docs: Phase 3 — Propagate architecture rename across all docs (#221)

Propagates agent-hypervisor to agent-runtime rename across 52 files. Closes #208-#220. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: imran-siddique

.github/pull_request_template.md

@@ -12,7 +12,7 @@
 ## Package(s) Affected
 - [ ] agent-os-kernel
 - [ ] agent-mesh
-- [ ] agent-hypervisor
+- [ ] agent-runtime
 - [ ] agent-sre
 - [ ] agent-governance
 - [ ] docs / root

CHANGELOG.md

@@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- **agent-hypervisor**: Version bump to align with mono-repo versioning
+- **agent-runtime**: Version bump to align with mono-repo versioning
 
 ### Security
 
@@ -21,7 +21,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- **agent-hypervisor**: Centralize hardcoded ring thresholds and constants (#188)
+- **agent-runtime**: Centralize hardcoded ring thresholds and constants (#188)
 
 ## [1.1.0] - 2026-03-08
 
@@ -128,7 +128,7 @@ pip install ai-agent-compliance[full]
 - **AgentMesh** (`agentmesh`) — Zero-trust inter-agent identity mesh with SPIFFE-based
   identity, DID-linked credentials, Microsoft Entra Agent ID adapter, and AI-BOM v2.0
   supply-chain provenance.
-- **Agent Hypervisor** (`agent-hypervisor`) — Runtime sandboxing with capability-based
+- **Agent Runtime** (`agent-runtime`) — Runtime sandboxing with capability-based
   isolation, resource quotas, and Docker/Firecracker execution environments.
 - **Agent SRE** (`agent-sre`) — Observability toolkit with chaos-engineering probes,
   canary deployment framework, and automated incident response.

CONTRIBUTING.md

@@ -39,25 +39,29 @@ cd agent-governance-toolkit
 # Install in development mode
 pip install -e "packages/agent-os[dev]"
 pip install -e "packages/agent-mesh[dev]"
-pip install -e "packages/agent-hypervisor[dev]"
+pip install -e "packages/agent-runtime[dev]"
 pip install -e "packages/agent-sre[dev]"
 pip install -e "packages/agent-compliance[dev]"
+pip install -e "packages/agent-marketplace[dev]"
+pip install -e "packages/agent-lightning[dev]"
 
 # Run tests
 pytest
 ```
 
 ### Package Structure
 
-This is a mono-repo with five packages:
+This is a mono-repo with seven packages:
 
 | Package | Directory | Description |
 |---------|-----------|-------------|
 | `agent-os-kernel` | `packages/agent-os/` | Kernel architecture for policy enforcement |
 | `agentmesh` | `packages/agent-mesh/` | Inter-agent trust and identity mesh |
-| `agent-hypervisor` | `packages/agent-hypervisor/` | Runtime sandboxing and capability isolation |
+| `agent-runtime` | `packages/agent-runtime/` | Runtime sandboxing and capability isolation |
 | `agent-sre` | `packages/agent-sre/` | Observability, alerting, and reliability |
 | `ai-agent-compliance` | `packages/agent-compliance/` | Unified installer and compliance docs |
+| `agent-marketplace` | `packages/agent-marketplace/` | Plugin lifecycle management for governed agent ecosystems |
+| `agent-lightning` | `packages/agent-lightning/` | RL training governance with governed runners and policy rewards |
 
 ### Coding Guidelines
 

QUICKSTART.md

@@ -34,7 +34,9 @@ pip install agent-os-kernel        # Policy enforcement + framework integrations
 pip install agentmesh-platform     # Zero-trust identity + trust cards
 pip install ai-agent-compliance    # OWASP ASI verification + integrity CLI
 pip install agent-sre              # SLOs, error budgets, chaos testing
-pip install agent-hypervisor       # Execution sandboxing + privilege rings
+pip install agent-runtime          # Execution supervisor + privilege rings
+pip install agent-marketplace      # Plugin lifecycle management
+pip install agent-lightning        # RL training governance
 ```
 
 ## 2. Verify Your Installation

README.md

@@ -54,14 +54,21 @@ Addresses **10 of 10 [OWASP Agentic Top 10](https://genai.owasp.org/resource/owa
 │            │                               │                   │
 │            ▼                               ▼                   │
 │   ┌───────────────────┐      ┌───────────────────────────┐     │
-│   │ Agent Hypervisor  │      │     Agent SRE             │     │
+│   │  Agent Runtime    │      │     Agent SRE             │     │
 │   │                   │      │                           │     │
 │   │  Execution Rings  │      │  SLO Engine + Error Budget│     │
 │   │  Resource Limits  │      │  Replay & Chaos Testing   │     │
 │   │  Runtime Sandboxing│     │  Progressive Delivery     │     │
 │   │  Termination Ctrl │      │  Circuit Breakers         │     │
 │   └───────────────────┘      └───────────────────────────┘     │
 │                                                                 │
+│   ┌───────────────────┐      ┌───────────────────────────┐     │
+│   │ Agent Marketplace │      │   Agent Lightning         │     │
+│   │                   │      │                           │     │
+│   │  Plugin Discovery │      │  RL Training Governance   │     │
+│   │  Signing & Verify │      │  Policy Rewards           │     │
+│   └───────────────────┘      └───────────────────────────┘     │
+│                                                                 │
 └─────────────────────────────────────────────────────────────────┘
 ```
 
@@ -71,9 +78,11 @@ Addresses **10 of 10 [OWASP Agentic Top 10](https://genai.owasp.org/resource/owa
 |---------|------|-------------|
 | **Agent OS** | [`agent-os-kernel`](https://pypi.org/project/agent-os-kernel/) | Policy engine — deterministic action evaluation, capability model, audit logging, action interception, MCP gateway |
 | **AgentMesh** | [`agentmesh-platform`](https://pypi.org/project/agentmesh-platform/) | Inter-agent trust — Ed25519 identity, SPIFFE/SVID credentials, trust scoring, A2A/MCP/IATP protocol bridges |
-| **Agent Hypervisor** | [`agent-hypervisor`](https://pypi.org/project/agent-hypervisor/) | Execution sandboxing — 4-tier privilege rings, saga orchestration, termination control, joint liability, append-only audit log |
+| **Agent Runtime** | [`agent-runtime`](packages/agent-runtime/) | Execution supervisor — 4-tier privilege rings, saga orchestration, termination control, joint liability, append-only audit log |
 | **Agent SRE** | [`agent-sre`](https://pypi.org/project/agent-sre/) | Reliability engineering — SLOs, error budgets, replay debugging, chaos engineering, progressive delivery |
-| **Agent Compliance** | [`ai-agent-compliance`](https://pypi.org/project/ai-agent-compliance/) | Unified installer and compliance documentation |
+| **Agent Compliance** | [`ai-agent-compliance`](https://pypi.org/project/ai-agent-compliance/) | Regulatory compliance — GDPR, HIPAA, SOX audit frameworks |
+| **Agent Marketplace** | [`agent-marketplace`](packages/agent-marketplace/) | Plugin lifecycle — discover, install, verify, and sign plugins |
+| **Agent Lightning** | [`agent-lightning`](packages/agent-lightning/) | RL training governance — governed runners, policy rewards |
 
 ## Quick Start
 
@@ -106,8 +115,10 @@ Or install individual packages:
 ```bash
 pip install agent-os-kernel    # Just the policy engine
 pip install agentmesh           # Just the trust mesh
-pip install agent-hypervisor    # Just the hypervisor
+pip install agent-runtime       # Just the runtime supervisor
 pip install agent-sre           # Just the SRE toolkit
+pip install agent-marketplace   # Just the plugin marketplace
+pip install agent-lightning     # Just the RL training governance
 ```
 
 ## Framework Integrations
@@ -133,7 +144,7 @@ Works with **12+ agent frameworks** including:
 | Agent Goal Hijacking | ASI-01 | ✅ Policy engine blocks unauthorized goal changes |
 | Excessive Capabilities | ASI-02 | ✅ Capability model enforces least-privilege |
 | Identity & Privilege Abuse | ASI-03 | ✅ Zero-trust identity with Ed25519 certs |
-| Uncontrolled Code Execution | ASI-04 | ✅ Hypervisor execution rings + sandboxing |
+| Uncontrolled Code Execution | ASI-04 | ✅ Agent Runtime execution rings + sandboxing |
 | Insecure Output Handling | ASI-05 | ✅ Content policies validate all outputs |
 | Memory Poisoning | ASI-06 | ✅ Episodic memory with integrity checks |
 | Unsafe Inter-Agent Communication | ASI-07 | ✅ AgentMesh encrypted channels + trust gates |
@@ -155,7 +166,7 @@ Works with **12+ agent frameworks** including:
 
 ### Security Model & Boundaries
 
-This toolkit operates as **Python middleware** — it intercepts agent actions at the application level, not at the OS or hypervisor level. Understanding this boundary is critical:
+This toolkit operates as **Python middleware** — it intercepts agent actions at the application level, not at the OS or hardware level. Understanding this boundary is critical:
 
 | What it does | What it does NOT do |
 |---|---|

RELEASE_NOTES_v1.0.0.md

@@ -16,9 +16,11 @@
 |---------|-------------|---------|
 | **Agent OS** | Stateless governance kernel with policy engine, VFS, and MCP proxy | `pip install agent-os-kernel` |
 | **AgentMesh** | Zero-trust identity mesh with DID, trust scoring, delegation chains | `pip install agentmesh-platform` |
-| **Agent Hypervisor** | Execution rings, resource limits, kill switch, saga orchestration | `pip install agent-hypervisor` |
+| **Agent Runtime** | Execution rings, resource limits, kill switch, saga orchestration | `pip install agent-runtime` |
 | **Agent SRE** | SLOs, error budgets, circuit breakers, chaos engineering | `pip install agent-sre` |
 | **Agent Compliance** | Unified installer and compliance documentation | `pip install ai-agent-compliance` |
+| **Agent Marketplace** | Plugin lifecycle management for governed agent ecosystems | `pip install agent-marketplace` |
+| **Agent Lightning** | RL training governance with governed runners and policy rewards | `pip install agent-lightning` |
 
 ## Security & Compliance
 

demo/maf_governance_demo.py

@@ -42,6 +42,7 @@
 sys.path.insert(0, str(_REPO_ROOT / "packages" / "agent-os" / "src"))
 sys.path.insert(0, str(_REPO_ROOT / "packages" / "agent-mesh" / "src"))
 sys.path.insert(0, str(_REPO_ROOT / "packages" / "agent-sre" / "src"))
+# agent-hypervisor is the legacy name; the package is now called agent-runtime
 sys.path.insert(0, str(_REPO_ROOT / "packages" / "agent-hypervisor" / "src"))
 
 # Suppress library-level log messages to keep terminal output clean.

docs/AAIF-PROPOSAL.md

@@ -44,7 +44,7 @@ The OWASP Agentic Top 10 codifies these risks. The Agent Governance Toolkit addr
 │            │                               │                   │
 │            ▼                               ▼                   │
 │   ┌───────────────────┐      ┌───────────────────────────┐     │
-│   │ Agent Hypervisor  │      │     Agent SRE             │     │
+│   │ Agent Runtime     │      │     Agent SRE             │     │
 │   │                   │      │                           │     │
 │   │  Execution Rings  │      │  SLO Engine + Error Budget│     │
 │   │  Resource Limits  │      │  Replay & Chaos Testing   │     │
@@ -60,7 +60,7 @@ The OWASP Agentic Top 10 codifies these risks. The Agent Governance Toolkit addr
 |---------|------------|-------|
 | **Agent OS** | Core governance kernel — policy engine, capability model, audit logging, syscall interception, MCP gateway | 700+ |
 | **AgentMesh** | Inter-agent trust — Ed25519 DID identity, SPIFFE/SVID credentials, trust scoring (0-1000), A2A/MCP/IATP protocol bridges | 1,600+ |
-| **Agent Hypervisor** | Execution isolation — 4-tier privilege rings, saga orchestration, kill switch, Shapley-value fault attribution | 326 |
+| **Agent Runtime** | Execution isolation — 4-tier privilege rings, saga orchestration, kill switch, Shapley-value fault attribution | 326 |
 | **Agent SRE** | Reliability engineering — SLO engine, error budgets, chaos testing, progressive delivery, anomaly detection | 1,071+ |
 | **Agent Governance** | Unified installer, compliance documentation, OWASP mapping | 200+ |
 
@@ -74,7 +74,7 @@ The OWASP Agentic Top 10 codifies these risks. The Agent Governance Toolkit addr
 | Tool Misuse | ASI-02 | ✅ Covered | Capability Sandbox — tool allow/deny, rate limits |
 | Insecure Identity | ASI-03 | ✅ Covered | AgentMesh — DID identity, IATP, SPIFFE certs |
 | Supply Chain | ASI-04 | ⚠️ Partial | Agent-SBOM planned |
-| Insecure Output | ASI-05 | ✅ Covered | Hypervisor — execution rings, output validation |
+| Insecure Output | ASI-05 | ✅ Covered | Runtime — execution rings, output validation |
 | Memory Poisoning | ASI-06 | ✅ Covered | VFS + CMVK (content-addressable memory) |
 | Insufficient Monitoring | ASI-07 | ✅ Covered | Agent SRE — SLOs, OTel export, anomaly detection |
 | Error Handling | ASI-08 | ✅ Covered | Circuit breakers, saga compensation, error budgets |

docs/COSAI-WS4-PROPOSAL.md

@@ -104,6 +104,6 @@ sandbox.check("execute_shell")  # Not granted → blocked
 - [OWASP Agentic Top 10 Compliance Mapping](https://github.com/microsoft/agent-governance-toolkit/blob/master/docs/OWASP-COMPLIANCE.md)
 - [Agent OS](https://github.com/microsoft/agent-governance-toolkit) — reference implementation
 - [Agent Mesh](https://github.com/microsoft/agent-governance-toolkit) — inter-agent trust layer
-- [Agent Hypervisor](https://github.com/microsoft/agent-governance-toolkit) — execution isolation
+- [Agent Runtime](https://github.com/microsoft/agent-governance-toolkit) — execution isolation
 - [CoSAI MCP Security Analysis](https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md) — complementary work
 - OS kernel security model (Linux capabilities, SELinux mandatory access control) — inspiration for ring-based approach

docs/CSA-ATF-PROPOSAL.md

@@ -16,9 +16,9 @@ The ATF defines 5 core pillars and 15 security requirements. The Agent Governanc
 | ATF Pillar | Toolkit Package | Coverage |
 |------------|----------------|----------|
 | 1. Identity Management | AgentMesh (DID + Entra Agent ID) | ✅ Full |
-| 2. Behavioral Monitoring | Agent Hypervisor + Agent SRE | ✅ Full |
+| 2. Behavioral Monitoring | Agent Runtime + Agent SRE | ✅ Full |
 | 3. Data Governance | Agent OS (VFS + Policy Engine) | ✅ Full |
-| 4. Segmentation | Agent Hypervisor (Execution Rings) | ✅ Full |
+| 4. Segmentation | Agent Runtime (Execution Rings) | ✅ Full |
 | 5. Incident Response | Agent SRE (Circuit Breakers + Kill Switch) | ✅ Full |
 
 ## Key Differentiators