Documentation Index
Fetch the complete documentation index at: https://mintlify.com/microsoft/agent-governance-toolkit/llms.txt
Use this file to discover all available pages before exploring further.
The Agent Governance Toolkit ships in five languages — Python, TypeScript, .NET, Rust, and Go. Python is the primary implementation and carries the full governance stack, including the unified CLI, governance dashboard, 20+ framework adapters, and advanced SRE tooling. The other four language packages now cover the core governance primitives needed to build governed agents in each ecosystem: policy evaluation, agent identity, trust scoring, audit logging, MCP security, execution rings, kill switch, and lifecycle management.
Quick Comparison
The table below shows which capabilities are implemented across all five language packages. A ◑ indicates partial implementation.
| Capability | Python | TypeScript | .NET | Rust | Go |
|---|
| Policy Engine | ✅ | ✅ | ✅ | ✅ | ✅ |
| Identity & Auth | ✅ | ✅ | ◑ | ✅ | ✅ |
| Trust Scoring | ✅ | ✅ | ✅ | ✅ | ✅ |
| Audit Logging | ✅ | ✅ | ✅ | ✅ | ✅ |
| MCP Security | ✅ | ✅ | ✅ | ✅ | ✅ |
| Execution Rings | ✅ | ✅ | ✅ | ✅ | ✅ |
| SRE / SLOs | ✅ | ✅ | ✅ | ✅ | ✅ |
| Kill Switch | ✅ | ✅ | ✅ | ✅ | ✅ |
| Lifecycle Management | ✅ | ✅ | ✅ | ✅ | ✅ |
| Framework Integrations | ✅ | ✅ | ✅ | ✅ | ✅ |
| Unified CLI | ✅ | — | — | — | — |
| Governance Dashboard | ✅ | — | — | — | — |
| Shadow AI Discovery | ✅ | ✅ | ✅ | ✅ | ✅ |
| Prompt Defense Evaluator | ✅ | ✅ | ✅ | ✅ | ✅ |
.NET is marked partial for Identity & Auth because it supports stronger native asymmetric identity flows (ECDSA P-256) while the other SDKs centre on Ed25519-based identity material. Both are cryptographically sound; parity work is ongoing.
Core Primitives
Every language package implements the four foundational governance primitives. These are sufficient to build governed agents in any language without the full Python stack.
| Primitive | What It Does | Python | TypeScript | .NET | Rust | Go |
|---|
| Policy evaluation | Evaluate actions against rules before execution | PolicyEvaluator | PolicyEngine | PolicyEngine | PolicyEngine | PolicyEngine |
| Agent identity | Cryptographic credentials | AgentIdentity | AgentIdentity | AgentIdentity | Identity | AgentIdentity |
| Trust scoring | 0–1000 score based on behaviour | TrustEngine | TrustEngine | TrustStore | TrustEngine | TrustManager |
| Audit logging | Append-only action log | AuditLogger | AuditLogger | AuditLogger | AuditLogger | AuditLogger |
Policy Backend Support
All five packages support YAML rules, OPA/Rego, Cedar, and programmatic policy evaluation.
| Backend | Python | TypeScript | .NET | Rust | Go |
|---|
| YAML rules | ✅ | ✅ | ✅ | ✅ | ✅ |
| OPA / Rego | ✅ | ✅ | ✅ | ✅ | ✅ |
| Cedar | ✅ | ✅ | ✅ | ✅ | ✅ |
| Programmatic | ✅ | ✅ | ✅ | ✅ | ✅ |
Python-Only Capabilities
These capabilities are currently available only in Python. They represent the full governance stack for enterprise deployments.
| Capability | Package | Description |
|---|
| Replay Debugging | agent-governance-toolkit-sre | Deterministic replay of agent sessions for incident investigation |
| Governance Dashboard | examples/demos/governance-dashboard/ | Real-time fleet visibility (Streamlit) |
Unified CLI (agt) | agent-governance-toolkit-cli | agt verify, agt doctor, agt lint-policy, agt red-team scan |
| OWASP Verification | agent-governance-toolkit-cli | ASI 2026 compliance attestation with signed evidence |
| 20+ Framework Adapters | agentmesh-integrations | LangChain, CrewAI, AutoGen, OpenAI Agents, Google ADK, and more |
TypeScript Package
Package: @microsoft/agent-governance-sdk · Install: npm install @microsoft/agent-governance-sdk
| Module | Features |
|---|
PolicyEngine | Rule evaluation, allow/deny decisions, effect-based policies |
AgentIdentity | Ed25519 key generation, DID creation, credential signing/verification |
TrustEngine | Trust score tracking, tier classification, decay |
AuditLogger | Structured audit events, JSON export |
McpSecurityScanner | Tool poisoning, typosquatting, hidden instruction, rug pull detection |
LifecycleManager | 8-state lifecycle with validated transitions and event logging |
RingEnforcer / KillSwitch | Deny-by-default execution rings, breach handling, and emergency termination hooks |
PromptDefenseEvaluator / GovernanceVerifier / ShadowDiscovery | Prompt auditing, control attestation, runtime evidence verification, and local discovery scanning |
GovernanceMetrics / SLOTracker / CircuitBreaker | Metrics, error-budget tracking, and resilience primitives |
GenericFrameworkAdapter | Generic governance adapter for framework integrations |
AgentMeshClient | High-level client combining all primitives |
.NET Package
Package: Microsoft.AgentGovernance · Install: dotnet add package Microsoft.AgentGovernance
| Namespace | Features |
|---|
Policy | PolicyEngine with YAML/JSON policy loading, organization scope, richer decision metadata, and fail-closed OPA/Rego and Cedar backends |
Trust | AgentIdentity, IdentityRegistry, FileTrustStore, delegation helpers, JWK/JWKS, DID document export, and native asymmetric ECDSA P-256 support |
Audit | AuditLogger, AuditEmitter with structured events |
Hypervisor | ExecutionRings (4-tier), SagaOrchestrator, KillSwitch |
Lifecycle | LifecycleManager with 8-state machine and validated transitions |
Sre | SloEngine with objectives and error budget tracking |
Security | Prompt injection detection and PromptDefenseEvaluator |
Discovery | Config scanning, process scanning, reconciliation, inventory, and risk scoring |
Integration | GovernanceMiddleware for ASP.NET / Agent Framework |
RateLimiting | Token bucket rate limiter |
Telemetry | OpenTelemetry integration |
Mcp | McpSecurityScanner (poisoning, typosquatting, hidden instructions, rug pull, schema abuse, cross-server), McpResponseSanitizer, McpCredentialRedactor, McpGateway |
Rust Package
Crate: agentmesh + agentmesh-mcp · Install: cargo add agentmesh
| Module | Features |
|---|
policy | Rule-based policy evaluation with allow/deny effects plus OPA/Rego and Cedar helper support |
identity | Ed25519 key generation, DID creation, credential signing, delegation, and JWK/JWKS helpers |
trust | Trust scoring, tier classification, behavioural tracking, and trust-handshake helpers |
audit | Append-only audit log with structured events |
mcp | MCP tool definition scanning, poisoning detection, and the standalone agentmesh-mcp security surface |
rings | 4-tier execution privilege rings with configurable permissions, kill switch, circuit breaker, and SLO helpers |
lifecycle | 8-state lifecycle manager with validated transitions |
integration_support | Framework adapters, governance middleware, discovery, and prompt defence helpers |
The standalone agentmesh-mcp crate (cargo add agentmesh-mcp) provides MCP-specific security primitives — gateway, rate limiting, redaction, session management — without pulling in the full governance stack. Use it when you only need MCP security in a Rust service.
Go Module
Module: github.com/microsoft/agent-governance-toolkit/agent-governance-golang · Install: go get github.com/microsoft/agent-governance-toolkit/agent-governance-golang
| File | Features |
|---|
policy.go | Rule-based policy evaluation, wildcard/conditional matching, YAML loading, rate limiting, approval gates |
identity.go | Ed25519 identity generation, DID creation, signing/verification, JSON export/import |
trust.go | Trust scoring, tier classification, peer verification, optional disk persistence |
audit.go | Hash-chained audit logging, filtering, JSON export, retention cap |
mcp.go | MCP security scanning — tool poisoning, typosquatting, hidden chars/homoglyphs, rug pull |
rings.go | 4-tier execution privilege rings with default-deny access control |
kill_switch.go | Scoped execution kill switches (global, agent, capability) with registry and history |
lifecycle.go | 8-state lifecycle manager with validated transitions and transition history |
client.go | High-level client combining identity, trust, policy, and audit |
policy_backends.go | OPA/Rego remote + CLI + built-in evaluation, Cedar CLI + built-in evaluation |
slo.go | SLO objectives, event recording, latency/availability evaluation, error budget tracking |
middleware.go | Composable governance middleware stack, net/http adapter, capability guards, prompt defence, audit, and optional SLO tracking |
discovery.go | Structured shadow discovery models plus text, process, config-path, current-host, and GitHub repository scanners |
promptdefense.go | Prompt injection, prompt exfiltration, credential exfiltration, and approval-bypass detection |
metrics.go | Lightweight governance metrics recorder stubs |
| Python parity area | Go status |
|---|
| Core governance primitives | ✅ Parity |
| MCP security | ✅ Parity |
| Execution rings | ✅ Parity |
| Kill switch | ✅ Parity |
| Lifecycle management | ✅ Parity |
| SRE / SLOs | ✅ Parity |
| Framework integrations | ✅ Parity |
| Shadow AI discovery | ✅ Parity |
| Prompt defence | ✅ Parity |
| OPA / Rego / Cedar policy backends | ✅ Parity |
| Unified CLI and governance dashboard | — Python only today |
Python Distributions (v4.0.0)
As of v4.0.0, 45 packages were consolidated into 5 top-level distributions. Legacy package names remain installable as stub packages that redirect to the consolidated distributions.
| Distribution | PyPI Package | What’s included |
|---|
agent-governance-toolkit-core | agent-governance-toolkit-core | Policy engine, capability model, audit, MCP gateway, zero-trust identity, trust scoring, A2A/MCP/IATP bridges |
agent-governance-toolkit-runtime | agent-governance-toolkit-runtime | Privilege rings, saga orchestration, termination control, execution plan validation, command denylist enforcement |
agent-governance-toolkit-sre | agent-governance-toolkit-sre | SLOs, error budgets, chaos engineering, circuit breakers |
agent-governance-toolkit-cli | agent-governance-toolkit-cli | agt CLI, OWASP verification, integrity checks, policy linting |
agent-governance-toolkit[full] | agent-governance-toolkit | Meta-package installing all of the above |
Install Reference
| Language | Command |
|---|
| Python | pip install agent-governance-toolkit[full] |
| TypeScript | npm install @microsoft/agent-governance-sdk |
| .NET | dotnet add package Microsoft.AgentGovernance |
| Rust | cargo add agentmesh |
| Rust (MCP only) | cargo add agentmesh-mcp |
| Go | go get github.com/microsoft/agent-governance-toolkit/agent-governance-golang |