Skip to content

Commit 881f916

Browse files
imran-siddiqueCopilot
imran-siddique
and
Copilot
authored
feat: bootstrap integrity verification + governance certification CLI (#99)
- IntegrityVerifier: SHA-256 hash verification of governance module source files and critical function bytecodes against a published manifest. Detects supply chain tampering at startup. (Closes #95) - GovernanceVerifier: OWASP ASI 2026 control presence checking with signed attestation output, coverage percentage, and shields.io badge generation for README embedding - CLI: 'agent-compliance verify' and 'agent-compliance integrity' commands with --json, --badge, --generate, --manifest flags - 28 tests covering hash determinism, tamper detection, manifest round-trip, badge generation, and CLI integration Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 90fb81c commit 881f916

File tree

6 files changed

+1076
-0
lines changed

6 files changed

+1076
-0
lines changed

packages/agent-compliance/pyproject.toml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,3 +52,6 @@ Repository = "https://github.com/microsoft/agent-governance-toolkit"
5252
"AgentMesh" = "https://github.com/microsoft/agent-governance-toolkit"
5353
"Agent Hypervisor" = "https://github.com/microsoft/agent-governance-toolkit"
5454
"Agent SRE" = "https://github.com/microsoft/agent-governance-toolkit"
55+
56+
[project.scripts]
57+
agent-compliance = "agent_compliance.cli.main:main"

packages/agent-compliance/src/agent_compliance/cli/__init__.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# Copyright (c) Microsoft Corporation.
2+
# Licensed under the MIT License.

packages/agent-compliance/src/agent_compliance/cli/main.py

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
#!/usr/bin/env python3
2+
# Copyright (c) Microsoft Corporation.
3+
# Licensed under the MIT License.
4+
"""
5+
Agent Governance Toolkit CLI.
6+
7+
Commands:
8+
verify Run OWASP ASI 2026 governance verification
9+
integrity Verify or generate module integrity manifest
10+
"""
11+
12+
from __future__ import annotations
13+
14+
import argparse
15+
import sys
16+
17+
18+
def cmd_verify(args: argparse.Namespace) -> int:
19+
"""Run governance verification."""
20+
from agent_compliance.verify import GovernanceVerifier
21+
22+
verifier = GovernanceVerifier()
23+
attestation = verifier.verify()
24+
25+
if args.json:
26+
print(attestation.to_json())
27+
elif args.badge:
28+
print(attestation.badge_markdown())
29+
else:
30+
print(attestation.summary())
31+
32+
return 0 if attestation.passed else 1
33+
34+
35+
def cmd_integrity(args: argparse.Namespace) -> int:
36+
"""Run integrity verification or generate manifest."""
37+
from agent_compliance.integrity import IntegrityVerifier
38+
39+
if args.generate:
40+
verifier = IntegrityVerifier()
41+
manifest = verifier.generate_manifest(args.generate)
42+
print(f"Manifest written to {args.generate}")
43+
print(f" Files hashed: {len(manifest['files'])}")
44+
print(f" Functions hashed: {len(manifest['functions'])}")
45+
return 0
46+
47+
verifier = IntegrityVerifier(manifest_path=args.manifest)
48+
report = verifier.verify()
49+
50+
if args.json:
51+
import json
52+
53+
print(json.dumps(report.to_dict(), indent=2))
54+
else:
55+
print(report.summary())
56+
57+
return 0 if report.passed else 1
58+
59+
60+
def main() -> int:
61+
"""CLI entry point."""
62+
parser = argparse.ArgumentParser(
63+
prog="agent-compliance",
64+
description="Agent Governance Toolkit — Compliance & Verification CLI",
65+
)
66+
subparsers = parser.add_subparsers(dest="command", help="Available commands")
67+
68+
# verify command
69+
verify_parser = subparsers.add_parser(
70+
"verify",
71+
help="Run OWASP ASI 2026 governance verification",
72+
)
73+
verify_parser.add_argument(
74+
"--json", action="store_true", help="Output JSON attestation"
75+
)
76+
verify_parser.add_argument(
77+
"--badge", action="store_true", help="Output markdown badge only"
78+
)
79+
80+
# integrity command
81+
integrity_parser = subparsers.add_parser(
82+
"integrity",
83+
help="Verify or generate module integrity manifest",
84+
)
85+
integrity_parser.add_argument(
86+
"--manifest", type=str, help="Path to integrity.json manifest to verify against"
87+
)
88+
integrity_parser.add_argument(
89+
"--generate",
90+
type=str,
91+
metavar="OUTPUT_PATH",
92+
help="Generate integrity manifest at the given path",
93+
)
94+
integrity_parser.add_argument(
95+
"--json", action="store_true", help="Output JSON report"
96+
)
97+
98+
args = parser.parse_args()
99+
100+
if args.command == "verify":
101+
return cmd_verify(args)
102+
elif args.command == "integrity":
103+
return cmd_integrity(args)
104+
else:
105+
parser.print_help()
106+
return 0
107+
108+
109+
if __name__ == "__main__":
110+
sys.exit(main())

0 commit comments

Comments
 (0)