Skip to content

Releases: microsoft/agent-governance-toolkit

Agent Governance Toolkit v2.2.0

18 Mar 22:39
@imran-siddique imran-siddique
v2.2.0
4168d93

Choose a tag to compare

View all tags
Agent Governance Toolkit v2.2.0 Latest
Latest

Agent Governance Toolkit v2.2.0

Important

Community Preview Release — All packages published from this repository (PyPI, npm, NuGet)
are community preview releases for testing and evaluation purposes only. They are not
official Microsoft-signed releases. Official Microsoft-signed packages published via ESRP
Release will be available in a future release.

What's New

ESRP Release Publishing Infrastructure

This release establishes the compliant publishing infrastructure required for future official
Microsoft-signed package releases:

  • PyPI publishing migrated from GitHub Actions Trusted Publishers to Azure DevOps pipeline
    using EsrpRelease@11 (pipelines/pypi-publish.yml)
  • npm publishing pipeline created using EsrpRelease@11 with @microsoft scope
    (pipelines/npm-publish.yml)
  • GitHub Actions (publish.yml) now builds and attests packages only — actual publishing
    is done exclusively through ESRP Release ADO pipelines

Package Metadata Compliance

All package metadata has been updated to align with Microsoft Python team and npm publishing
policies:

Python (PyPI) — 7 packages:

  • Author updated to Microsoft Corporation with team distribution list email
  • Agent Governance Toolkit Team added as maintainer across all packages
  • License classifier (License :: OSI Approved :: MIT License) added where missing
  • Community Edition prefix added to all package descriptions
  • agent-runtime build fixed (proper re-export wrapper for agent-hypervisor)

npm — 7 packages:

  • All scoped packages renamed to @microsoft (from @agentmesh, @agent-os, unscoped)
  • Author set to Microsoft Corporation across all packages
  • License corrected to MIT where mismatched (2 packages had Apache-2.0)
  • Repository URLs corrected to microsoft/agent-governance-toolkit
  • Community Edition prefix added to all package descriptions

NuGet — 1 package:

  • Existing ESRP signing configuration retained

Community Preview Disclaimers

Prominent disclaimers have been added to all user-facing documentation:

  • Root README, CHANGELOG, PUBLISHING guide
  • All 7 Python package READMEs
  • All 3 npm package READMEs with user docs
  • Both release notes (v1.0.0 and v2.1.0)
  • PyPI and npm package descriptions (visible on registry pages)

Publishing Documentation

  • New PUBLISHING.md at repo root — public-facing guide covering PyPI, npm, and NuGet
    publishing requirements, metadata standards, and naming conventions
  • ADO pipeline configurations with placeholder ESRP values ready for onboarding

Packages

Python (PyPI)

Package Version Status
agent-os-kernel 2.2.0 Community Preview
agentmesh-platform 2.2.0 Community Preview
agent-hypervisor 2.2.0 Community Preview
agent-runtime 2.2.0 Community Preview
agent-sre 2.2.0 Community Preview
agent-governance-toolkit 2.2.0 Community Preview
agent-lightning 2.2.0 Community Preview

npm

Package Version Status
@microsoft/agentmesh-sdk 1.0.0 Community Preview
@microsoft/agentmesh-mcp-proxy 1.0.0 Community Preview
@microsoft/agentos-mcp-server 1.0.1 Community Preview
@microsoft/agentmesh-copilot-governance 0.1.0 Community Preview
@microsoft/agentmesh-mastra 0.1.0 Community Preview
@microsoft/agentmesh-api 0.1.0 Community Preview
@microsoft/agent-os-copilot-extension 1.0.0 Community Preview

NuGet

Package Version Status
Microsoft.AgentGovernance 2.2.0 Community Preview

What's Coming

  • Official Microsoft-signed releases via ESRP Release (pending onboarding approval)
  • PyPI package ownership transfer to microsoft account
  • npm @microsoft scope activation via ESRP
  • NuGet Authenticode + NuGet package signing

Full Changelog

See CHANGELOG.md for the complete list of changes.

Assets 6
Loading

v2.1.0 — Multi-Language SDK Readiness + TypeScript Parity

15 Mar 21:19
@imran-siddique imran-siddique
v2.1.0
723b5d0

Choose a tag to compare

View all tags
v2.1.0 — Multi-Language SDK Readiness + TypeScript Parity

Agent Governance Toolkit v2.1.0

The missing security layer for AI agents — now in Python, TypeScript, and .NET.

Runtime policy enforcement, zero-trust identity, execution sandboxing, and SRE — 10/10 OWASP Agentic Top 10 coverage with 6,100+ tests across three languages.

🚀 What's New

Multi-Language SDK Readiness

The toolkit is now a polyglot governance layer. All three SDKs have first-class install instructions, quickstart code, and package metadata ready for registry publishing.

Language Package Install
Python agent-governance[full] pip install agent-governance[full]
TypeScript @agentmesh/sdk npm install @agentmesh/sdk
.NET Microsoft.AgentGovernance dotnet add package Microsoft.AgentGovernance

TypeScript SDK Full Parity (1.0.0)

The TypeScript SDK now has full feature parity with the Python PolicyEngine and AgentIdentity:

  • PolicyEngine — rich policy evaluation with 4 conflict resolution strategies, expression evaluator (equality, inequality, numeric, in/not-in, boolean, and/or, nested paths), rate limiting, YAML/JSON policy document loading
  • AgentIdentity — Ed25519 cryptographic identity with lifecycle management (active/suspended/revoked), capability wildcards, delegation chains, JWK/JWKS import/export, W3C DID Document export
  • IdentityRegistry — agent registry with cascade revocation
  • PolicyConflictResolver — 4 strategies: deny-overrides, allow-overrides, priority-first-match, most-specific-wins
  • 136 tests passing (57 existing + 79 new parity tests)

.NET SDK Hardened for NuGet

Enhanced NuGet package metadata — authors, license, repository URL, package tags, and readme now included in the .csproj. The .NET SDK covers all 10 OWASP Agentic risks with policy enforcement, execution rings, saga orchestration, circuit breakers, SLO tracking, prompt injection detection, and OpenTelemetry metrics.

Framework Integrations Expanded

Now supports 13+ agent frameworks including new entries:

  • Semantic Kernel — Native (.NET + Python) integration
  • Azure AI Foundry — Deployment guide for agent governance in Foundry Agent Service

Plus existing integrations: Microsoft Agent Framework, LangChain, LangGraph, CrewAI, AutoGen, OpenAI Agents SDK, Google ADK, Dify, LlamaIndex, Haystack.

Performance Benchmarks Published

Metric Latency (p50) Throughput
Policy evaluation (1 rule) 0.012 ms 72K ops/sec
Policy evaluation (100 rules) 0.029 ms 31K ops/sec
Kernel enforcement 0.091 ms 9.3K ops/sec
Concurrent throughput (50 agents) 35,481 ops/sec

Full methodology: BENCHMARKS.md

Key Changes Since v1.1.0

Added

  • TypeScript SDK full parity — PolicyEngine + Identity + 136 tests (#269)
  • 5 standalone framework quickstarts — LangChain, CrewAI, AutoGen, OpenAI Agents, Google ADK
  • Competitive comparison page — vs NeMo Guardrails, Guardrails AI, LiteLLM, Portkey
  • GitHub Copilot Extension for agent governance code review
  • Observability integrations — Prometheus, OTel, PagerDuty, Grafana (#49)
  • NIST RFI mapping — NIST AI Agent Security RFI 2026-00206 (#29)
  • 6 comprehensive governance tutorials (#187)
  • Azure deployment guides — AKS, AI Foundry, Container Apps, OpenClaw

Fixed

  • CostGuard input validation + org kill bypass prevention (#272)
  • CostGuard thread safety — bound breach history + Lock (#253)
  • .NET bug sweep — thread safety, error surfacing, caching, disposal (#252)
  • Behavioral anomaly detection in RingBreachDetector
  • ErrorBudget._events bounded with deque (#172)
  • VectorClock thread safety (#243)
  • Cross-package import errors (#222)
  • OWASP-COMPLIANCE.md broken link (#270)

Infrastructure

  • Architecture rename propagated across 52 files (#221)
  • OpenSSF Scorecard improved to ~7.7 (#113, #137)
  • agentmesh-integrations migrated into monorepo (#138)
  • Phase 2 + Phase 3 architecture consolidation (#206, #207)

Security & Compliance

Framework Coverage
OWASP Agentic Top 10 (2026) 10/10 risks
CSA Agentic Trust Framework 15/15 requirements
NIST AI RMF Govern, Map, Measure, Manage
EU AI Act Risk classification, audit trails, human oversight

Quick Start

# Python
pip install agent-governance[full]

# TypeScript
npm install @agentmesh/sdk

# .NET
dotnet add package Microsoft.AgentGovernance
from agent_os import PolicyEngine, CapabilityModel

engine = PolicyEngine(capabilities=CapabilityModel(
    allowed_tools=["web_search", "file_read"],
    denied_tools=["file_write", "shell_exec"],
))
decision = engine.evaluate(agent_id="researcher-1", action="tool_call", tool="web_search")

Full Changelog

See CHANGELOG.md for the complete list of changes.

License

MIT — © Microsoft Corporation

Loading

v1.1.0 — Enterprise Hardening Release

08 Mar 03:25
@imran-siddique imran-siddique
v1.1.0
8db51d3

Choose a tag to compare

View all tags
v1.1.0 — Enterprise Hardening Release

Agent Governance Toolkit v1.1.0 — Enterprise Hardening Release

Security First

This toolkit now covers 10/10 OWASP Agentic Security Initiative (ASI) 2026 controls — verified by an automated certification CLI that produces a signed attestation on every deployment. Run agent-compliance verify and get a machine-readable proof.

The threat model this release addresses:

Threat Defense Verified
Prompt injection smuggling tool calls PolicyInterceptor + LlamaFirewall + OutputValidationMiddleware ✅ ASI-01
Tool renaming to bypass allowlists ToolAliasRegistry — 30+ aliases across 7 canonical families ✅ ASI-02
Excessive agent autonomy GovernancePolicy with capability caps + token budgets ✅ ASI-03
Unauthorized privilege escalation EscalationPolicy with ESCALATE tier + human approval queues ✅ ASI-04
Trust boundary violation CardRegistry with RevocationList + Ed25519 identity mesh ✅ ASI-05
Insufficient audit logging AuditChain with Ed25519 signatures + hash-chain tamper detection ✅ ASI-06
Insecure agent identity AgentIdentity with SPIFFE DIDs + key rotation ✅ ASI-07
Policy conflict bypass 4-strategy conflict resolver (DENY_OVERRIDES, MOST_SPECIFIC_WINS, ...) ✅ ASI-08
Supply chain tampering IntegrityVerifier — SHA-256 module hashing + function bytecode verification ✅ ASI-09
Behavioral anomaly (rogue agents) Statistical anomaly detection on tool call frequency + error rates ✅ ASI-10

Bootstrap integrity: The governance layer verifies its own integrity at startup — hashing 15 module source files and 4 critical enforcement function bytecodes against a published manifest. A supply chain attack on the toolkit itself is detectable before any policy evaluation occurs.

339+ tests. Not smoke tests — adversarial tests. Tamper detection, policy bypass attempts, synonym evasion, mid-session mutation, trust score crash recovery.

What Changed Since v1.0.1

15 issues closed · 339+ tests added · 12 features shipped in 72 hours.

Security & Adversarial Durability

  • Policy conflict resolution — 4 strategies: DENY_OVERRIDES, ALLOW_OVERRIDES, PRIORITY_FIRST_MATCH, MOST_SPECIFIC_WINS with 3-tier scope (global → tenant → agent) and auditable resolution trace (#91)
  • Session policy pinning — Deep-copy snapshots prevent mid-flight policy mutations from leaking into running sessions (#92)
  • Tool alias registry — Canonical capability mapping blocks bing_search from dodging a web_search policy (#94)
  • Human-in-the-loop escalation — Suspend-and-route-to-human for regulated industries (#81)
  • Bootstrap integrity verification — Module + bytecode hashing against published manifest (#95)

Reliability & Operations

  • Version compatibility matrixdoctor() detects silent inter-package version skew (#83)
  • Credential lifecycle — RevocationList wired into CardRegistry.is_verified() (#82)
  • File-backed trust persistence — Atomic JSON writes, survives restarts (#86)
  • Policy schema versioningapiVersion field with migration + deprecation warnings (#87)

Governance Certification CLI

agent-compliance verify           # OWASP ASI 2026 check → signed attestation
agent-compliance verify --json    # Machine-readable for CI pipelines
agent-compliance verify --badge   # Shields.io badge for your README
agent-compliance integrity --generate integrity.json  # Baseline manifest

Deep Governance (PR #90)

  • SIGKILL-analog process isolation (#77)
  • OpenTelemetry observability (#76)
  • Async concurrency safety (#75)
  • Policy-as-code CI pipeline (#74)
  • LangChain/CrewAI/AutoGen deep integrations (#73)
  • Ed25519-signed audit trail (#72)
  • Behavioral anomaly detection (#71)

Infrastructure

  • 7 production module ports (25,400+ lines) (#63#69)
  • 44 CodeQL scanning alerts resolved (#79)
  • Copilot auto-review on all PRs (#70)

Install

pip install ai-agent-compliance[full]

v1.2 Roadmap

4 architectural items tracked for the next release:

  • #80 — .NET SDK support
  • #84 — XACML/Cedar policy interchange
  • #88 — Behavioral chaos testing (deadlocks, contradictory instructions)
  • #93 — Cross-organizational federation governance

Full changelog: CHANGELOG.md

Loading

v1.0.1 — First Public Release

06 Mar 21:29
@imran-siddique imran-siddique
v1.0.1
e1a4ca8

Choose a tag to compare

View all tags
v1.0.1 — First Public Release

Agent Governance Toolkit v1.0.1 — First Public Release

Added

  • CODEOWNERS for review routing
  • SBOM workflow — SPDX-JSON + CycloneDX-JSON on every release with GitHub attestation

Changed

  • MIT license headers on 1,159 source files
  • 215 URLs migrated to microsoft/ org
  • Enhanced README, bumped all packages to 1.0.1

Security

  • Clean secret scan, 0 pip-audit vulnerabilities, all prior CVEs resolved

Install

pip install ai-agent-compliance[full]
Loading

v1.0.0 — Initial Release

04 Mar 22:01
@imran-siddique imran-siddique
v1.0.0
9c2895b

Choose a tag to compare

View all tags
v1.0.0 — Initial Release

What's Changed

  • Adding Microsoft SECURITY.MD by @microsoft-github-policy-service[bot] in #2

New Contributors

  • @microsoft-github-policy-service[bot] made their first contribution in #2

Full Changelog: https://github.com/microsoft/agent-governance-toolkit/commits/v1.0.0

Loading