Agent Governance Toolkit

Agent Governance Toolkit (AGT) is a multi-lingual, open-source runtime governance toolkit developed by Microsoft, designed to address security and compliance risks in autonomous AI Agents during tool invocation and resource access. The core value lies in upgrading probabilistic Prompt-based guardrails to deterministic policy enforcement, reducing policy violation rates from 26.67% to 0.00%.

Core Governance

• Policy Engine: Supports YAML, OPA/Rego, and Cedar formats; <0.02ms per rule, <0.03ms for 100 rules
• Multi-stage Pipeline: Four interception stages — pre_input, pre_tool, post_tool, post_output
• Deterministic Execution: Every action is evaluated against policies before execution

Identity & Communication Security

• Zero-Trust Identity: Ed25519 + post-quantum ML-DSA-65 credentials, SPIFFE/SVID support, 0–1000 trust scoring
• E2E Encrypted Communication: Signal protocol-based E2E encryption with Wire Protocol spec, Registry + Relay services

Security Scanning & Defense

• MCP Security Scanner: Detects tool poisoning, domain spoofing, and hidden instructions in MCP definitions
• PromptDefense Evaluator: 12-vector Prompt injection auditing
• Shadow AI Discovery: Cross-process, config file, and repository scanning for unregistered shadow Agents

Agent SRE

• SLO definitions, error budget management, Replay debugging
• Chaos engineering and circuit breakers for cascade failure prevention

Execution Sandboxing & Lifecycle

• Sandbox: 4-level privilege rings, Saga orchestration, Kill Switch; per-Agent container deployment recommended
• Lifecycle Management: Provisioning → credential rotation → orphan detection → deactivation
• Governance Dashboard: Real-time cluster visualization — health, trust, compliance, audit events

Architecture AGT sits between Agent frameworks and action execution (application-layer governance, not OS kernel isolation). Four core modules:

• Agent OS: Policy engine and evaluation
• AgentMesh: Zero-trust identity and encrypted communication
• Agent SRE: Reliability, circuit breaking, chaos engineering
• MCP Scanner: Static and dynamic security scanning

Flow: Agent action → policy pipeline check (<0.1ms) → allow/deny → audit log

Engineering Quality

• 9,500+ test cases, 7 fuzz testing targets (policy, injection, MCP, sandbox, trust, etc.)
• Security toolchain: CodeQL (Python+TS SAST), Gitleaks, ClusterFuzzLite, Dependabot (13 ecosystems), OpenSSF Scorecard

Ecosystem & Compliance

• Compatible with 20+ frameworks: AWS Bedrock, Google ADK, Azure AI, LangChain, CrewAI, AutoGen, OpenAI Agents, etc.
• Four integration patterns: Middleware, Adapter, Pipeline, Plugin
• Full OWASP Agentic Top 10 coverage (ASI-01 to ASI-10); satisfies EU AI Act, NIST AI RMF, Colorado AI Act, SOC 2

Multi-language SDKs

• Python: pip install agent-governance-toolkit[full]
• TypeScript: npm install @microsoft/agent-governance-sdk
• .NET: dotnet add package Microsoft.AgentGovernance
• Rust: cargo add agent-governance
• Go: go get github.com/microsoft/agent-governance-toolkit/agent-governance-golang

Unified CLI (agt)

• agt verify: OWASP compliance verification with --strict for CI enforcement
• agt doctor: Environment diagnostics
• agt lint-policy: Policy file linting

Deployment

• Containerized: Dockerfile + docker-compose.yml
• Cloud: Azure (AKS, Foundry, Container Apps), AWS (ECS/Fargate), GCP (GKE)

Boundary Note AGT is not a Prompt Guardrail or Content Moderation tool. Model-level safety is recommended via Azure AI Content Safety or similar solutions.

Unconfirmed Information

• Official documentation site URL (mkdocs.yml present, no deployed URL found)
• Hugging Face model page address
• Associated academic papers
• Production user list (ADOPTERS.md referenced but not public)