12+ agent frameworks** including:
 ## Documentation
 
 - [OWASP Compliance Mapping](docs/OWASP-COMPLIANCE.md)
+- [CSA Agentic Trust Framework Mapping](docs/CSA-ATF-PROPOSAL.md)
+- [Changelog](CHANGELOG.md)
 - [Contributing Guide](CONTRIBUTING.md)
 - [Security Policy](SECURITY.md)
 - [Support](SUPPORT.md)
@@ -146,6 +151,10 @@ This project welcomes contributions and suggestions. Please see [CONTRIBUTING.md
 
 Most contributions require you to agree to a Contributor License Agreement (CLA). For details, visit https://cla.opensource.microsoft.com.
 
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot.
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any questions.
+
 ## License
 
 This project is licensed under the [MIT License](LICENSE).

docs/AAIF-PROPOSAL.md

@@ -162,5 +162,5 @@ The toolkit is unique in providing **external, runtime, mandatory** governance:
 - **Repository:** [microsoft/agent-governance-toolkit](https://github.com/microsoft/agent-governance-toolkit)
 - **PyPI:** [ai-agent-governance](https://pypi.org/project/ai-agent-governance/)
 - **npm:** [agentos-mcp-server](https://www.npmjs.com/package/agentos-mcp-server)
-- **OWASP Compliance:** [OWASP-COMPLIANCE.md](https://github.com/imran-siddique/agent-governance/blob/master/docs/OWASP-COMPLIANCE.md)
+- **OWASP Compliance:** [OWASP-COMPLIANCE.md](https://github.com/microsoft/agent-governance-toolkit/blob/master/docs/OWASP-COMPLIANCE.md)
 - **MAF Integration:** [microsoft/agent-framework #4440](https://github.com/microsoft/agent-framework/issues/4440)

docs/AUTOGEN-INTEGRATION-PROPOSAL.md

@@ -92,5 +92,5 @@ python/packages/autogen-ext/src/autogen_ext/governance/
 ## Links
 
 - [AutoGen](https://github.com/microsoft/autogen)
-- [Agent OS](https://github.com/imran-siddique/agent-os)
+- [Agent OS](https://github.com/microsoft/agent-governance-toolkit)
 - [Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit)

docs/COSAI-WS4-PROPOSAL.md

@@ -101,9 +101,9 @@ sandbox.check("execute_shell")  # Not granted → blocked
 
 ## Reference Material
 
-- [OWASP Agentic Top 10 Compliance Mapping](https://github.com/imran-siddique/agent-governance/blob/master/docs/OWASP-COMPLIANCE.md)
-- [Agent OS](https://github.com/imran-siddique/agent-os) — reference implementation
-- [Agent Mesh](https://github.com/imran-siddique/agent-mesh) — inter-agent trust layer
-- [Agent Hypervisor](https://github.com/imran-siddique/agent-hypervisor) — execution isolation
+- [OWASP Agentic Top 10 Compliance Mapping](https://github.com/microsoft/agent-governance-toolkit/blob/master/docs/OWASP-COMPLIANCE.md)
+- [Agent OS](https://github.com/microsoft/agent-governance-toolkit) — reference implementation
+- [Agent Mesh](https://github.com/microsoft/agent-governance-toolkit) — inter-agent trust layer
+- [Agent Hypervisor](https://github.com/microsoft/agent-governance-toolkit) — execution isolation
 - [CoSAI MCP Security Analysis](https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md) — complementary work
 - OS kernel security model (Linux capabilities, SELinux mandatory access control) — inspiration for ring-based approach

docs/CREWAI-INTEGRATION-PROPOSAL.md

@@ -81,5 +81,5 @@ End-to-end example in `crewAI-examples` demonstrating:
 ## Links
 
 - [CrewAI](https://github.com/crewAIInc/crewAI)
-- [Agent OS](https://github.com/imran-siddique/agent-os)
+- [Agent OS](https://github.com/microsoft/agent-governance-toolkit)
 - [Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit)

docs/CSA-ATF-PROPOSAL.md

@@ -1,7 +1,7 @@
 # Proposal: CSA Agentic Trust Framework (ATF) Integration
 
 **Status:** Draft  
-**Author:** Imran Siddique (@imran-siddique)  
+**Author:** Imran Siddique (Microsoft)  
 **Created:** 2026-03-04  
 **Target:** Cloud Security Alliance (CSA) Agentic Trust Framework Working Group
 

docs/DIFY-INTEGRATION-PROPOSAL.md

@@ -39,5 +39,5 @@ In multi-agent workflows, agents need to verify "who" they're communicating with
 ## Links
 
 - [Dify Plugins](https://github.com/langgenius/dify-plugins)
-- [Agent Mesh](https://github.com/imran-siddique/agent-mesh)
-- [Plugin Source](https://github.com/imran-siddique/agent-mesh/tree/master/integrations/dify-plugin)
+- [Agent Mesh](https://github.com/microsoft/agent-governance-toolkit)
+- [Plugin Source](https://github.com/microsoft/agent-governance-toolkit/tree/master/integrations/dify-plugin)

docs/GOOGLE-ADK-PROPOSAL.md

@@ -88,11 +88,11 @@ This pattern has been validated across multiple frameworks:
 
 | Framework | Package | Tests |
 |-----------|---------|-------|
-| PydanticAI | [pydantic-ai-governance](https://github.com/imran-siddique/agentmesh-integrations/tree/master/pydantic-ai-governance) | 57 |
-| CrewAI | [crewai-agentmesh](https://github.com/imran-siddique/agentmesh-integrations/tree/master/crewai-agentmesh) | — |
+| PydanticAI | [pydantic-ai-governance](https://github.com/microsoft/agent-governance-toolkit/tree/master/pydantic-ai-governance) | 57 |
+| CrewAI | [crewai-agentmesh](https://github.com/microsoft/agent-governance-toolkit/tree/master/crewai-agentmesh) | — |
 | Microsoft Agent Framework | MAF middleware adapter | 18 |
-| Mastra | [@agentmesh/mastra](https://github.com/imran-siddique/agentmesh-integrations/tree/master/mastra-agentmesh) | 19 |
-| **Agent OS** (core) | [agent-os](https://github.com/imran-siddique/agent-os) | 1,327 |
+| Mastra | [@agentmesh/mastra](https://github.com/microsoft/agent-governance-toolkit/tree/master/mastra-agentmesh) | 19 |
+| **Agent OS** (core) | [agent-os](https://github.com/microsoft/agent-governance-toolkit) | 1,327 |
 
 ## OWASP Coverage
 
@@ -107,4 +107,4 @@ The GovernancePlugin covers 9/10 OWASP Agentic Top 10 risks through ADK's native
 
 - [Google ADK](https://github.com/google/adk-python)
 - [Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit)
-- [OWASP Compliance Mapping](https://github.com/imran-siddique/agent-governance/blob/master/docs/OWASP-COMPLIANCE.md)
+- [OWASP Compliance Mapping](https://github.com/microsoft/agent-governance-toolkit/blob/master/docs/OWASP-COMPLIANCE.md)

docs/LFAI-PROPOSAL.md

@@ -26,7 +26,7 @@ The ecosystem consists of 5 interoperating packages:
 - **82+ GitHub stars**, **30+ forks** across 5 repos
 - **9,400+ clones** in 14 days
 - **5 PyPI packages** published
-- **MCP server** on npm + [Glama listing](https://glama.ai/mcp/servers/@imran-siddique/agentos-mcp-server)
+- **MCP server** on npm + [Glama listing](https://glama.ai/mcp/servers/@microsoft/agentos-mcp-server)
 - **9/10 OWASP Agentic Top 10** risks covered
 - **4 external contributors**
 - All repos: MIT license, CI/CD, branch protection, code of conduct
@@ -101,7 +101,7 @@ As AI agents become increasingly autonomous, governance infrastructure is critic
 
 ## Links
 
-- [Agent OS](https://github.com/imran-siddique/agent-os) | [Agent Mesh](https://github.com/imran-siddique/agent-mesh) | [Agent Hypervisor](https://github.com/imran-siddique/agent-hypervisor) | [Agent SRE](https://github.com/imran-siddique/agent-sre) | [Agent Governance](https://github.com/imran-siddique/agent-governance)
+- [Agent OS](https://github.com/microsoft/agent-governance-toolkit) | [Agent Mesh](https://github.com/microsoft/agent-governance-toolkit) | [Agent Hypervisor](https://github.com/microsoft/agent-governance-toolkit) | [Agent SRE](https://github.com/microsoft/agent-governance-toolkit) | [Agent Governance](https://github.com/microsoft/agent-governance-toolkit)
 - [Microsoft mono-repo](https://github.com/microsoft/agent-governance-toolkit) (pending public release)
-- [OWASP Compliance Mapping](https://github.com/imran-siddique/agent-governance/blob/master/docs/OWASP-COMPLIANCE.md)
+- [OWASP Compliance Mapping](https://github.com/microsoft/agent-governance-toolkit/blob/master/docs/OWASP-COMPLIANCE.md)
 - [PyPI: agent-os](https://pypi.org/project/agent-os/)

docs/MCP-ECOSYSTEM-PROPOSAL.md

@@ -78,12 +78,12 @@ Add a "security" or "governance" category to the MCP Registry for:
 
 The toolkit already includes a working MCP server:
 - Published on npm: `@agentos/mcp-server`
-- Listed on [Glama](https://glama.ai/mcp/servers/@imran-siddique/agentos-mcp-server)
+- Listed on [Glama](https://glama.ai/mcp/servers/@microsoft/agentos-mcp-server)
 - Supports both stdio and HTTP transports
 
 ## Links
 
 - [MCP Servers Repository](https://github.com/modelcontextprotocol/servers)
 - [MCP Registry](https://github.com/modelcontextprotocol/registry)
 - [Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit)
-- [Glama Listing](https://glama.ai/mcp/servers/@imran-siddique/agentos-mcp-server)
+- [Glama Listing](https://glama.ai/mcp/servers/@microsoft/agentos-mcp-server)