Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/microsoft/agent-governance-toolkit/llms.txt

Use this file to discover all available pages before exploring further.

The agt command-line interface ships as part of the agent-governance-toolkit-cli distribution and provides tools for checking your installation health, running OWASP compliance attestations, auditing prompts for injection vulnerabilities, and validating policy files — all from a single unified surface. Every command is designed to integrate naturally into CI/CD pipelines, giving you deterministic go/no-go signals on every pull request.

Installation

Install the CLI as a standalone package or as part of the full toolkit: 
# CLI only
pip install agent-governance-toolkit-cli

# Full toolkit (includes CLI)
pip install agent-governance-toolkit[full]
Requirements: Python 3.10+

Commands

agt doctor

Checks your AGT installation for configuration problems, missing dependencies, and initialisation issues. Run this first when troubleshooting or setting up a new environment. Usage 
agt doctor
What it checks
  • All installed AGT packages and their versions
  • Whether any required packages are missing or have version conflicts
  • Cloud connectivity requirements (only relevant for Azure-integrated features)
  • Loaded policies and whether any agent is running effectively ungoverned (no policies loaded)
  • Component initialisation state
Example output 
✅ agent-governance-toolkit-core        4.0.0
✅ agent-governance-toolkit-runtime     4.0.0
✅ agent-governance-toolkit-sre         4.0.0
✅ agent-governance-toolkit-cli         4.0.0
✅ Policies loaded: 3 policy files from ./policies/
✅ No cloud dependencies required by core packages
✅ All components initialised correctly
Run agt doctor after every upgrade and before filing a bug report — it surfaces the most common configuration mistakes instantly.

agt verify

Runs an OWASP Agentic AI Top 10 compliance check against your deployed agent. By default it performs a lightweight structural check; supply --evidence to run against a runtime evidence file and --strict to fail the command with a non-zero exit code if any control has weak or missing evidence. Usage 
agt verify [OPTIONS]
Key flags
FlagDescription
--evidence FILEPath to a runtime evidence JSON file produced by the AGT governance layer
--strictExit with code 1 if any OWASP control is not fully covered; suitable for CI gates
Examples 
# Basic structural check
agt verify

# Verify against a captured evidence file
agt verify --evidence ./agt-evidence.json

# Fail CI on weak or missing evidence
agt verify --evidence ./agt-evidence.json --strict
Example output 
OWASP Agentic AI Top 10 — Compliance Report
============================================
ASI-01  Prompt Injection            ✅ COVERED  (PromptDefenseEvaluator, 12 vectors)
ASI-02  Insecure Output Handling    ✅ COVERED  (OutputSanitizer)
ASI-03  Training Data Poisoning     ✅ COVERED  (integrity manifest verified)
ASI-04  Model Denial of Service     ✅ COVERED  (rate limits + circuit breaker)
ASI-05  Supply Chain Vulnerabilities ✅ COVERED (SBOM + artifact signing)
ASI-06  Sensitive Info Disclosure   ✅ COVERED  (PII patterns + audit redaction)
ASI-07  Insecure Plugin Design      ✅ COVERED  (MCP Security Gateway)
ASI-08  Excessive Agency            ✅ COVERED  (capability gating + execution rings)
ASI-09  Overreliance                ✅ COVERED  (SLO engine + human-in-the-loop)
ASI-10  Model Theft                 ✅ COVERED  (Ed25519 identity + audit trail)

Result: 10/10 controls covered — attestation passed ✅
The --evidence flag points to a JSON file emitted at runtime by the governance layer. Enable runtime evidence mode with the evidence_mode=True option when creating your PolicyEvaluator.

agt red-team scan

Runs a prompt injection audit across a directory of prompt files, scoring each one against AGT’s 12-vector PromptDefenseEvaluator. Returns a letter grade (A–F) per prompt and an aggregate grade for the directory. Usage 
agt red-team scan <PATH> [OPTIONS]
Key flags
FlagDescription
<PATH>Directory or file containing prompts to audit
--min-grade GRADEMinimum acceptable grade (A–F); exits non-zero if any prompt scores below this threshold
Example 
# Audit all prompts in ./prompts/, fail if any grade below B
agt red-team scan ./prompts/ --min-grade B
Example output 
Prompt Injection Audit — ./prompts/
=====================================
prompts/system-prompt.txt       Grade: A  (0/12 vectors triggered)
prompts/user-facing.txt         Grade: B  (1/12 vectors triggered: role-override)
prompts/tool-description.txt    Grade: C  (3/12 vectors triggered)

Aggregate grade: B

⚠️  1 prompt scored below minimum grade B — tool-description.txt (C)
Exit code: 1
Attack vectors checked The PromptDefenseEvaluator tests for 12 injection vectors including role-override, instruction injection, context window poisoning, indirect injection via tool output, and credential exfiltration attempts.

agt lint-policy

Validates YAML policy files against the AGT policy schema — checking apiVersion, rule structure, condition syntax, and conflict resolution strategy. Returns a human-readable report and exits non-zero on any schema violation. Usage 
agt lint-policy <PATH> [OPTIONS]
Key flags
FlagDescription
<PATH>Directory or single .yaml file to validate
Example 
agt lint-policy policies/
Example output 
Linting 4 policy file(s) in policies/
======================================
✅ policies/default.yaml          valid (3 rules)
✅ policies/mcp-security.yaml     valid (8 rules)
⚠️  policies/staging.yaml         WARNING: default_action is 'allow' — consider 'deny' in production
❌ policies/broken.yaml           ERROR: rule 'block-sql' missing required field 'condition'

Result: 1 error, 1 warning — lint failed
Exit code: 1
A policy file with default_action: allow and no rules is valid YAML but means every agent action is permitted. Always use agt lint-policy in CI to catch permissive defaults before they reach production.

CI/CD Integration

Adding agt verify --strict to a GitHub Actions workflow gives you a hard gate that fails the build if any OWASP Agentic Top 10 control is not covered. Example: GitHub Actions workflow 
# .github/workflows/governance-check.yml
name: Governance Check

on:
  pull_request:
  push:
    branches: [main]

jobs:
  agt-verify:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - name: Install AGT CLI
        run: pip install agent-governance-toolkit-cli

      - name: Check installation health
        run: agt doctor

      - name: Lint policy files
        run: agt lint-policy policies/

      - name: OWASP compliance check (strict)
        run: agt verify --evidence ./agt-evidence.json --strict

      - name: Prompt injection audit
        run: agt red-team scan ./prompts/ --min-grade B
The agt-evidence.json file is generated at runtime by your governed agent. Collect it during your integration test run (step prior to the governance check job) and pass it as an artifact between jobs.

Python Distributions

The CLI is packaged as part of the agent-governance-toolkit-cli distribution (one of the five consolidated packages in v4.0.0):
DistributionWhat’s included
agent-governance-toolkit-cliagt CLI, OWASP verification, integrity checks, policy linting
agent-governance-toolkit[full]Meta-package installing all distributions, including the CLI
Previous package names (agent-os-kernel, agentmesh-platform) remain installable as stub packages that redirect to the consolidated distributions.

Build docs developers (and LLMs) love

Get started for freeTalk to us