agent-governance-toolkit: a deterministic policy enforcement and governance layer for autonomous AI agents

What it solves

AI agents often make autonomous decisions that can lead to security risks, such as executing destructive commands or leaking data. Relying on prompt-level safety ("please follow the rules") is unreliable because models are susceptible to prompt injection and adversarial attacks. This toolkit provides a deterministic layer of control that intercepts agent actions before they are executed, making prohibited actions structurally impossible rather than just unlikely.

How it works

The toolkit implements a governance kernel that sits between the AI agent and the tools it uses. When an agent attempts an action, it is intercepted by a policy engine that evaluates the request against a set of defined rules (written in YAML, OPA, or Cedar). The system then checks the agent's identity and logs the decision in a tamper-evident audit trail. If the action is denied by the policy, the system raises a GovernanceDenied error, preventing the execution of the tool.

Who it’s for

Developers and SREs deploying autonomous AI agents into production environments who need strict policy enforcement, auditability, and compliance with standards like the OWASP Agentic AI Top 10 and the EU AI Act.

Highlights

• Multi-language Support: SDKs available for Python, TypeScript, .NET, Rust, and Go.
• Framework Agnostic: Integrates with major frameworks including Semantic Kernel, AutoGen, LangGraph, CrewAI, and OpenAI Agents SDK.
• Deterministic Enforcement: Uses a fail-closed policy engine to ensure that blocked actions cannot be executed.
• Comprehensive Governance Stack: Includes tools for execution sandboxing (Agent Runtime), SLO monitoring (Agent SRE), and prompt injection auditing (PromptDefense Evaluator).
• MCP Security Gateway: Specifically detects tool poisoning, drift, and hidden instructions in Model Context Protocol (MCP) servers.