Submission: microsoft/agent-framework#4440 Status: ✅ Implemented (Level 1) — Middleware adapter with 18 passing tests. Awaiting MAF team for Level 2/3. Type: Feature proposal (3-level integration) Sponsor: Patrick Chanezon (VP DevRel) — "+@ShawnHenry to integrate with MAF before you ship this." Date Submitted: March 3, 2026
As part of the OSS approval for microsoft/agent-governance-toolkit, VP Developer Relations Patrick Chanezon specifically requested MAF integration before public release:
"+@Shawn Henry to integrate with MAF before you ship this."
This document outlines the existing integration and proposed deeper collaboration.
Three middleware classes that plug directly into Agent Framework's middleware pipeline:
- Hook:
process()— intercepts before agent execution - Capabilities: Token limits, rate limiting, blocked patterns (regex/glob), content safety
- OWASP: Mitigates ASI-01 (Agent Hijacking), ASI-02 (Excessive Capabilities)
- Hook:
process()— blocks unauthorized tool calls - Capabilities: Tool-level allow/deny lists, capability sandboxing
- OWASP: Mitigates ASI-02 (Excessive Capabilities), ASI-06 (Confused Deputy)
- Hook:
process()— validates agent responses - Capabilities: PII detection, output length limits, blocked output patterns
- OWASP: Mitigates ASI-05 (Insecure Output)
Configures all three middleware with a single policy object:
from agent_os.integrations.maf_adapter import maf_govern
kernel = maf_govern(agent, policy="policy.yaml")
result = await kernel.invoke(task)18 tests passing covering:
- Policy enforcement (token limits, rate limiting, blocked patterns)
- Capability guards (tool allow/deny, unknown tool blocking)
- Output validation (PII detection, length limits)
- Goal drift detection
- Middleware chaining and error handling
- Add Agent Governance Toolkit to Agent Framework's ecosystem/integrations docs
- Show how governance middleware slots into existing middleware pipeline
- Effort: 1-2 days
- Owner: Agent Governance Toolkit team
- Contribute a governance sample to Agent-Framework-Samples
- End-to-end example: policy YAML → middleware → agent with audit trail
- Effort: 1 week
- Owner: Joint (Agent Governance + MAF team)
- Governance middleware as an optional package (
agent-framework[governance]) - Policy schema validation integrated with Agent Framework's config system
- Built-in OWASP Agentic Top 10 compliance checks
- Effort: 2-4 weeks
- Owner: Joint (requires MAF team architecture guidance)
- Enterprise readiness — Customers need governance before deploying agents in production. This makes MAF enterprise-ready out of the box.
- OWASP coverage — The middleware covers 10/10 OWASP Agentic Top 10 risks at the framework level.
- VP-approved OSS — This project has been approved for open-source release under microsoft/ org by VP Developer Relations.
- Standards alignment — Active proposals at AAIF, LF AI, CoSAI WS4, and OWASP for governance standards.
| File | Location |
|---|---|
| MAF Adapter | packages/agent-os/src/agent_os/integrations/maf_adapter.py |
| MAF Tests | packages/agent-os/tests/test_maf_adapter.py (18/18 passing) |
| README | MAF listed as primary integration in toolkit README |
| Stakeholder | Action | Link |
|---|---|---|
| Marco Casalaina | Foundry governance integration | Pending discussion |
| Chris DiBona / Caitie | AAIF project candidacy | docs/AAIF-PROPOSAL.md |
| Shawn Henry | MAF integration (this document) | microsoft/agent-framework#4440 |
- Await MAF team response on preferred integration approach
- Submit governance sample to Agent-Framework-Samples
- Coordinate with Shawn Henry per VP's direction
- Iterate on middleware API based on MAF team feedback