⚠️ DEPRECATED — This project has moved to microsoft/agent-governance-toolkit. All future development happens there. Please star and follow the new repo!
The safety, trust, and reliability platform for production AI agents
One install for the complete governance stack — kernel · trust mesh · runtime supervisor · reliability engineering
pip install ai-agent-governance[full]
Architecture • Quick Start • Components • Why Unified? • Ecosystem • OWASP Compliance • Traction
⭐ If this project helps you, please star it! It helps others discover the agent governance stack.
🔗 Part of the Agent Governance Ecosystem — Installs Agent OS · AgentMesh · Agent Hypervisor · Agent SRE
┌─────────────────────────────────────────────────────────────────┐
│ agent-governance │
│ pip install ai-agent-governance[full] │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌───────────────────┐ ┌───────────────────────────┐ │
│ │ Agent OS Kernel │◄────►│ AgentMesh Platform │ │
│ │ │ │ │ │
│ │ Policy Engine │ │ Zero-Trust Identity │ │
│ │ Capability Model │ │ Mutual TLS for Agents │ │
│ │ Audit Logging │ │ Encrypted Channels │ │
│ │ Syscall Layer │ │ Trust Scoring │ │
│ └────────┬──────────┘ └─────────────┬─────────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌───────────────────┐ ┌───────────────────────────┐ │
│ │ Agent Hypervisor │ │ Agent SRE │ │
│ │ │ │ │ │
│ │ Execution Rings │ │ Health Monitoring │ │
│ │ Resource Limits │ │ SLO Enforcement │ │
│ │ Runtime Sandboxing│ │ Incident Response │ │
│ │ Kill Switch │ │ Chaos Engineering │ │
│ └───────────────────┘ └───────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
import asyncio
from agent_os import StatelessKernel, ExecutionContext
from agentmesh import AgentIdentity
# Boot the governance kernel
kernel = StatelessKernel()
ctx = ExecutionContext(agent_id="my-agent", policies=["read_only"])
# Establish zero-trust agent identity
identity = AgentIdentity.create(
name="my-agent",
sponsor="alice@company.com",
capabilities=["read:data", "write:reports"],
)
# Execute a governed action
async def main():
result = await kernel.execute(
action="database_query",
params={"query": "SELECT * FROM users"},
context=ctx,
)
print(f"Success: {result.success}, Data: {result.data}")
asyncio.run(main())Install only what you need:
# Core: kernel + trust mesh
pip install ai-agent-governance
# Full stack: adds hypervisor + SRE
pip install ai-agent-governance[full]
# À la carte
pip install ai-agent-governance[hypervisor]
pip install ai-agent-governance[sre]| Component | Package | What It Does |
|---|---|---|
| Agent OS | agent-os-kernel |
Governance kernel — policy enforcement, capability-based security, audit trails, and the syscall abstraction layer for AI agents |
| AgentMesh | agentmesh-platform |
Zero-trust communication — mutual TLS for agents, encrypted channels, trust scoring, and secure multi-agent orchestration ("SSL for AI Agents") |
| Agent Hypervisor | agent-hypervisor |
Runtime supervisor — execution rings, resource limits, sandboxed execution, kill switches, and real-time intervention for autonomous agents |
| Agent SRE | agent-sre |
Reliability engineering — health monitoring, SLO enforcement, incident response automation, and chaos engineering for agent fleets |
Running AI agents in production without governance is like deploying microservices without TLS, RBAC, or monitoring. Each layer solves a different problem:
| Concern | Without Governance | With Agent Governance |
|---|---|---|
| Security | Agents call any tool, access any resource | Capability-based permissions, policy enforcement |
| Trust | No identity verification between agents | Mutual TLS, trust scores, encrypted channels |
| Control | Runaway agents consume unbounded resources | Execution rings, resource limits, kill switches |
| Reliability | Silent failures, no observability | SLO enforcement, health checks, incident automation |
| Compliance | No audit trail for agent decisions | Immutable audit logs, decision lineage tracking |
One install. Four layers of protection.
The meta-package ensures all components are version-compatible and properly integrated. No dependency conflicts, no version mismatches — just a single pip install to go from zero to production-grade agent governance.
agent-governance ─── The meta-package (you are here)
├── agent-os-kernel ─── Governance kernel
├── agentmesh-platform ─── Zero-trust mesh
├── agent-hypervisor ─── Runtime supervisor (optional)
└── agent-sre ─── Reliability engineering (optional)
Each component works standalone, but they're designed to work together. The kernel enforces policy, the mesh secures communication, the hypervisor controls execution, and SRE keeps everything running.
See the examples/ directory for runnable demos:
# Quick start — boot the governance stack in 30 lines
python examples/quickstart.py
# Full stack — all 4 layers working together
python examples/governed_agent.py# LangChain
pip install langchain ai-agent-governance
# CrewAI
pip install crewai ai-agent-governance
# AutoGen
pip install pyautogen ai-agent-governance| Quarter | Milestone |
|---|---|
| Q1 2026 | ✅ Unified meta-package, 4 components integrated, PyPI published |
| Q2 2026 | Cross-component integration tests, unified CLI, dashboard UI |
| Q3 2026 | Helm chart for Kubernetes, managed cloud preview |
| Q4 2026 | SOC2 Type II certification, enterprise support tier |
The agent governance stack covers 9 of 10 risks from the OWASP Top 10 for Agentic Applications (2026):
| OWASP Risk | Coverage | Component |
|---|---|---|
| Agent Goal Hijack | ✅ | Agent OS — Policy Engine |
| Tool Misuse | ✅ | Agent OS — Capability Sandboxing |
| Identity & Privilege Abuse | ✅ | AgentMesh — DID Identity |
| Supply Chain Vulnerabilities | 🔄 Roadmap | Agent-SBOM (planned) |
| Unexpected Code Execution | ✅ | Agent Hypervisor — Execution Rings |
| Memory & Context Poisoning | ✅ | Agent OS — VFS + CMVK |
| Insecure Inter-Agent Communication | ✅ | AgentMesh — IATP Protocol |
| Cascading Failures | ✅ | Agent SRE — Circuit Breakers |
| Human-Agent Trust Exploitation | ✅ | Agent OS — Approval Workflows |
| Rogue Agents | ✅ | Agent Hypervisor — Kill Switch |
→ Full OWASP compliance mapping with code examples
The ecosystem is growing — 3,000+ views, 9,400+ clones, and 1,278 unique developers in the last 14 days alone. Traffic from Medium, Reddit, LinkedIn, Google, and even ChatGPT.
We welcome contributions! See our Contributing Guide for details.
For component-specific contributions, see:
MIT — see LICENSE for details.
imransiddique.com · Documentation · GitHub
Building the governance layer for the agentic era