docs: update framework star counts to current values

.github/workflows/link-check.yml

@@ -0,0 +1,26 @@
+# Checks all Markdown files for broken links (internal and external).
+# Uses lychee (https://github.com/lycheeverse/lychee) with configuration
+# from .lychee.toml at the repository root.
+
+name: Link Check
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  link-check:
+    name: Check Markdown links
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0
+        with:
+          args: >-
+            --no-progress
+            '**/*.md'
+          fail: true

.github/workflows/scorecard.yml

@@ -6,12 +6,9 @@ on:
   schedule:
     - cron: "15 7 * * 1"
 
-# Minimum permissions required by OpenSSF Scorecard
-permissions:
-  security-events: write
-  id-token: write
-  contents: read
-  actions: read
+# Workflow-level permissions must be read-only for Scorecard verification.
+# Write permissions are scoped to the job level below.
+permissions: read-all
 
 jobs:
   analysis:

.lychee.toml

@@ -0,0 +1,41 @@
+# Configuration for lychee link checker
+# https://lychee.cli.rs/configuration/
+
+# General settings
+max_concurrency = 32
+timeout = 30
+max_retries = 3
+retry_wait = 5
+
+# Accept these HTTP status codes as valid
+accept = [200, 429]
+
+# Exclude patterns for known false positives
+exclude = [
+    # Placeholder / example URLs
+    "example\\.com",
+    "example\\.org",
+    "example\\.net",
+
+    # Localhost and private networks
+    "localhost",
+    "127\\.0\\.0\\.1",
+    "0\\.0\\.0\\.0",
+
+    # npm registry (frequently rate-limits CI)
+    "npmjs\\.com",
+
+    # PyPI (frequently rate-limits CI)
+    "pypi\\.org/project",
+
+    # Microsoft login / auth endpoints (require authentication)
+    "login\\.microsoftonline\\.com",
+    "portal\\.azure\\.com",
+
+    # GitHub special URLs that require authentication or don't resolve in CI
+    "github\\.com/.*/compare/",
+    "github\\.com/.*/releases/new",
+]
+
+# Exclude email addresses from checking
+exclude_mail = true

README.md

@@ -244,17 +244,17 @@ Works with **12+ agent frameworks** including:
 
 | Framework | Stars | Integration |
 |-----------|-------|-------------|
-| [**Microsoft Agent Framework**](https://github.com/microsoft/agent-framework) | 7.6K+ ⭐ | **Native Middleware** |
-| [**Semantic Kernel**](https://github.com/microsoft/semantic-kernel) | 24K+ ⭐ | **Native (.NET + Python)** |
-| [Dify](https://github.com/langgenius/dify) | 65K+ ⭐ | Plugin |
+| [**Microsoft Agent Framework**](https://github.com/microsoft/agent-framework) | 8K+ ⭐ | **Native Middleware** |
+| [**Semantic Kernel**](https://github.com/microsoft/semantic-kernel) | 27K+ ⭐ | **Native (.NET + Python)** |
+| [Dify](https://github.com/langgenius/dify) | 133K+ ⭐ | Plugin |
+| [Microsoft AutoGen](https://github.com/microsoft/autogen) | 55K+ ⭐ | Adapter |
 | [LlamaIndex](https://github.com/run-llama/llama_index) | 47K+ ⭐ | Middleware |
-| [LangGraph](https://github.com/langchain-ai/langgraph) | 24K+ ⭐ | Adapter |
-| [Microsoft AutoGen](https://github.com/microsoft/autogen) | 42K+ ⭐ | Adapter |
-| [CrewAI](https://github.com/crewAIInc/crewAI) | 28K+ ⭐ | Adapter |
+| [CrewAI](https://github.com/crewAIInc/crewAI) | 46K+ ⭐ | Adapter |
+| [LangGraph](https://github.com/langchain-ai/langgraph) | 27K+ ⭐ | Adapter |
+| [Haystack](https://github.com/deepset-ai/haystack) | 24K+ ⭐ | Pipeline |
+| [OpenAI Agents SDK](https://github.com/openai/openai-agents-python) | 20K+ ⭐ | Middleware |
+| [Google ADK](https://github.com/google/adk-python) | 18K+ ⭐ | Adapter |
 | [Azure AI Foundry](https://learn.microsoft.com/azure/ai-studio/) | — | Deployment Guide |
-| [OpenAI Agents SDK](https://github.com/openai/openai-agents-python) | — | Middleware |
-| [Google ADK](https://github.com/google/adk-python) | — | Adapter |
-| [Haystack](https://github.com/deepset-ai/haystack) | 22K+ ⭐ | Pipeline |
 
 ## OWASP Agentic Top 10 Coverage
 
@@ -271,6 +271,18 @@ Works with **12+ agent frameworks** including:
 | Human-Agent Trust Deficit | ASI-09 | ✅ Full audit trails + flight recorder |
 | Rogue Agents | ASI-10 | ✅ Kill switch + ring isolation + behavioral anomaly detection |
 
+Full mapping with implementation details and test evidence: **[OWASP-COMPLIANCE.md](docs/OWASP-COMPLIANCE.md)**
+
+### Regulatory Alignment
+
+| Regulation | Deadline | AGT Coverage |
+|------------|----------|-------------|
+| EU AI Act — High-Risk AI (Annex III) | August 2, 2026 | Audit trails (Art. 12), risk management (Art. 9), human oversight (Art. 14) |
+| Colorado AI Act (SB 24-205) | June 30, 2026 | Risk assessments, human oversight mechanisms, consumer disclosures |
+| EU AI Act — GPAI Obligations | Active | Transparency, copyright policies, systemic risk assessment |
+
+AGT provides **runtime governance** — what agents are allowed to do. For **data governance** and regulator-facing evidence export, see [Microsoft Purview DSPM for AI](https://learn.microsoft.com/purview/ai-microsoft-purview) as a complementary layer.
+
 ## Performance
 
 Governance adds **< 0.1 ms per action** — roughly 10,000× faster than an LLM API call.

docs/deployment/azure-foundry-agent-service.md

@@ -82,7 +82,7 @@ Each middleware works independently. Use any combination based on your requireme
 pip install agent-governance-toolkit[full]
 
 # Or install individual packages
-pip install agent-os agentmesh agent-sre
+pip install agent-os-kernel agentmesh-platform agent-sre
 ```
 
 ---

docs/tutorials/06-execution-sandboxing.md

@@ -55,7 +55,7 @@ layers of defense:
 
 - Python ≥ 3.11
 - `pip install agent-runtime` (v2.0.2+)
-- For capability guards: `pip install agent-os`
+- For capability guards: `pip install agent-os-kernel`
 
 ---
 

packages/agent-compliance/docs/submissions/adversa-mcp-security-submission.md

@@ -88,7 +88,7 @@ Identifies malicious schema patterns:
 
 ```bash
 # Install
-pip install agent-os
+pip install agent-os-kernel
 
 # Scan an MCP configuration file
 mcp-scan scan mcp-config.json

packages/agent-compliance/docs/submissions/owasp-genai-implementation-guide.md

@@ -11,7 +11,7 @@ The stack consists of four components:
 
 | Component | Role | Install |
 |---|---|---|
-| **Agent OS** | Governance kernel — policy, sandbox, memory, MCP security | `pip install agent-os` |
+| **Agent OS** | Governance kernel — policy, sandbox, memory, MCP security | `pip install agent-os-kernel` |
 | **AgentMesh** | Identity & trust — DIDs, SPIFFE, handshake, reputation | `pip install agentmesh` |
 | **Agent SRE** | Observability — SLOs, anomaly detection, chaos, OpenTelemetry | `pip install agent-sre` |
 | **Agent Runtime** | Runtime control — kill switch, execution rings, saga rollback | `pip install agent-runtime` |
@@ -1044,7 +1044,7 @@ This implementation guide is a community contribution to the OWASP GenAI project
 To reproduce the examples, install the stack:
 
 ```bash
-pip install agent-os agentmesh agent-sre agent-runtime
+pip install agent-os-kernel agentmesh-platform agent-sre agent-runtime
 ```
 
 All source code is available under the MIT license. PRs and issues welcome at

packages/agent-os/docs/index.md

@@ -59,7 +59,7 @@ Learn by doing with our Jupyter notebooks:
 
 ```bash
 # Core package
-pip install agent-os
+pip install agent-os-kernel
 
 # With all features
 pip install agent-os-kernel[full]

packages/agent-os/docs/troubleshooting.md

@@ -43,7 +43,7 @@ Common issues and solutions for Agent OS.
 
 2. **Install in the correct environment:**
    ```bash
-   python -m pip install agent-os
+   python -m pip install agent-os-kernel
    ```
 
 ### Import errors with optional dependencies

packages/agent-os/docs/tutorials/getting-started.md

@@ -10,7 +10,7 @@
 ## Step 1: Install (30 seconds)
 
 ```bash
-pip install agent-os
+pip install agent-os-kernel
 ```
 
 ## Step 2: Create Your First Agent (2 minutes)

packages/agent-os/docs/tutorials/vscode-extension.md

@@ -509,7 +509,7 @@ jobs:
           python-version: '3.11'
 
       - name: Install AgentOS
-        run: pip install agent-os
+        run: pip install agent-os-kernel
 
       - name: Run Policy Validation
         run: agent-os validate --policy policies/ --strict

packages/agent-os/docs/unified-vision.md

@@ -336,7 +336,7 @@ spec:
 ### Step 1: Start with Agent OS
 
 ```bash
-pip install agent-os
+pip install agent-os-kernel
 ```
 
 ```python

packages/agent-os/examples/crewai-safe-mode/crewai_safe_mode.py

@@ -15,7 +15,7 @@
 4. Your data stays safe ✓
 
 Run:
-    pip install agent-os crewai
+    pip install agent-os-kernel crewai
     python crewai_safe_mode.py
 
 Perfect for recording a 15-second GIF showing "Access Denied"!

packages/agent-os/examples/crewai-safe-mode/langchain_safe_mode.py

@@ -15,7 +15,7 @@
 4. Your data stays safe ✓
 
 Run:
-    pip install agent-os langchain
+    pip install agent-os-kernel langchain
     python langchain_safe_mode.py
 
 For PyPI package: pip install langchain-agent-os

packages/agent-os/examples/customer-service/requirements.txt

@@ -9,8 +9,10 @@ openai>=1.0.0
 anthropic>=0.18.0
 
 # Ticket systems
-zendesk-sdk>=1.0.0
-freshdesk-sdk>=2.0.0
+# zendesk-sdk is NOT on PyPI — use 'zenpy' for the Zendesk API client
+zenpy>=2.0.0
+# freshdesk-sdk is NOT on PyPI — use 'freshdesk' for the Freshdesk API client
+freshdesk>=0.1.0
 
 # Knowledge base
 pinecone-client>=3.0.0

packages/agent-os/examples/healthcare-hipaa/requirements.txt

@@ -29,7 +29,8 @@ structlog>=24.1.0
 python-json-logger>=2.0.0
 
 # Compliance
-hashlib-compat>=1.0.0
+# hashlib-compat is NOT a real package — hashlib is part of Python's standard library
+# and requires no installation. Remove this line.
 
 # Monitoring
 prometheus-client>=0.19.0

packages/agent-os/examples/hello-world/README.md

@@ -12,7 +12,7 @@ The simplest possible Agent OS example.
 
 ```bash
 # Install
-pip install agent-os
+pip install agent-os-kernel
 
 # Run
 python agent.py

packages/agent-os/examples/integrations/governance_quickstart.py

@@ -7,7 +7,7 @@
 audit trails) to every major agent framework with a unified API.
 
 Usage:
-    pip install agent-os
+    pip install agent-os-kernel
     python governance_quickstart.py
 """
 

packages/agent-os/extensions/copilot/src/agentGenerator.ts

@@ -687,7 +687,7 @@ jobs:
 
       - name: Install dependencies
         run: |
-          pip install agent-os
+          pip install agent-os-kernel
           pip install -r requirements.txt
 
       - name: Run Agent

packages/agent-os/extensions/copilot/src/githubIntegration.ts

@@ -199,7 +199,7 @@ jobs:
 
       - name: Install Agent OS
         run: |
-          pip install agent-os
+          pip install agent-os-kernel
           pip install -r requirements.txt || true
 
       - name: Validate policies
@@ -270,7 +270,7 @@ jobs:
           python-version: '3.11'
       - name: Run tests
         run: |
-          pip install agent-os pytest
+          pip install agent-os-kernel pytest
           pytest tests/test_${this.toSnakeCase(spec.name)}.py -v
 
   security-scan:
@@ -279,7 +279,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Security scan
         run: |
-          pip install agent-os
+          pip install agent-os-kernel
           agentos check agents/${this.toSnakeCase(spec.name)}.py --security
 
   deploy-staging:
@@ -465,7 +465,7 @@ gh workflow run ${this.toKebabCase(spec.name)}.yml
 ### Local Development
 \`\`\`bash
 # Install dependencies
-pip install agent-os
+pip install agent-os-kernel
 
 # Run locally
 python agents/${this.toSnakeCase(spec.name)}.py

packages/agent-os/extensions/vscode/src/enterprise/integration/cicdIntegration.ts

@@ -61,7 +61,7 @@ jobs:
           python-version: '3.11'
 
       - name: Install Agent OS
-        run: pip install agent-os
+        run: pip install agent-os-kernel
 
       - name: Run Policy Validation
         run: |
@@ -89,7 +89,7 @@ agent-os-check:
   stage: security
   image: python:3.11
   before_script:
-    - pip install agent-os
+    - pip install agent-os-kernel
   script:
     - agentos check --format json --output agent-os-report.json
     - agentos check --fail-on-violation
@@ -119,7 +119,7 @@ steps:
       versionSpec: '3.11'
 
   - script: |
-      pip install agent-os
+      pip install agent-os-kernel
     displayName: 'Install Agent OS'
 
   - script: |
@@ -147,7 +147,7 @@ steps:
     stages {
         stage('Setup') {
             steps {
-                sh 'pip install agent-os'
+                sh 'pip install agent-os-kernel'
             }
         }
 
@@ -189,7 +189,7 @@ jobs:
       - checkout
       - run:
           name: Install Agent OS
-          command: pip install agent-os
+          command: pip install agent-os-kernel
       - run:
           name: Run Security Check
           command: |