[Feature] Governance extension for AutoGen — policy enforcement and agent identity

[imran-siddique]

Summary

Proposing a governance extension for AutoGen's multi-agent conversations, powered by the Agent Governance Toolkit (AGT) — v3.2.0 Public Preview, 9,500+ tests, 5 SDK languages.

Problem

AutoGen's multi-agent conversations lack a standardized mechanism for enforcing organizational policies on tool calls, verifying agent identity, or auditing agent actions in production deployments.

Proposed Solution

AGT can integrate with AutoGen to provide:

• Policy enforcement on tool calls — Evaluate policies before any tool execution in agent conversations
• Agent identity verification — IATP-based handshakes to verify agent identity in multi-agent groups
• Action audit logging — Complete audit trail of all agent actions, tool calls, and policy decisions
• Configurable guardrails — YAML/OPA policies for data flow, tool access, and escalation rules

Example Usage

`python
from autogen import ConversableAgent
from agt.integrations.autogen import GovernanceMiddleware

agent = ConversableAgent(
"assistant",
llm_config=llm_config,
middleware=[GovernanceMiddleware(policy="autogen-policy.yaml")]
)
`

Why This Matters

Enterprise AutoGen deployments need governance guarantees — which agents can call which tools, what data crosses agent boundaries, and who approved sensitive actions. AGT provides these controls with minimal integration overhead.

References

• AGT Repository

Happy to collaborate on the best integration points within AutoGen's architecture.

[hanselhansel]

The policy enforcement and audit logging pieces are necessary but they won't unblock enterprise deployment on their own. The part that stalls procurement is what the audit trail produces: security reviewers don't want developer logs, they want artifacts their compliance tools can ingest: signed records with a chain of custody they can pull into a SIEM or present during a SOC 2 audit.

In a production multi-agent deployment I ran for an enterprise client, the governance work split into two problems. First was enforcing policy (which AGT covers). Second was producing evidence: a report format that the client's InfoSec team could sign off on without reading source code. The second problem took longer than the first.

If AGT can produce an audit artifact in a standard format (CEF, OCSF, or even just structured JSON with a stable schema), that's the detail worth calling out explicitly in the integration proposal. That's what gets this past the security reviewer and into production.