feat: content/knowledge quality governance (beyond runtime security)

[imran-siddique]

Summary

AGT covers runtime security (prompt injection, memory guard, MCP scanning) but has no content/knowledge quality governance. Runtime governance answers whether agent behavior is safe. Content governance answers whether agent output is accurate, well-structured, and meets quality standards.

What's Missing

• Output quality evaluation for skills/agents
• Knowledge asset governance (accuracy, freshness, completeness)
• Content quality scoring model (separate from trust tiers)
• Skill output validation against quality rubrics

Context

A complete governance story needs both runtime security and content quality. AGT handles runtime behavior control well. Content governance (output quality, knowledge curation, documentation standards) is the complementary layer.

[imran-siddique]

Implemented in PR #739. New modules: content_governance.py, github_enterprise.py, quality_scoring.py, org-scoped marketplace policies, per-org MCP policies.