Unified installer and runtime policy enforcement for the Agent Governance Toolkit
One install for the complete governance stack — kernel · trust mesh · runtime supervisor · reliability engineering
[!IMPORTANT] Community Preview — The
agent-governance-toolkitpackage on PyPI is a community preview release for testing and evaluation only. It is not an official Microsoft-signed release. Official signed packages will be available in a future release.
pip install agent-governance-toolkit[full]
Architecture • Quick Start • Components • Why Unified? • Ecosystem • OWASP Compliance • Traction
⭐ If this project helps you, please star it! It helps others discover the agent governance stack.
🔗 Part of the Agent Governance Ecosystem — Installs Agent OS · AgentMesh · Agent Runtime · Agent SRE
Migrating from
ai-agent-compliance? The package has been renamed toagent-governance-toolkit. Runpip install agent-governance— the old name is deprecated and will redirect here for 6 months.
┌─────────────────────────────────────────────────────────────────┐
│ agent-governance │
│ pip install agent-governance-toolkit[full] │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌───────────────────┐ ┌───────────────────────────┐ │
│ │ Agent OS Kernel │◄────►│ AgentMesh Platform │ │
│ │ │ │ │ │
│ │ Policy Engine │ │ Zero-Trust Identity │ │
│ │ Capability Model │ │ Mutual TLS for Agents │ │
│ │ Audit Logging │ │ Encrypted Channels │ │
│ │ Syscall Layer │ │ Trust Scoring │ │
│ └────────┬──────────┘ └─────────────┬─────────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌───────────────────┐ ┌───────────────────────────┐ │
│ │ Agent Runtime │ │ Agent SRE │ │
│ │ │ │ │ │
│ │ Execution Rings │ │ Health Monitoring │ │
│ │ Resource Limits │ │ SLO Enforcement │ │
│ │ Runtime Sandboxing│ │ Incident Response │ │
│ │ Kill Switch │ │ Chaos Engineering │ │
│ └───────────────────┘ └───────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
import asyncio
from agent_os import StatelessKernel, ExecutionContext
from agentmesh import AgentIdentity
# Boot the governance kernel
kernel = StatelessKernel()
ctx = ExecutionContext(agent_id="my-agent", policies=["read_only"])
# Establish zero-trust agent identity
identity = AgentIdentity.create(
name="my-agent",
sponsor="alice@company.com",
capabilities=["read:data", "write:reports"],
)
# Execute a governed action
async def main():
result = await kernel.execute(
action="database_query",
params={"query": "SELECT * FROM users"},
context=ctx,
)
print(f"Success: {result.success}, Data: {result.data}")
asyncio.run(main())Check your governance coverage with a compliance grade:
from agent_compliance.verify import GovernanceVerifier
verifier = GovernanceVerifier()
attestation = verifier.verify()
print(f"Grade: {attestation.compliance_grade()}") # A, B, C, D, or F
print(f"Coverage: {attestation.coverage_pct()}%")
print(attestation.badge_markdown())Install only what you need:
# Core: kernel + trust mesh
pip install agent-governance-toolkit
# Full stack: adds runtime + SRE
pip install agent-governance-toolkit[full]
# À la carte
pip install agent-governance-toolkit[runtime]
pip install agent-governance-toolkit[sre]| Package | Role |
|---|---|
| Agent OS | Policy engine — deterministic action evaluation |
| AgentMesh | Trust infrastructure — identity, credentials, protocol bridges |
| Agent Runtime | Execution supervisor — rings, sessions, sagas |
| Agent SRE | Reliability — SLOs, circuit breakers, chaos testing |
| Agent Compliance | Regulatory compliance — GDPR, HIPAA, SOX frameworks (this package) |
| Agent Marketplace | Plugin lifecycle — discover, install, verify, sign |
| Agent Lightning | RL training governance — governed runners, policy rewards |
Running AI agents in production without governance is like deploying microservices without TLS, RBAC, or monitoring. Each layer solves a different problem:
| Concern | Without Governance | With Agent Governance |
|---|---|---|
| Security | Agents call any tool, access any resource | Capability-based permissions, policy enforcement |
| Trust | No identity verification between agents | Mutual TLS, trust scores, encrypted channels |
| Control | Runaway agents consume unbounded resources | Execution rings, resource limits, kill switches |
| Reliability | Silent failures, no observability | SLO enforcement, health checks, incident automation |
| Compliance | No audit trail for agent decisions | Immutable audit logs, decision lineage tracking |
One install. Four layers of protection.
The meta-package ensures all components are version-compatible and properly integrated. No dependency conflicts, no version mismatches — just a single pip install to go from zero to production-grade agent governance.
agent-governance ─── The meta-package (you are here)
├── agent-os-kernel ─── Governance kernel
├── agentmesh-platform ─── Zero-trust mesh
├── agent-runtime ─── Runtime supervisor (optional)
└── agent-sre ─── Reliability engineering (optional)
Each component works standalone, but they're designed to work together. The kernel enforces policy, the mesh secures communication, the runtime controls execution, and SRE keeps everything running.
See the examples/ directory for runnable demos:
# Quick start — boot the governance stack in 30 lines
python examples/quickstart.py
# Full stack — all 4 layers working together
python examples/governed_agent.py# LangChain
pip install langchain agent-governance
# CrewAI
pip install crewai agent-governance
# AutoGen
pip install pyautogen agent-governance| Quarter | Milestone |
|---|---|
| Q1 2026 | ✅ Unified meta-package, 4 components integrated, PyPI published |
| Q2 2026 | Cross-component integration tests, unified CLI, dashboard UI |
| Q3 2026 | Helm chart for Kubernetes, managed cloud preview |
| Q4 2026 | SOC2 Type II certification, enterprise support tier |
The agent governance stack covers 10 of 10 risks from the OWASP Top 10 for Agentic Applications (2026):
| OWASP Risk | Coverage | Component |
|---|---|---|
| Agent Goal Hijack | ✅ | Agent OS — Policy Engine |
| Tool Misuse | ✅ | Agent OS — Capability Sandboxing |
| Identity & Privilege Abuse | ✅ | AgentMesh — DID Identity |
| Supply Chain Vulnerabilities | ✅ | AgentMesh — AI-BOM v2.0 |
| Unexpected Code Execution | ✅ | Agent Runtime — Execution Rings |
| Memory & Context Poisoning | ✅ | Agent OS — VFS + CMVK |
| Insecure Inter-Agent Communication | ✅ | AgentMesh — IATP Protocol |
| Cascading Failures | ✅ | Agent SRE — Circuit Breakers |
| Human-Agent Trust Exploitation | ✅ | Agent OS — Approval Workflows |
| Rogue Agents | ✅ | Agent Runtime — Kill Switch |
→ Full OWASP compliance mapping with code examples
The ecosystem is growing — 3,000+ views, 9,400+ clones, and 1,278 unique developers in the last 14 days alone. Traffic from Medium, Reddit, LinkedIn, Google, and even ChatGPT.
We welcome contributions! See our Contributing Guide for details.
For component-specific contributions, see:
MIT — see LICENSE for details.
github.com/microsoft/agent-governance-toolkit · Documentation · GitHub
Building the governance layer for the agentic era