Python: Proposal: Governance Policy Filter for Semantic Kernel

[imran-siddique]

Proposal: Governance Policy Filter for Semantic Kernel

Problem

Semantic Kernel provides a powerful plugin architecture and function calling pipeline, but currently lacks a built-in governance policy layer for enforcing safety constraints on agent actions at the kernel level.

As Semantic Kernel agents are deployed in enterprise environments, teams need:

• Action-level policy enforcement - Block dangerous function calls based on semantic intent classification
• Resource governance - Enforce token limits, tool call caps, and execution time budgets per request
• Trust-based plugin access - Gate access to sensitive plugins based on agent/user trust scores
• Audit trails - Tamper-evident logging of all kernel function invocations

What we've built (Apache-2.0)

Agent-OS and AgentMesh provide:

1. GovernancePolicy - Declarative YAML policies with blocked patterns (regex/glob), token limits, tool call limits
2. Semantic intent classifier - 9 threat categories (destructive, exfiltration, privilege_escalation, etc.), no LLM dependency
3. Event hooks - on(POLICY_VIOLATION) / on(TOOL_CALL_BLOCKED) callbacks
4. 5-dimension trust scoring - Competence, integrity, availability, predictability, transparency
5. Merkle audit chains - Tamper-evident execution logs

Proposed integration

A Semantic Kernel filter that enforces governance policies in the function invocation pipeline:

`python
from semantic_kernel import Kernel
from sk_governance import GovernancePolicyFilter

policy = GovernancePolicyFilter.from_yaml("policy.yaml")
kernel = Kernel()
kernel.add_filter("function_invocation", policy)

All function calls now pass through governance checks

Blocked patterns, token limits, trust scores enforced automatically

`

This fits naturally into SK's existing filter architecture (FunctionInvocationFilter, PromptRenderFilter) and requires no changes to core.

Ask

Is there interest in this kind of contribution? We could:

1. Build a standalone semantic-kernel-governance package using SK's filter API
2. Submit a PR adding an optional governance filter to the Python SDK
3. Contribute to the samples/examples showing the integration pattern

700+ tests backing the core governance engine. Happy to discuss approach with maintainers.

[imran-siddique]

Closing - project moved to microsoft/agent-governance-toolkit. Will re-submit fresh proposals from the Microsoft repo. Thank you!