fix: remove trailing whitespace from agent-os source files

[imran-siddique]

Fixes last CI failure: lint agent-os - 96 W293 trailing whitespace errors auto-fixed with ruff.

[github-actions]

🤖 AI Agent: docs-sync-checker — Issues Found

📝 Documentation Sync Report

Issues Found

• ❌ get_effective_policy() in packages/agent-marketplace/src/agent_marketplace/marketplace_policy.py — missing docstring
• ❌ get_effective_mcp_policy() in packages/agent-marketplace/src/agent_marketplace/marketplace_policy.py — missing docstring
• ❌ list_for_organization() in packages/agent-marketplace/src/agent_marketplace/registry.py — missing docstring
• ❌ QualityStore.record_score() in packages/agent-marketplace/src/agent_marketplace/quality_scoring.py — missing docstring
• ❌ QualityStore.get_profile() in packages/agent-marketplace/src/agent_marketplace/quality_scoring.py — missing docstring
• ❌ QualityStore.get_badge() in packages/agent-marketplace/src/agent_marketplace/quality_scoring.py — missing docstring
• ⚠️ packages/agent-marketplace/README.md — No mention of new organization field in PluginManifest or the OrgMarketplacePolicy and QualityStore features.
• ⚠️ CHANGELOG.md — No entry for the addition of OrgMarketplacePolicy, QualityStore, and related methods.

Suggestions

• 💡 Add docstring for get_effective_policy(self, organization: str | None = None) -> MarketplacePolicy in marketplace_policy.py to explain its purpose, parameters, return value, and exceptions.
• 💡 Add docstring for get_effective_mcp_policy(self, organization: str | None = None) -> MCPServerPolicy in marketplace_policy.py to explain its purpose, parameters, return value, and exceptions.
• 💡 Add docstring for list_for_organization(self, organization: str) -> list[PluginManifest] in registry.py to explain its purpose, parameters, return value, and exceptions.
• 💡 Add docstring for QualityStore.record_score(self, plugin_name: str, plugin_version: str, score: QualityScore) -> None in quality_scoring.py to explain its purpose, parameters, and exceptions.
• 💡 Add docstring for QualityStore.get_profile(self, plugin_name: str, plugin_version: str) -> PluginQualityProfile | None in quality_scoring.py to explain its purpose, parameters, return value, and exceptions.
• 💡 Add docstring for QualityStore.get_badge(self, plugin_name: str, plugin_version: str) -> QualityBadge in quality_scoring.py to explain its purpose, parameters, return value, and exceptions.
• 💡 Update packages/agent-marketplace/README.md to include:
  • Details about the new organization field in PluginManifest.
  • Explanation of OrgMarketplacePolicy and its usage.
  • Description of the QualityStore and its methods for quality scoring.
• 💡 Add a new entry in CHANGELOG.md summarizing the following changes:
  • Addition of OrgMarketplacePolicy and its integration into MarketplacePolicy.
  • Introduction of QualityStore and related classes (QualityScore, PluginQualityProfile, etc.).
  • New methods in PluginRegistry and MarketplacePolicy for organization-specific behavior.

Type Hints

• ✅ All new public APIs have complete type annotations.

Example Code

• ⚠️ No updates were made to examples/. If organization-related features or quality scoring are intended for public use, consider adding examples demonstrating their usage.

---

Summary

The PR introduces significant new functionality (organization-scoped policies, quality scoring) but lacks corresponding updates to documentation and examples. Addressing the issues above will ensure the repository remains well-documented and user-friendly.

[github-actions]

🤖 AI Agent: breaking-change-detector — Summary

🔍 API Compatibility Report

Summary

The recent changes in the microsoft/agent-governance-toolkit repository introduce several new public APIs and modifications to existing classes and methods. Notably, new classes and methods were added, and some existing methods were modified to accommodate organization-specific policies. However, there are no breaking changes that would affect existing users of the API.

Findings

Severity	Package	Change	Impact
🔵	agent-marketplace	New class OrgMarketplacePolicy added	Provides organization-specific marketplace policies.
🔵	agent-marketplace	New class QualityScore added	Represents quality assessment for plugins.
🔵	agent-marketplace	New class PluginQualityProfile added	Aggregates quality scores for plugins.
🔵	agent-marketplace	New method list_for_organization() added to PluginRegistry	Lists plugins visible to a specific organization.
🔵	agent-marketplace	New method get_effective_policy() added to MarketplacePolicy	Resolves effective policy for an organization.
🔵	agent-marketplace	New method get_effective_mcp_policy() added to MarketplacePolicy	Retrieves effective MCP server policy for an organization.
🟡	agent-marketplace	evaluate_plugin_compliance() now accepts an optional organization parameter	Changes behavior based on organization context.
🟡	agent-marketplace	PluginManifest class now includes an optional organization field	Allows specifying the owning organization for plugins.

Migration Guide

Since there are no breaking changes, existing users can continue to use the API without modification. However, users may want to explore the new features and methods introduced for organization-specific policies and quality scoring to enhance their implementations.

[github-actions]

🤖 AI Agent: code-reviewer

Pull Request Review: fix: remove trailing whitespace from agent-os source files

---

Summary

This pull request addresses the removal of trailing whitespace errors in the agent-os package and introduces several new features and enhancements, including:

1. Org-scoped Marketplace Policies:

   • Addition of OrgMarketplacePolicy for organization-specific overrides.
   • Enhanced MarketplacePolicy to support organization-specific policies and MCP server overrides.

2. Plugin Quality Scoring:

   • Introduction of QualityScore, PluginQualityProfile, and QualityStore for assessing and storing plugin quality metrics.

3. Backward Compatibility:

   • Ensures compatibility with legacy manifests that lack the organization field.

4. Tests:

   • Comprehensive tests for new features, including organization-scoped policies, plugin listing, and quality scoring.

---

Key Areas of Focus

🔴 CRITICAL: Security Issues

1. Policy Engine Correctness:

   • The get_effective_policy and get_effective_mcp_policy methods correctly merge base and organization-specific policies. However, ensure that organization overrides cannot weaken security (e.g., by allowing plugins or servers blocked at the enterprise level). This is partially addressed, but the logic for merging allowed_plugin_types and allowed servers should be reviewed for edge cases.
   • Action: Add explicit tests for scenarios where an organization attempts to override enterprise-level restrictions (e.g., unblocking a blocked server or allowing a disallowed plugin type).

2. Trust/Identity:

   • The PluginManifest.signature field is optional. This could allow unsigned plugins to bypass compliance checks if require_signature is not enforced.
   • Action: Ensure that the evaluate_plugin_compliance function explicitly checks for the presence of a signature when require_signature is True. Add tests for unsigned plugins.

3. Sandbox Escape Vectors:

   • No immediate concerns identified. However, ensure that any user-provided data (e.g., organization names, plugin manifests) is sanitized before use.

🟡 WARNING: Potential Breaking Changes

1. Backward Compatibility:

   • The addition of the organization field to PluginManifest is backward-compatible, as the field is optional. However, ensure that all existing code paths handle the absence of this field gracefully.
   • Action: Add more tests for scenarios where organization is None to confirm backward compatibility.

2. Public API Changes:

   • The PluginRegistry.register method now accepts an optional organization parameter. This could break existing code if the method signature is used in overridden subclasses.
   • Action: Document this change clearly in the release notes and consider marking it as a breaking change.

💡 Suggestions for Improvement

1. Type Safety:

   • The get_effective_policy and get_effective_mcp_policy methods return a new MarketplacePolicy object. Consider using copy() or a similar mechanism to ensure immutability of the original policy.
   • Use Literal types for fields like mode in MCPServerPolicy to enforce stricter type safety.

2. Code Readability:

   • The get_effective_mcp_policy method has nested logic for merging policies. Refactor this into helper methods to improve readability and maintainability.

3. Performance:

   • The list_for_organization method iterates over all plugins to filter by organization. For large registries, this could become a bottleneck.
   • Action: Consider indexing plugins by organization to optimize lookups.

4. Documentation:

   • Update the documentation to reflect the new organization field and its implications for plugin visibility and policy enforcement.
   • Provide examples of how to use the new QualityStore and PluginQualityProfile classes.

5. Testing:

   • Add tests for edge cases in policy merging, such as conflicting overrides or invalid configurations.
   • Test the behavior of QualityStore under concurrent access to ensure thread safety.

---

Final Assessment

• The pull request introduces valuable features and addresses trailing whitespace issues.
• While the changes are well-structured and tested, there are critical areas that require additional scrutiny to ensure security and backward compatibility.
• Address the flagged issues and suggestions before merging.

---

Action Items

1. Security:

   • Add tests for edge cases in policy merging and compliance checks.
   • Ensure that unsigned plugins cannot bypass require_signature policies.

2. Backward Compatibility:

   • Confirm that all code paths handle the absence of the organization field gracefully.

3. Documentation:

   • Update documentation to reflect new features and API changes.

4. Testing:

   • Add tests for thread safety in QualityStore.
   • Expand test coverage for edge cases in policy merging and compliance evaluation.

5. Code Quality:

   • Refactor complex methods for better readability and maintainability.

---

Let me know if you need further clarification or assistance!

[github-actions]

🤖 AI Agent: test-generator — `packages/agent-marketplace/src/agent_marketplace/__init__.py`

🧪 Test Coverage Analysis

packages/agent-marketplace/src/agent_marketplace/__init__.py

• ✅ Existing coverage: The file primarily re-exports classes and functions from other modules. Coverage is indirectly provided by tests for the imported modules.
• ❌ Missing coverage: No direct tests for the __all__ exports to ensure all expected symbols are included.
• 💡 Suggested test cases:
  1. test_init_exports — Verify that all expected symbols (e.g., OrgMarketplacePolicy, QualityBadge, etc.) are included in the __all__ list.

---

packages/agent-marketplace/src/agent_marketplace/manifest.py

• ✅ Existing coverage: Tests for PluginManifest already exist, including validation of the new organization field and backward compatibility with older manifests.
• ❌ Missing coverage: Edge cases for the organization field, such as invalid values or excessively long strings.
• 💡 Suggested test cases:
  1. test_manifest_invalid_organization — Validate that invalid organization names (e.g., empty strings, special characters) are rejected.
  2. test_manifest_long_organization — Validate behavior when the organization field exceeds a reasonable length (e.g., 256 characters).

---

packages/agent-marketplace/src/agent_marketplace/marketplace_policy.py

• ✅ Existing coverage: Tests for OrgMarketplacePolicy and MarketplacePolicy.get_effective_policy cover basic functionality, including merging of plugin types and MCP server policies.
• ❌ Missing coverage:
  • Boundary conditions for get_effective_policy and get_effective_mcp_policy, such as empty or conflicting policies.
  • Scenarios where org_policies or org_mcp_policies contain invalid or unexpected data.
• 💡 Suggested test cases:
  1. test_effective_policy_empty_org_policy — Verify behavior when org_policies is empty or missing.
  2. test_effective_policy_conflicting_mcp_modes — Test how get_effective_mcp_policy handles conflicting blocklist and allowlist modes between base and org policies.
  3. test_effective_policy_invalid_org_name — Ensure invalid organization names (e.g., None, empty strings) are handled gracefully.

---

packages/agent-marketplace/src/agent_marketplace/quality_scoring.py

• ✅ Existing coverage: Tests for QualityScore, PluginQualityProfile, and QualityStore cover basic functionality, including scoring, badge assignment, and profile retrieval.
• ❌ Missing coverage:
  • Edge cases for QualityScore (e.g., scores outside the valid range of 0.0–1.0).
  • Concurrency scenarios for QualityStore (e.g., simultaneous updates to the same plugin profile).
• 💡 Suggested test cases:
  1. test_quality_score_out_of_range — Validate that scores below 0.0 or above 1.0 are rejected.
  2. test_quality_store_concurrent_updates — Simulate concurrent updates to a plugin's quality profile and verify consistency.
  3. test_quality_store_missing_profile — Ensure get_profile and get_badge handle missing profiles gracefully.

---

packages/agent-marketplace/src/agent_marketplace/registry.py

• ✅ Existing coverage: Tests for PluginRegistry include basic registration, listing, and organization-specific visibility rules.
• ❌ Missing coverage:
  • Edge cases for list_for_organization, such as plugins with invalid or missing organization fields.
  • Scenarios where multiple organizations have overlapping policies or plugins.
• 💡 Suggested test cases:
  1. test_registry_list_invalid_organization — Verify behavior when list_for_organization is called with invalid or empty organization names.
  2. test_registry_list_overlapping_org_plugins — Test visibility rules when multiple organizations have plugins with the same name but different versions.

---

packages/agent-os/src/agent_os/cli/__init__.py

• ✅ Existing coverage: This file likely serves as an entry point for CLI commands. Coverage is indirectly provided by tests for individual CLI commands.
• ❌ Missing coverage: No direct tests for the __all__ exports.
• 💡 Suggested test cases:
  1. test_cli_init_exports — Verify that all expected CLI commands are included in the __all__ list.

---

packages/agent-os/src/agent_os/cli/mcp_scan.py

• ✅ Existing coverage: Not enough information to determine specific coverage for this file.
• ❌ Missing coverage:
  • Input validation for CLI arguments.
  • Handling of edge cases, such as empty or malformed MCP server lists.
• 💡 Suggested test cases:
  1. test_mcp_scan_empty_input — Verify behavior when no MCP servers are provided.
  2. test_mcp_scan_malformed_input — Test handling of malformed or invalid MCP server inputs.

---

packages/agent-os/src/agent_os/content_governance.py

• ✅ Existing coverage: Not enough information to determine specific coverage for this file.
• ❌ Missing coverage:
  • Policy evaluation edge cases, such as conflicting or overlapping policies.
  • Handling of invalid or unexpected content types.
• 💡 Suggested test cases:
  1. test_content_governance_conflicting_policies — Verify behavior when conflicting policies are applied to the same content.
  2. test_content_governance_invalid_content — Test handling of invalid or unsupported content types.

---

packages/agent-os/src/agent_os/github_enterprise.py

• ✅ Existing coverage: Not enough information to determine specific coverage for this file.
• ❌ Missing coverage:
  • Authentication failures when connecting to GitHub Enterprise.
  • Handling of rate-limiting or API errors.
• 💡 Suggested test cases:
  1. test_github_enterprise_auth_failure — Verify behavior when authentication fails.
  2. test_github_enterprise_rate_limit — Simulate rate-limiting responses from the GitHub API and verify retry logic.

---

packages/agent-os/src/agent_os/integrations/crewai_adapter.py

• ✅ Existing coverage: Not enough information to determine specific coverage for this file.
• ❌ Missing coverage:
  • Input validation for integration-specific parameters.
  • Handling of partial or failed responses from the CrewAI API.
• 💡 Suggested test cases:
  1. test_crewai_adapter_invalid_input — Verify behavior when invalid parameters are passed to the adapter.
  2. test_crewai_adapter_partial_response — Simulate a partial response from the CrewAI API and verify error handling.

---

packages/agent-os/src/agent_os/integrations/google_adk_adapter.py

• ✅ Existing coverage: Not enough information to determine specific coverage for this file.
• ❌ Missing coverage:
  • Authentication and authorization errors when interacting with Google ADK.
  • Handling of API rate limits or timeouts.
• 💡 Suggested test cases:
  1. test_google_adk_auth_error — Simulate an authentication error and verify error handling.
  2. test_google_adk_api_timeout — Test behavior when the Google ADK API times out.

---

packages/agent-os/src/agent_os/integrations/guardrails_adapter.py

• ✅ Existing coverage: Not enough information to determine specific coverage for this file.
• ❌ Missing coverage:
  • Validation of guardrail configurations.
  • Handling of invalid or missing guardrail definitions.
• 💡 Suggested test cases:
  1. test_guardrails_adapter_invalid_config — Verify behavior when an invalid guardrail configuration is provided.
  2. test_guardrails_adapter_missing_definition — Test handling of missing guardrail definitions.

---

packages/agent-os/src/agent_os/integrations/smolagents_adapter.py

• ✅ Existing coverage: Not enough information to determine specific coverage for this file.
• ❌ Missing coverage:
  • Handling of malformed inputs or unsupported operations.
  • Concurrency scenarios when multiple agents interact simultaneously.
• 💡 Suggested test cases:
  1. test_smolagents_adapter_malformed_input — Verify behavior when malformed input is provided to the adapter.
  2. test_smolagents_adapter_concurrent_requests — Simulate concurrent requests to the adapter and verify thread safety.

---

packages/agent-os/src/agent_os/policies/cli.py

• ✅ Existing coverage: Not enough information to determine specific coverage for this file.
• ❌ Missing coverage:
  • Validation of CLI arguments for policy-related commands.
  • Handling of invalid or conflicting policy definitions.
• 💡 Suggested test cases:
  1. test_policies_cli_invalid_args — Verify behavior when invalid arguments are passed to the CLI.
  2. test_policies_cli_conflicting_policies — Test handling of conflicting policy definitions provided via the CLI.

---

Summary

The changes introduce new functionality, such as organization-scoped marketplace policies, quality scoring, and extended plugin registration features. While some of these are already covered by the new tests in test_org_marketplace.py, there are still gaps in edge case testing, concurrency handling, and input validation. The suggested test cases aim to address these gaps and improve overall test coverage.

[github-actions]

🤖 AI Agent: security-scanner — Security Review Summary

Security Review Summary

This pull request introduces several changes to the microsoft/agent-governance-toolkit repository, including the addition of organization-scoped marketplace policies, quality scoring for plugins, and various enhancements to the PluginManifest and PluginRegistry components. While the changes appear to address feature requests and improve functionality, they also introduce potential security risks that must be carefully analyzed.

---

Findings

1. Policy Engine Circumvention via get_effective_policy

• Severity: 🔴 CRITICAL
• Issue: The get_effective_policy method in MarketplacePolicy merges organization-specific policies (OrgMarketplacePolicy) with the base policy. However, there is no validation to ensure that the merged policy adheres to the original security constraints of the base policy. For example:
  • An organization could potentially add unrestricted plugin types to the allowed_plugin_types list, bypassing enterprise-level restrictions.
  • The mcp_server_overrides field in OrgMarketplacePolicy could override critical MCP server restrictions without proper validation.
• Attack Vector: A malicious actor could exploit this by registering an organization-specific policy that weakens the global security posture, allowing unauthorized plugins or servers to bypass compliance checks.
• Suggested Fix:
  • Add validation logic to ensure that organization-specific overrides cannot weaken the base policy. For example:
    • Ensure that additional_allowed_plugin_types only adds to the base policy and does not override or remove existing restrictions.
    • Validate mcp_server_overrides to ensure that it does not contradict or weaken the base MCPServerPolicy.
  • Add unit tests to verify that organization-specific policies cannot weaken the base policy.

---

2. Potential for Prompt Injection via evaluate_plugin_compliance

• Severity: 🟠 HIGH
• Issue: The evaluate_plugin_compliance function now accepts an optional organization parameter, which is used to fetch organization-specific policies. However, there is no validation of the organization parameter to ensure it is not maliciously crafted (e.g., SQL injection, path traversal, or other injection attacks).
• Attack Vector: An attacker could craft an organization string that manipulates the behavior of the get_effective_policy or get_effective_mcp_policy methods, potentially bypassing compliance checks or accessing unauthorized policies.
• Suggested Fix:
  • Validate the organization parameter to ensure it conforms to expected input (e.g., alphanumeric with optional dashes/underscores).
  • Use a whitelist or regex to enforce valid organization names.
  • Add tests to ensure that invalid or malicious organization inputs are rejected.

---

3. Trust Chain Weakness in OrgMarketplacePolicy

• Severity: 🟠 HIGH
• Issue: The OrgMarketplacePolicy class allows for mcp_server_overrides, which can override the base MCPServerPolicy. However, there is no mechanism to ensure that these overrides maintain the integrity of the trust chain (e.g., SPIFFE/SVID validation or certificate pinning).
• Attack Vector: A malicious organization could define an mcp_server_overrides policy that allows untrusted or compromised MCP servers, potentially enabling the execution of malicious plugins.
• Suggested Fix:
  • Implement strict validation for mcp_server_overrides to ensure that only trusted MCP servers are allowed.
  • Add a mechanism to enforce certificate validation (e.g., SPIFFE/SVID validation or certificate pinning) for all MCP servers, including organization-specific overrides.
  • Add tests to verify that untrusted MCP servers cannot be added via mcp_server_overrides.

---

4. Credential Exposure in QualityStore

• Severity: 🟡 MEDIUM
• Issue: The QualityStore class stores plugin quality profiles in an in-memory dictionary (_profiles). While this is acceptable for in-memory operations, there is no indication of how this data is persisted or secured when written to disk.
• Attack Vector: If the in-memory data is serialized and written to disk without proper encryption or access controls, it could expose sensitive information about plugin quality assessments.
• Suggested Fix:
  • Ensure that any persistence mechanism for QualityStore data uses encryption to protect sensitive information.
  • Add logging to track access to QualityStore data for auditing purposes.

---

5. Deserialization Risks in PluginManifest

• Severity: 🟡 MEDIUM
• Issue: The PluginManifest class uses Pydantic's BaseModel for deserialization. While Pydantic provides some level of validation, it does not inherently protect against malicious payloads (e.g., arbitrary code execution via deserialization attacks).
• Attack Vector: An attacker could craft a malicious payload that exploits deserialization vulnerabilities in Pydantic to execute arbitrary code or cause a denial of service.
• Suggested Fix:
  • Use a safe deserialization library or implement additional validation checks to ensure that deserialized data conforms to expected types and values.
  • Consider using a sandboxed environment for deserialization to mitigate the risk of arbitrary code execution.

---

6. Race Condition in evaluate_plugin_compliance

• Severity: 🟡 MEDIUM
• Issue: The evaluate_plugin_compliance function retrieves the effective MCP policy for an organization using get_effective_mcp_policy. However, there is no mechanism to prevent a Time-of-Check to Time-of-Use (TOCTOU) race condition where the policy could be modified between the time it is retrieved and the time it is applied.
• Attack Vector: An attacker with access to modify organization-specific policies could exploit this race condition to inject a malicious policy after the compliance check but before the policy is applied.
• Suggested Fix:
  • Implement a locking mechanism to ensure that the policy cannot be modified while it is being evaluated and applied.
  • Cache the effective policy at the time of evaluation and use the cached version for all subsequent operations.

---

Additional Observations

• Test Coverage: The PR includes extensive test coverage for the new features, which is a positive aspect. However, additional tests should be added to cover the suggested fixes for the identified issues.
• Code Quality: The code is well-structured and adheres to modern Python practices (e.g., type hints, Pydantic models, and dataclasses). However, the lack of validation and safeguards in critical areas poses significant security risks.

---

Summary of Findings

ID	Issue	Severity	Suggested Fix
1	Policy engine circumvention via get_effective_policy	🔴 CRITICAL	Add validation to prevent organization-specific policies from weakening security.
2	Potential for prompt injection via evaluate_plugin_compliance	🟠 HIGH	Validate organization parameter to prevent injection attacks.
3	Trust chain weakness in OrgMarketplacePolicy	🟠 HIGH	Enforce trust chain validation for mcp_server_overrides.
4	Credential exposure in QualityStore	🟡 MEDIUM	Ensure secure persistence (e.g., encryption) for QualityStore data.
5	Deserialization risks in PluginManifest	🟡 MEDIUM	Use safe deserialization practices and additional validation.
6	Race condition in evaluate_plugin_compliance	🟡 MEDIUM	Implement locking or caching to prevent TOCTOU issues.

---

Final Recommendation

This pull request introduces critical security risks that must be addressed before merging. Specifically, the issues related to policy engine circumvention, prompt injection, and trust chain weaknesses require immediate attention. The medium-severity issues should also be addressed to ensure the robustness of the system.