feat: implement issues #71-#77 governance enhancements#90
Merged
imran-siddique merged 2 commits intomainfrom Mar 7, 2026
Merged
feat: implement issues #71-#77 governance enhancements#90imran-siddique merged 2 commits intomainfrom
imran-siddique merged 2 commits intomainfrom
Conversation
#71 - Behavioral anomaly detection for rogue agents (ASI-10) - RogueAgentDetector with z-score tool call frequency analysis - Action entropy scoring for loop/erratic behavior detection - Capability profile deviation detection with auto-quarantine - 27 new tests in agent-sre #72 - External append-only audit trail integrity - AuditSink protocol with FileAuditSink backend - SignedAuditEntry with SHA-256 hashing and HMAC signatures - HashChainVerifier for tamper-evidence verification - AuditLog extended with optional external sink - 25 new tests in agent-mesh #73 - Deepen framework integrations beyond wrapper-level - LangChain: tool registry hooks, memory write interception, sub-agent spawn detection - CrewAI: task step interception, crew memory interception, delegation detection - AutoGen: function call pipeline hooks, GroupChat interception, state change tracking - 28 new tests in agent-os #74 - Policy-as-code CI/CD pipeline and schema validation - JSON Schema (draft-07) for policy YAML validation - CLI with validate, test, and diff commands - GitHub Actions workflow for policy PR validation - Pre-commit hook configuration - 25 new tests in agent-os #75 - Async concurrency safety guarantees - AsyncPolicyEvaluator with asyncio.Lock and RW lock pattern - AsyncTrustPolicyEvaluator for agent-mesh trust policies - Thread-safe sync evaluation, batch evaluation, policy reload - Concurrency stats tracking - 31 new tests in agent-os #76 - OpenTelemetry observability integration - GovernanceTracer with OTEL spans for policy/trust/signal/audit events - GovernanceMetrics with Prometheus counters/histograms/gauges - Grafana dashboard template with 6 governance panels - Graceful degradation when OTEL/Prometheus not installed - 16 new tests in agent-mesh #77 - SIGKILL process-level isolation - ProcessIsolationManager with real OS-level process isolation - AgentProcessHandle with true os.kill(SIGKILL) enforcement - IsolatedSignalDispatcher extending SignalDispatcher - Platform-aware (Unix SIGKILL / Windows TerminateProcess) - 31 new tests in control-plane Total: 183 new tests, 7128 lines added across 29 files. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-actions
bot
added
tests
agent-mesh
…xternal sink support Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
imran-siddique
added a commit
that referenced
this pull request
Mar 8, 2026
…ypdf - cryptography >=42.0.0 → >=46.0.5: Fix subgroup attack on SECT curves - langchain-core >=0.1.0 → >=1.2.11: Fix SSRF via image_url token counting - pypdf >=4.0.0 → >=6.0.0: Fix 14 DoS/infinite-loop/RAM-exhaustion vulns Closes Dependabot alerts #75-#90. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
imran-siddique
added a commit
that referenced
this pull request
Mar 8, 2026
…ypdf (#103) - cryptography >=42.0.0 → >=46.0.5: Fix subgroup attack on SECT curves - langchain-core >=0.1.0 → >=1.2.11: Fix SSRF via image_url token counting - pypdf >=4.0.0 → >=6.0.0: Fix 14 DoS/infinite-loop/RAM-exhaustion vulns Closes Dependabot alerts #75-#90. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements all 7 open issues (#71-#77) for the agent-governance-toolkit.
Issues Addressed
Key Highlights
Testing
\\�ash
All new tests
pytest packages/agent-sre/tests/unit/test_rogue_detector.py # 27 passed
pytest packages/agent-mesh/tests/governance/test_audit_backends.py # 25 passed
pytest packages/agent-os/tests/test_deep_integrations.py # 28 passed
pytest packages/agent-os/tests/test_policy_cli.py # 25 passed
pytest packages/agent-os/tests/test_async_evaluator.py # 31 passed
pytest packages/agent-mesh/tests/test_otel_governance.py # 16 passed
pytest packages/agent-os/modules/control-plane/tests/test_process_isolation.py # 30 passed, 1 skipped (Unix-only)
\\
Closes #71, closes #72, closes #73, closes #74, closes #75, closes #76, closes #77