[RFC] Runtime governance reference implementation for secure agentic system design

[imran-siddique]

Summary

The Agent Governance Toolkit (AGT) — now at v3.2.0 Public Preview with 9,500+ tests, 5 SDK languages (Python, TypeScript, C#, Java, Go), and 12+ framework integrations — provides a runtime governance reference implementation directly aligned with WS4's secure design patterns for agentic systems.

What AGT Addresses

AGT implements the runtime governance layer that WS4 designs require:

• Policy-as-Code — Declarative YAML/OPA policies enforced at every agent action boundary
• Zero-Trust Agent Identity — IATP-based identity verification and trust scoring for multi-agent systems
• Execution Sandboxing — Resource-constrained tool execution with mandatory human-in-the-loop gates
• 10/10 OWASP Agentic Top 10 coverage — Every risk mapped to concrete, tested controls

Proposal

We'd like to offer AGT as a reference implementation for WS4's secure agentic system design guidelines. Specifically:

1. Map AGT's governance controls to each WS4 design pattern
2. Contribute worked examples showing policy enforcement in multi-agent workflows
3. Collaborate on a shared taxonomy for runtime governance primitives

References

• AGT Repository
• OWASP Compliance Mapping
• Threat Model

Happy to discuss scope, provide demos, or contribute directly to WS4 deliverables.

[imran-siddique]

Update: Contributor Reputation Tooling shipped in AGT v3.3.0

While building the governance tooling proposed in this thread, we uncovered and documented a pattern of coordinated inauthentic contributions targeting AI agent and governance repos across GitHub. The attack pattern:

1. Accounts get small PRs merged into a respected project (credibility building)
2. Within days, they spray issues across 10-30 repos citing those merges as credentials
3. They submit proposals to foundations (AAIF, OpenSSF, CNCF) using the accumulated credibility

We built detection tooling and shipped it as a reusable GitHub Action any repo or foundation can adopt:

- uses: microsoft/agent-governance-toolkit/.github/actions/contributor-check@main
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}
    target-repo: microsoft/agent-governance-toolkit

It checks account shape, detects credential-spray patterns, and flags MEDIUM/HIGH risk contributions for human review. MIT-licensed, zero dependencies.

Details: AGT v3.3.0 release | Scripts

This may be relevant for evaluating project proposals and contributions in this space.

[sarahnovotny]

Thanks for the proposal, @imran-siddique. Adding the review label so this enters the chairs' RFC review queue per the WS4 process.

Will discuss at the Apr 30 WS4 meeting alongside the other RFCs currently under review (#61, #9, #6).

[imran-siddique]

Thanks for the proposal, @imran-siddique. Adding the review label so this enters the chairs' RFC review queue per the WS4 process.

Will discuss at the Apr 30 WS4 meeting alongside the other RFCs currently under review (#61, #9, #6).

Thank you

[sarahnovotny]

Hi @imran-siddique, would you be open to presenting during our meeting on the 14th at 0900PT?

[imran-siddique]

Hi @imran-siddique, would you be open to presenting during our meeting on the 14th at 0900PT?

yes @sarahnovotny - that time works, please send me the invite to mosiddi@microsoft.com and also let me know time I would have and what to cover and what to expect.

[sarahnovotny]

Hi @imran-siddique , you'll have 15 minutes which ideally can include a couple minutes of questions. then we'll redirect people to this issue or our CoSAI slack for more discussion. @claurau will help us by sending you the calendar invite shortly.

[imran-siddique]

Hi @imran-siddique , you'll have 15 minutes which ideally can include a couple minutes of questions. then we'll redirect people to this issue or our CoSAI slack for more discussion. @claurau will help us by sending you the calendar invite shortly.

Thank you, looking forward

[claurau]

Hi @imran-siddique , you'll have 15 minutes which ideally can include a couple minutes of questions. then we'll redirect people to this issue or our CoSAI slack for more discussion. @claurau will help us by sending you the calendar invite shortly.

Done :)

[imran-siddique]

Hi @imran-siddique , you'll have 15 minutes which ideally can include a couple minutes of questions. then we'll redirect people to this issue or our CoSAI slack for more discussion. @claurau will help us by sending you the calendar invite shortly.

Done :)

Thank you, looking forward to:)

[imran-siddique]

@claurau , @sarahnovotny and @imolloy : great meeting all of you today! Do share your thoughts on next steps.

[imran-siddique]

CoSAI-WS4-AGT-Reference-Implementation-May14-2026.pptx @sarahnovotny and @imolloy FYI presentation used during the session.