agent-governance-toolkit
Librarymicrosoft/agent-governance-toolkit
Policy enforcement and security toolkit for autonomous AI agents.
Overview
Provides deterministic policy enforcement, zero-trust identity, and execution sandboxing for AI agents. Covers all OWASP Agentic Top 10 risks. Works with any framework and includes audit logging.
README Preview
🌍 [English](/README.md) | [日本語](./docs/i18n/README.ja.md) | [简体中文](./docs/i18n/README.zh-CN.md) | [한국어](./docs/i18n/README.ko.md)\n\n\n\n# Agent Governance Toolkit\n\n### Ship agents to production without losing sleep\n\n\n \n \n \n\n\n\n \n 🚀 Quick Start ·\n 📋 Specifications ·\n 📦 PyPI ·\n 📝 Changelog\n \n\n\n[](https://github.com/microsoft/agent-governance-toolkit/actions/workflows/ci.yml)\n[](LICENSE)\n[](https://pypi.org/project/agent-governance-toolkit/)\n[](https://www.npmjs.com/package/@microsoft/agent-governance-sdk)\n[](https://www.nuget.org/packages/Microsoft.AgentGovernance)\n[](https://scorecard.dev/viewer/?uri=github.com/microsoft/agent-governance-toolkit)\n[](https://www.bestpractices.dev/projects/12085)\n[](docs/compliance/owasp-agentic-top10-architecture.md)\n\n> [!IMPORTANT]\n> **Public Preview** -- production-quality, Microsoft-signed releases. May have breaking changes before GA.\n\nPolicy enforcement, identity, sandboxing, and SRE for autonomous AI agents. One `pip install`, any framework.\n\n---\n\n## The Problem\n\nYour AI agents call tools, browse the web, query databases, and delegate to other agents. Once deployed, they make decisions autonomously. You need answers to three questions:\n\n**1. Is this action allowed?** An agent with access to `send_email` and `query_database` should not be able to `drop_table`. OAuth scopes and IAM roles control which services an agent can reach, not what it does once connected.\n\n**2. Which agent did this?** In a multi-agent system, five agents might share a single API key. When something goes wrong, "an agent did it" is not an incident response.\n\n**3. Can you prove what happened?** Auditors and regulators need tamper-evident records of every decision: what policy was active, what the agent requested, and why it was allowed or denied.\n\nPrompt-level safety ("please follow the rules") is not a control surface. It is a polite request to a stochastic system. [OWASP LLM01:2025](https: