Skill proposal: agent-governance — safety patterns for AI agent systems

[imran-siddique]

Proposal: Agent Governance Skill

Summary

A skill that teaches Claude governance patterns for AI agent systems — policy enforcement, threat detection, trust scoring, and audit trails. Currently the skills collection covers creative, technical, and enterprise workflows, but nothing focused on agent safety and governance.

Use Case

When users are building AI agents (using Claude Code, ADK, PydanticAI, CrewAI, OpenAI Agents, etc.), this skill would activate to guide them toward safe patterns:

• Defining governance policies (tool allowlists/blocklists, content filters, rate limits)
• Adding threat detection (data exfiltration, prompt injection, privilege escalation)
• Implementing trust scoring for multi-agent delegation
• Building append-only audit trails for compliance
• Policy composition (org → team → agent layering)

Proposed Skill

---
name: agent-governance
description: |
  Patterns and techniques for adding governance, safety, and trust controls
  to AI agent systems. Use this skill when building agents that call external
  tools, implementing policy-based access controls, adding threat detection,
  creating trust scoring for multi-agent workflows, or building audit trails.
---

# Agent Governance Patterns

[6 patterns: Governance Policy, Policy Composition, Semantic Intent Classification,
Tool-Level Governance Decorator, Trust Scoring, Audit Trail]

[Framework integration: PydanticAI, CrewAI, OpenAI Agents, Google ADK, LangChain]

We've already built this as a Copilot skill (merged as PR #755 in github/awesome-copilot) and can adapt it to the Agent Skills format.

Context

We maintain Agent-OS and AgentMesh Integrations — governance frameworks with integrations for PydanticAI (57 tests), CrewAI, OpenAI Agents, and Google ADK. Also proposed governance patterns for Google ADK, Genkit, and A2A protocol.

[imran-siddique]

For context: We just had 3 governance PRs merged into github/awesome-copilot (21.6K stars) — skill, hook, instructions, and agent — all reviewed and accepted by GitHub staff. The same patterns proposed here are now live in the Copilot ecosystem.

• PR #755 — Governance skill (6 patterns, framework examples)
• PR #756 — Threat detection hook
• PR #757 — Safety instructions + reviewer agent

Happy to adapt the skill to the Agent Skills format (SKILL.md with YAML frontmatter) and submit a PR here.

[BennyTheBuilder]

This is a solid proposal. Agent governance is genuinely underserved in the skills ecosystem, and the patterns you've outlined (policy enforcement, threat detection, audit trails) are things teams building production agents actually need to think about early.

A few concrete suggestions to strengthen the skill:

1. Lead with the policy model, not the framework integrations. Frameworks change, but the governance patterns are stable. Start with: how do you define a deny-by-default policy? What does a tri-state (allow/deny/require-approval) decision look like? How do you compose policies across org/team/agent boundaries? Once that's clear, showing how to wire it into PydanticAI or CrewAI becomes straightforward.

2. Include a minimal working example. Something like:

Then show how to evaluate that policy before the agent executes a tool. The evaluation itself should be fast (sub-millisecond) and fail closed, so if your policy engine is unreachable, the action is denied, not allowed by default.

3. Audit trail design matters. Make it append-only and tamper-evident (SHA-256 hash chain is standard). This is what compliance teams actually ask for.

If you want a reference implementation to link to, we built something similar in SafeClaw that might be useful as a concrete example of these patterns in practice. The skill itself should be framework-agnostic though.

[imran-siddique]

Really appreciate the detailed feedback @BennyTheBuilder — these are excellent suggestions. Let me address each:

1. Lead with the policy model, not frameworks — 100% agree. The governance patterns (deny-by-default, tri-state decisions, policy composition) are the durable primitives. We'll restructure to:

• Start with policy definition (YAML-based, composable)
• Then policy evaluation (fast, fail-closed, sub-ms)
• Then framework wiring as secondary examples

2. Minimal working example — Great call. We'll include a self-contained example that shows:
\\yaml
policies:

• name: strict-tools
  rules:
  • action: deny
    conditions:
    • field: tool_name
      operator: not_in
      value: [search, read_file]
      \
      With the evaluator failing closed (unreachable = deny) — exactly right for production safety.

3. Audit trail design — We already use SHA-256 Merkle chain hashing in our Agent-OS audit implementation. The skill will include this as a core pattern with the append-only + tamper-evident properties compliance teams need.

Thanks for pointing to SafeClaw — will take a look. We'll keep the skill framework-agnostic with the policy model front and center, as you suggest. Will submit a PR with these adjustments.