{"id":"9736a031-f536-4f2e-a112-6c855dbc5d63","shortId":"vVbUU7","kind":"skill","title":"Agent Governance","tagline":"Awesome Copilot skill by Github","description":"# Agent Governance Patterns\n\nPatterns for adding safety, trust, and policy enforcement to AI agent systems.\n\n## Overview\n\nGovernance patterns ensure AI agents operate within defined boundaries — controlling which tools they can call, what content they can process, how much they can do, and maintaining accountability through audit trails.\n\n```\nUser Request → Intent Classification → Policy Check → Tool Execution → Audit Log\n ↓ ↓ ↓\n Threat Detection Allow/Deny Trust Update\n```\n\n## When to Use\n\n- **Agents with tool access**: Any agent that calls external tools (APIs, databases, shell commands)\n- **Multi-agent systems**: Agents delegating to other agents need trust boundaries\n- **Production deployments**: Compliance, audit, and safety requirements\n- **Sensitive operations**: Financial transactions, data access, infrastructure management\n\n---\n\n## Pattern 1: Governance Policy\n\nDefine what an agent is allowed to do as a composable, serializable policy object.\n\n```python\nfrom dataclasses import dataclass, field\nfrom enum import Enum\nfrom typing import Optional\nimport re\n\nclass PolicyAction(Enum):\n ALLOW = \"allow\"\n DENY = \"deny\"\n REVIEW = \"review\" # flag for human review\n\n@dataclass\nclass GovernancePolicy:\n \"\"\"Declarative policy controlling agent behavior.\"\"\"\n name: str\n allowed_tools: list[str] = field(default_factory=list) # allowlist\n blocked_tools: list[str] = field(default_factory=list) # blocklist\n blocked_patterns: list[str] = field(default_factory=list) # content filters\n max_calls_per_request: int = 100 # rate limit\n require_human_approval: list[str] = field(default_factory=list) # tools needing approval\n\n def check_tool(self, tool_name: str) -> PolicyAction:\n \"\"\"Check if a tool is allowed by this policy.\"\"\"\n if tool_name in self.blocked_tools:\n return PolicyAction.DENY\n if tool_name in self.require_human_approval:\n return PolicyAction.REVIEW\n if self.allowed_tools and tool_name not in self.allowed_tools:\n return PolicyAction.DENY\n return PolicyAction.ALLOW\n\n def check_content(self, content: str) -> Optional[str]:\n \"\"\"Check content against blocked patterns. Returns matched pattern or None.\"\"\"\n for pattern in self.blocked_patterns:\n if re.search(pattern, content, re.IGNORECASE):\n return pattern\n return None\n```\n\n### Policy Composition\n\nCombine multiple policies (e.g., org-wide + team + agent-specific):\n\n```python\ndef compose_policies(*policies: GovernancePolicy) -> GovernancePolicy:\n \"\"\"Merge policies with most-restrictive-wins semantics.\"\"\"\n combined = GovernancePolicy(name=\"composed\")\n\n for policy in policies:\n combined.blocked_tools.extend(policy.blocked_tools)\n combined.blocked_patterns.extend(policy.blocked_patterns)\n combined.require_human_approval.extend(policy.require_human_approval)\n combined.max_calls_per_request = min(\n combined.max_calls_per_request,\n policy.max_calls_per_request\n )\n if policy.allowed_tools:\n if combined.allowed_tools:\n combined.allowed_tools = [\n t for t in combined.allowed_tools if t in policy.allowed_tools\n ]\n else:\n combined.allowed_tools = list(policy.allowed_tools)\n\n return combined\n\n\n# Usage: layer policies from broad to specific\norg_policy = GovernancePolicy(\n name=\"org-wide\",\n blocked_tools=[\"shell_exec\", \"delete_database\"],\n blocked_patterns=[r\"(?i)(api[_-]?key|secret|password)\\s*[:=]\"],\n max_calls_per_request=50\n)\nteam_policy = GovernancePolicy(\n name=\"data-team\",\n allowed_tools=[\"query_db\", \"read_file\", \"write_report\"],\n require_human_approval=[\"write_report\"]\n)\nagent_policy = compose_policies(org_policy, team_policy)\n```\n\n### Policy as YAML\n\nStore policies as configuration, not code:\n\n```yaml\n# governance-policy.yaml\nname: production-agent\nallowed_tools:\n - search_documents\n - query_database\n - send_email\nblocked_tools:\n - shell_exec\n - delete_record\nblocked_patterns:\n - \"(?i)(api[_-]?key|secret|password)\\\\s*[:=]\"\n - \"(?i)(drop|truncate|delete from)\\\\s+\\\\w+\"\nmax_calls_per_request: 25\nrequire_human_approval:\n - send_email\n```\n\n```python\nimport yaml\n\ndef load_policy(path: str) -> GovernancePolicy:\n with open(path) as f:\n data = yaml.safe_load(f)\n return GovernancePolicy(**data)\n```\n\n---\n\n## Pattern 2: Semantic Intent Classification\n\nDetect dangerous intent in prompts before they reach the agent, using pattern-based signals.\n\n```python\nfrom dataclasses import dataclass\n\n@dataclass\nclass IntentSignal:\n category: str # e.g., \"data_exfiltration\", \"privilege_escalation\"\n confidence: float # 0.0 to 1.0\n evidence: str # what triggered the detection\n\n# Weighted signal patterns for threat detection\nTHREAT_SIGNALS = [\n # Data exfiltration\n (r\"(?i)send\\s+(all|every|entire)\\s+\\w+\\s+to\\s+\", \"data_exfiltration\", 0.8),\n (r\"(?i)export\\s+.*\\s+to\\s+(external|outside|third.?party)\", \"data_exfiltration\", 0.9),\n (r\"(?i)curl\\s+.*\\s+-d\\s+\", \"data_exfiltration\", 0.7),\n\n # Privilege escalation\n (r\"(?i)(sudo|as\\s+root|admin\\s+access)\", \"privilege_escalation\", 0.8),\n (r\"(?i)chmod\\s+777\", \"privilege_escalation\", 0.9),\n\n # System modification\n (r\"(?i)(rm\\s+-rf|del\\s+/[sq]|format\\s+c:)\", \"system_destruction\", 0.95),\n (r\"(?i)(drop\\s+database|truncate\\s+table)\", \"system_destruction\", 0.9),\n\n # Prompt injection\n (r\"(?i)ignore\\s+(previous|above|all)\\s+(instructions?|rules?)\", \"prompt_injection\", 0.9),\n (r\"(?i)you\\s+are\\s+now\\s+(a|an)\\s+\", \"prompt_injection\", 0.7),\n]\n\ndef classify_intent(content: str) -> list[IntentSignal]:\n \"\"\"Classify content for threat signals.\"\"\"\n signals = []\n for pattern, category, weight in THREAT_SIGNALS:\n match = re.search(pattern, content)\n if match:\n signals.append(IntentSignal(\n category=category,\n confidence=weight,\n evidence=match.group()\n ))\n return signals\n\ndef is_safe(content: str, threshold: float = 0.7) -> bool:\n \"\"\"Quick check: is the content safe above the given threshold?\"\"\"\n signals = classify_intent(content)\n return not any(s.confidence >= threshold for s in signals)\n```\n\n**Key insight**: Intent classification happens *before* tool execution, acting as a pre-flight safety check. This is fundamentally different from output guardrails which only check *after* generation.\n\n---\n\n## Pattern 3: Tool-Level Governance Decorator\n\nWrap individual tool functions with governance checks:\n\n```python\nimport functools\nimport time\nfrom collections import defaultdict\n\n_call_counters: dict[str, int] = defaultdict(int)\n\ndef govern(policy: GovernancePolicy, audit_trail=None):\n \"\"\"Decorator that enforces governance policy on a tool function.\"\"\"\n def decorator(func):\n @functools.wraps(func)\n async def wrapper(*args, **kwargs):\n tool_name = func.__name__\n\n # 1. Check tool allowlist/blocklist\n action = policy.check_tool(tool_name)\n if action == PolicyAction.DENY:\n raise PermissionError(f\"Policy '{policy.name}' blocks tool '{tool_name}'\")\n if action == PolicyAction.REVIEW:\n raise PermissionError(f\"Tool '{tool_name}' requires human approval\")\n\n # 2. Check rate limit\n _call_counters[policy.name] += 1\n if _call_counters[policy.name] > policy.max_calls_per_request:\n raise PermissionError(f\"Rate limit exceeded: {policy.max_calls_per_request} calls\")\n\n # 3. Check content in arguments\n for arg in list(args) + list(kwargs.values()):\n if isinstance(arg, str):\n matched = policy.check_content(arg)\n if matched:\n raise PermissionError(f\"Blocked pattern detected: {matched}\")\n\n # 4. Execute and audit\n start = time.monotonic()\n try:\n result = await func(*args, **kwargs)\n if audit_trail is not None:\n audit_trail.append({\n \"tool\": tool_name,\n \"action\": \"allowed\",\n \"duration_ms\": (time.monotonic() - start) * 1000,\n \"timestamp\": time.time()\n })\n return result\n except Exception as e:\n if audit_trail is not None:\n audit_trail.append({\n \"tool\": tool_name,\n \"action\": \"error\",\n \"error\": str(e),\n \"timestamp\": time.time()\n })\n raise\n\n return wrapper\n return decorator\n\n\n# Usage with any agent framework\naudit_log = []\npolicy = GovernancePolicy(\n name=\"search-agent\",\n allowed_tools=[\"search\", \"summarize\"],\n blocked_patterns=[r\"(?i)password\"],\n max_calls_per_request=10\n)\n\n@govern(policy, audit_trail=audit_log)\nasync def search(query: str) -> str:\n \"\"\"Search documents — governed by policy.\"\"\"\n return f\"Results for: {query}\"\n\n# Passes: search(\"latest quarterly report\")\n# Blocked: search(\"show me the admin password\")\n```\n\n---\n\n## Pattern 4: Trust Scoring\n\nTrack agent reliability over time with decay-based trust scores:\n\n```python\nfrom dataclasses import dataclass, field\nimport math\nimport time\n\n@dataclass\nclass TrustScore:\n \"\"\"Trust score with temporal decay.\"\"\"\n score: float = 0.5 # 0.0 (untrusted) to 1.0 (fully trusted)\n successes: int = 0\n failures: int = 0\n last_updated: float = field(default_factory=time.time)\n\n def record_success(self, reward: float = 0.05):\n self.successes += 1\n self.score = min(1.0, self.score + reward * (1 - self.score))\n self.last_updated = time.time()\n\n def record_failure(self, penalty: float = 0.15):\n self.failures += 1\n self.score = max(0.0, self.score - penalty * self.score)\n self.last_updated = time.time()\n\n def current(self, decay_rate: float = 0.001) -> float:\n \"\"\"Get score with temporal decay — trust erodes without activity.\"\"\"\n elapsed = time.time() - self.last_updated\n decay = math.exp(-decay_rate * elapsed)\n return self.score * decay\n\n @property\n def reliability(self) -> float:\n total = self.successes + self.failures\n return self.successes / total if total > 0 else 0.0\n\n\n# Usage in multi-agent systems\ntrust = TrustScore()\n\n# Agent completes tasks successfully\ntrust.record_success() # 0.525\ntrust.record_success() # 0.549\n\n# Agent makes an error\ntrust.record_failure() # 0.467\n\n# Gate sensitive operations on trust\nif trust.current() >= 0.7:\n # Allow autonomous operation\n pass\nelif trust.current() >= 0.4:\n # Allow with human oversight\n pass\nelse:\n # Deny or require explicit approval\n pass\n```\n\n**Multi-agent trust**: In systems where agents delegate to other agents, each agent maintains trust scores for its delegates:\n\n```python\nclass AgentTrustRegistry:\n def __init__(self):\n self.scores: dict[str, TrustScore] = {}\n\n def get_trust(self, agent_id: str) -> TrustScore:\n if agent_id not in self.scores:\n self.scores[agent_id] = TrustScore()\n return self.scores[agent_id]\n\n def most_trusted(self, agents: list[str]) -> str:\n return max(agents, key=lambda a: self.get_trust(a).current())\n\n def meets_threshold(self, agent_id: str, threshold: float) -> bool:\n return self.get_trust(agent_id).current() >= threshold\n```\n\n---\n\n## Pattern 5: Audit Trail\n\nAppend-only audit log for all agent actions — critical for compliance and debugging:\n\n```python\nfrom dataclasses import dataclass, field\nimport json\nimport time\n\n@dataclass\nclass AuditEntry:\n timestamp: float\n agent_id: str\n tool_name: str\n action: str # \"allowed\", \"denied\", \"error\"\n policy_name: str\n details: dict = field(default_factory=dict)\n\nclass AuditTrail:\n \"\"\"Append-only audit trail for agent governance events.\"\"\"\n def __init__(self):\n self._entries: list[AuditEntry] = []\n\n def log(self, agent_id: str, tool_name: str, action: str,\n policy_name: str, **details):\n self._entries.append(AuditEntry(\n timestamp=time.time(),\n agent_id=agent_id,\n tool_name=tool_name,\n action=action,\n policy_name=policy_name,\n details=details\n ))\n\n def denied(self) -> list[AuditEntry]:\n \"\"\"Get all denied actions — useful for security review.\"\"\"\n return [e for e in self._entries if e.action == \"denied\"]\n\n def by_agent(self, agent_id: str) -> list[AuditEntry]:\n return [e for e in self._entries if e.agent_id == agent_id]\n\n def export_jsonl(self, path: str):\n \"\"\"Export as JSON Lines for log aggregation systems.\"\"\"\n with open(path, \"w\") as f:\n for entry in self._entries:\n f.write(json.dumps({\n \"timestamp\": entry.timestamp,\n \"agent_id\": entry.agent_id,\n \"tool\": entry.tool_name,\n \"action\": entry.action,\n \"policy\": entry.policy_name,\n **entry.details\n }) + \"\\n\")\n```\n\n---\n\n## Pattern 6: Framework Integration\n\n### PydanticAI\n\n```python\nfrom pydantic_ai import Agent\n\npolicy = GovernancePolicy(\n name=\"support-bot\",\n allowed_tools=[\"search_docs\", \"create_ticket\"],\n blocked_patterns=[r\"(?i)(ssn|social\\s+security|credit\\s+card)\"],\n max_calls_per_request=20\n)\n\nagent = Agent(\"openai:gpt-4o\", system_prompt=\"You are a support assistant.\")\n\n@agent.tool\n@govern(policy)\nasync def search_docs(ctx, query: str) -> str:\n \"\"\"Search knowledge base — governed.\"\"\"\n return await kb.search(query)\n\n@agent.tool\n@govern(policy)\nasync def create_ticket(ctx, title: str, body: str) -> str:\n \"\"\"Create support ticket — governed.\"\"\"\n return await tickets.create(title=title, body=body)\n```\n\n### CrewAI\n\n```python\nfrom crewai import Agent, Task, Crew\n\npolicy = GovernancePolicy(\n name=\"research-crew\",\n allowed_tools=[\"search\", \"analyze\"],\n max_calls_per_request=30\n)\n\n# Apply governance at the crew level\ndef governed_crew_run(crew: Crew, policy: GovernancePolicy):\n \"\"\"Wrap crew execution with governance checks.\"\"\"\n audit = AuditTrail()\n for agent in crew.agents:\n for tool in agent.tools:\n original = tool.func\n tool.func = govern(policy, audit_trail=audit)(original)\n result = crew.kickoff()\n return result, audit\n```\n\n### OpenAI Agents SDK\n\n```python\nfrom agents import Agent, function_tool\n\npolicy = GovernancePolicy(\n name=\"coding-agent\",\n allowed_tools=[\"read_file\", \"write_file\", \"run_tests\"],\n blocked_tools=[\"shell_exec\"],\n max_calls_per_request=50\n)\n\n@function_tool\n@govern(policy)\nasync def read_file(path: str) -> str:\n \"\"\"Read file contents — governed.\"\"\"\n import os\n safe_path = os.path.realpath(path)\n if not safe_path.startswith(os.path.realpath(\".\")):\n raise ValueError(\"Path traversal blocked by governance\")\n with open(safe_path) as f:\n return f.read()\n```\n\n---\n\n## Governance Levels\n\nMatch governance strictness to risk level:\n\n| Level | Controls | Use Case |\n|-------|----------|----------|\n| **Open** | Audit only, no restrictions | Internal dev/testing |\n| **Standard** | Tool allowlist + content filters | General production agents |\n| **Strict** | All controls + human approval for sensitive ops | Financial, healthcare, legal |\n| **Locked** | Allowlist only, no dynamic tools, full audit | Compliance-critical systems |\n\n---\n\n## Best Practices\n\n| Practice | Rationale |\n|----------|-----------|\n| **Policy as configuration** | Store policies in YAML/JSON, not hardcoded — enables change without deploys |\n| **Most-restrictive-wins** | When composing policies, deny always overrides allow |\n| **Pre-flight intent check** | Classify intent *before* tool execution, not after |\n| **Trust decay** | Trust scores should decay over time — require ongoing good behavior |\n| **Append-only audit** | Never modify or delete audit entries — immutability enables compliance |\n| **Fail closed** | If governance check errors, deny the action rather than allowing it |\n| **Separate policy from logic** | Governance enforcement should be independent of agent business logic |\n\n---\n\n## Quick Start Checklist\n\n```markdown\n## Agent Governance Implementation Checklist\n\n### Setup\n- [ ] Define governance policy (allowed tools, blocked patterns, rate limits)\n- [ ] Choose governance level (open/standard/strict/locked)\n- [ ] Set up audit trail storage\n\n### Implementation\n- [ ] Add @govern decorator to all tool functions\n- [ ] Add intent classification to user input processing\n- [ ] Implement trust scoring for multi-agent interactions\n- [ ] Wire up audit trail export\n\n### Validation\n- [ ] Test that blocked tools are properly denied\n- [ ] Test that content filters catch sensitive patterns\n- [ ] Test rate limiting behavior\n- [ ] Verify audit trail captures all events\n- [ ] Test policy composition (most-restrictive-wins)\n```\n\n---\n\n## Related Resources\n\n- [Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit) — Full governance framework\n- [AgentMesh Integrations](https://github.com/microsoft/agent-governance-toolkit/tree/main/packages/agentmesh-integrations) — Framework-specific packages\n- [OWASP Top 10 for LLM Applications](https://owasp.org/www-project-top-10-for-large-language-model-applications/)","tags":["agent","governance","awesome","copilot","github"],"capabilities":["skill","source-github","category-awesome-copilot"],"categories":["awesome-copilot"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/github/awesome-copilot/agent-governance","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"install_from":"skills.sh"}},"qualityScore":"0.300","qualityRationale":"deterministic score 0.30 from registry signals: · indexed on skills.sh · published under github/awesome-copilot","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T16:40:17.576Z","embedding":null,"createdAt":"2026-04-18T20:25:43.257Z","updatedAt":"2026-04-22T16:40:17.576Z","lastSeenAt":"2026-04-22T16:40:17.576Z","tsv":"'+777':635 '/microsoft/agent-governance-toolkit)':1994 '/microsoft/agent-governance-toolkit/tree/main/packages/agentmesh-integrations)':2002 '/www-project-top-10-for-large-language-model-applications/)':2015 '0':1103,1106,1193 '0.0':559,1095,1144,1195 '0.001':1157 '0.05':1120 '0.15':1139 '0.4':1235 '0.467':1220 '0.5':1094 '0.525':1210 '0.549':1213 '0.7':616,694,738,1228 '0.8':592,630 '0.9':606,638,665,680 '0.95':654 '1':115,850,890,1122,1128,1141 '1.0':561,1098,1125 '10':1024,2009 '100':204 '1000':967 '2':523,883 '20':1562 '25':495 '3':792,910 '30':1641 '4':939,1060 '4o':1568 '5':1336 '50':418,1718 '6':1525 'access':76,111,627 'account':51 'act':771 'action':854,860,872,961,986,1347,1374,1414,1432,1433,1448,1517,1882 'activ':1167 'ad':13 'add':1928,1935 'admin':625,1057 'agent':1,8,21,28,73,78,89,91,95,121,167,310,439,461,536,1001,1010,1064,1200,1204,1214,1250,1255,1259,1261,1282,1287,1293,1298,1304,1310,1322,1331,1346,1368,1396,1408,1424,1426,1464,1466,1480,1510,1534,1563,1564,1624,1665,1687,1691,1693,1701,1785,1897,1904,1948,1989 'agent-specif':309 'agent.tool':1576,1595 'agent.tools':1671 'agentmesh':1998 'agenttrustregistri':1270 'aggreg':1494 'ai':20,27,1532 'allow':123,151,152,171,232,426,462,962,1011,1229,1236,1376,1541,1633,1702,1836,1885,1912 'allow/deny':67 'allowlist':179,1780,1798 'allowlist/blocklist':853 'alway':1834 'analyz':1636 'api':83,409,479 'append':1340,1391,1862 'append-on':1339,1390,1861 'appli':1642 'applic':2012 'approv':209,218,250,344,436,498,882,1246,1790 'arg':845,916,919,924,929,949 'argument':914 'assist':1575 'async':842,1031,1579,1598,1723 'audit':53,63,102,825,942,952,977,1003,1027,1029,1337,1342,1393,1662,1677,1679,1685,1772,1804,1864,1869,1924,1952,1975 'audit_trail.append':957,982 'auditentri':1365,1404,1421,1444,1470 'audittrail':1389,1663 'autonom':1230 'await':947,1592,1613 'awesom':3 'base':540,1071,1589 'behavior':168,1860,1973 'best':1809 'block':180,189,278,399,405,470,476,867,935,1015,1052,1547,1710,1748,1914,1958 'blocklist':188 'bodi':1605,1617,1618 'bool':739,1327 'bot':1540 'boundari':32,98 'broad':389 'busi':1898 'c':651 'call':38,80,200,346,351,355,415,492,814,887,892,896,906,909,1021,1559,1638,1715 'captur':1977 'card':1557 'case':1770 'catch':1967 'categori':550,710,723,724 'category-awesome-copilot' 'chang':1823 'check':60,220,227,268,275,741,778,788,804,851,884,911,1661,1841,1878 'checklist':1902,1907 'chmod':633 'choos':1918 'class':148,162,548,1085,1269,1364,1388 'classif':58,526,766,1937 'classifi':696,702,751,1842 'close':1875 'code':455,1700 'coding-ag':1699 'collect':811 'combin':301,327,384 'combined.allowed':362,364,370,378 'combined.blocked_patterns.extend':338 'combined.blocked_tools.extend':335 'combined.max':345,350 'combined.require_human_approval.extend':341 'command':86 'complet':1205 'complianc':101,1350,1806,1873 'compliance-crit':1805 'compos':128,314,330,441,1831 'composit':300,1982 'confid':557,725 'configur':453,1815 'content':40,197,269,271,276,293,698,703,718,734,744,753,912,928,1732,1781,1965 'control':33,166,1768,1788 'copilot':4 'counter':815,888,893 'creat':1545,1600,1608 'credit':1555 'crew':1626,1632,1646,1650,1652,1653,1657 'crew.agents':1667 'crew.kickoff':1682 'crewai':1619,1622 'critic':1348,1807 'ctx':1583,1602 'curl':609 'current':1152,1317,1333 'd':612 'danger':528 'data':110,424,515,521,553,576,590,604,614 'data-team':423 'databas':84,404,467,659 'dataclass':134,136,161,544,546,547,1076,1078,1084,1355,1357,1363 'db':429 'debug':1352 'decay':1070,1091,1154,1163,1172,1174,1179,1850,1854 'decay-bas':1069 'declar':164 'decor':797,828,838,997,1930 'def':219,267,313,504,695,731,821,837,843,1032,1114,1133,1151,1181,1271,1278,1300,1318,1399,1405,1440,1462,1482,1580,1599,1648,1724 'default':176,185,194,213,1111,1385 'defaultdict':813,819 'defin':31,118,1909 'del':646 'deleg':92,1256,1267 'delet':403,474,487,1868 'deni':153,154,1242,1377,1441,1447,1461,1833,1880,1962 'deploy':100,1825 'destruct':653,664 'detail':1382,1419,1438,1439 'detect':66,527,567,573,937 'dev/testing':1777 'dict':816,1275,1383,1387 'differ':782 'doc':1544,1582 'document':465,1038 'drop':485,657 'durat':963 'dynam':1801 'e':975,990,1454,1456,1472,1474 'e.action':1460 'e.agent':1478 'e.g':304,552 'elaps':1168,1176 'elif':1233 'els':377,1194,1241 'email':469,500 'enabl':1822,1872 'enforc':18,830,1892 'ensur':26 'entir':584 'entri':1503,1870 'entry.action':1518 'entry.agent':1512 'entry.details':1522 'entry.policy':1520 'entry.timestamp':1509 'entry.tool':1515 'enum':139,141,150 'erod':1165 'error':987,988,1217,1378,1879 'escal':556,618,629,637 'event':1398,1979 'everi':583 'evid':562,727 'exceed':904 'except':972,973 'exec':402,473,1713 'execut':62,770,940,1658,1846 'exfiltr':554,577,591,605,615 'explicit':1245 'export':595,1483,1488,1954 'extern':81,600 'f':514,518,864,876,901,934,1043,1501,1756 'f.read':1758 'f.write':1506 'factori':177,186,195,214,1112,1386 'fail':1874 'failur':1104,1135,1219 'field':137,175,184,193,212,1079,1110,1358,1384 'file':431,1705,1707,1726,1731 'filter':198,1782,1966 'financi':108,1794 'flag':157 'flight':776,1839 'float':558,737,1093,1109,1119,1138,1156,1158,1184,1326,1367 'format':649 'framework':1002,1526,1997,2004 'framework-specif':2003 'full':1803,1995 'fulli':1099 'func':839,841,948 'func.__name__':849 'function':801,836,1694,1719,1934 'functool':807 'functools.wraps':840 'fundament':781 'gate':1221 'general':1783 'generat':790 'get':1159,1279,1445 'github':7 'github.com':1993,2001 'github.com/microsoft/agent-governance-toolkit)':1992 'github.com/microsoft/agent-governance-toolkit/tree/main/packages/agentmesh-integrations)':2000 'given':748 'good':1859 'govern':2,9,24,116,796,803,822,831,1025,1039,1397,1577,1590,1596,1611,1643,1649,1660,1675,1721,1733,1750,1759,1762,1877,1891,1905,1910,1919,1929,1990,1996 'governance-policy.yaml':457 'governancepolici':163,317,318,328,394,421,509,520,824,1006,1536,1628,1655,1697 'gpt':1567 'gpt-4o':1566 'guardrail':785 'happen':767 'hardcod':1821 'healthcar':1795 'human':159,208,249,343,435,497,881,1238,1789 'id':1283,1288,1294,1299,1323,1332,1369,1409,1425,1427,1467,1479,1481,1511,1513 'ignor':670 'immut':1871 'implement':1906,1927,1942 'import':135,140,144,146,502,545,806,808,812,1077,1080,1082,1356,1359,1361,1533,1623,1692,1734 'independ':1895 'individu':799 'infrastructur':112 'init':1272,1400 'inject':667,679,693 'input':1940 'insight':764 'instruct':676 'int':203,818,820,1102,1105 'integr':1527,1999 'intent':57,525,529,697,752,765,1840,1843,1936 'intentsign':549,701,722 'interact':1949 'intern':1776 'isinst':923 'json':1360,1490 'json.dumps':1507 'jsonl':1484 'kb.search':1593 'key':410,480,763,1311 'knowledg':1588 'kwarg':846,950 'kwargs.values':921 'lambda':1312 'last':1107 'latest':1049 'layer':386 'legal':1796 'level':795,1647,1760,1766,1767,1920 'limit':206,886,903,1917,1972 'line':1491 'list':173,178,182,187,191,196,210,215,380,700,918,920,1305,1403,1443,1469 'llm':2011 'load':505,517 'lock':1797 'log':64,1004,1030,1343,1406,1493 'logic':1890,1899 'maintain':50,1262 'make':1215 'manag':113 'markdown':1903 'match':281,715,720,926,931,938,1761 'match.group':728 'math':1081 'math.exp':1173 'max':199,414,491,1020,1143,1309,1558,1637,1714 'meet':1319 'merg':319 'min':349,1124 'modif':640 'modifi':1866 'most-restrictive-win':322,1826,1983 'ms':964 'much':45 'multi':88,1199,1249,1947 'multi-ag':87,1198,1248,1946 'multipl':302 'n':1523 'name':169,224,238,246,258,329,395,422,458,848,858,870,879,960,985,1007,1372,1380,1412,1417,1429,1431,1435,1437,1516,1521,1537,1629,1698 'need':96,217 'never':1865 'none':284,298,827,956,981 'object':131 'ongo':1858 'op':1793 'open':511,1497,1752,1771 'open/standard/strict/locked':1921 'openai':1565,1686 'oper':29,107,1223,1231 'option':145,273 'org':306,392,397,443 'org-wid':305,396 'origin':1672,1680 'os':1735 'os.path.realpath':1738,1743 'output':784 'outsid':601 'overrid':1835 'oversight':1239 'overview':23 'owasp':2007 'owasp.org':2014 'owasp.org/www-project-top-10-for-large-language-model-applications/)':2013 'packag':2006 'parti':603 'pass':1047,1232,1240,1247 'password':412,482,1019,1058 'path':507,512,1486,1498,1727,1737,1739,1746,1754 'pattern':10,11,25,114,190,279,282,286,289,292,296,340,406,477,522,539,570,709,717,791,936,1016,1059,1335,1524,1548,1915,1969 'pattern-bas':538 'penalti':1137,1146 'per':201,347,352,356,416,493,897,907,1022,1560,1639,1716 'permissionerror':863,875,900,933 'polici':17,59,117,130,165,235,299,303,315,316,320,332,334,387,393,420,440,442,444,446,447,451,506,823,832,865,1005,1026,1041,1379,1416,1434,1436,1519,1535,1578,1597,1627,1654,1676,1696,1722,1813,1817,1832,1888,1911,1981 'policy.allowed':359,375,381 'policy.blocked':336,339 'policy.check':855,927 'policy.max':354,895,905 'policy.name':866,889,894 'policy.require':342 'policyact':149,226 'policyaction.allow':266 'policyaction.deny':243,264,861 'policyaction.review':252,873 'practic':1810,1811 'pre':775,1838 'pre-flight':774,1837 'previous':672 'privileg':555,617,628,636 'process':43,1941 'product':99,460,1784 'production-ag':459 'prompt':531,666,678,692,1570 'proper':1961 'properti':1180 'pydant':1531 'pydanticai':1528 'python':132,312,501,542,805,1074,1268,1353,1529,1620,1689 'quarter':1050 'queri':428,466,1034,1046,1584,1594 'quick':740,1900 'r':407,578,593,607,619,631,641,655,668,681,1017,1549 'rais':862,874,899,932,993,1744 'rate':205,885,902,1155,1175,1916,1971 'rather':1883 'rational':1812 're':147 're.ignorecase':294 're.search':291,716 'reach':534 'read':430,1704,1725,1730 'record':475,1115,1134 'relat':1987 'reliabl':1065,1182 'report':433,438,1051 'request':56,202,348,353,357,417,494,898,908,1023,1561,1640,1717 'requir':105,207,434,496,880,1244,1857 'research':1631 'research-crew':1630 'resourc':1988 'restrict':324,1775,1828,1985 'result':946,971,1044,1681,1684 'return':242,251,263,265,280,295,297,383,519,729,754,970,994,996,1042,1177,1188,1296,1308,1328,1453,1471,1591,1612,1683,1757 'review':155,156,160,1452 'reward':1118,1127 'rf':645 'risk':1765 'rm':643 'root':624 'rule':677 'run':1651,1708 's.confidence':757 'safe':733,745,1736,1753 'safe_path.startswith':1742 'safeti':14,104,777 'score':1062,1073,1088,1092,1160,1264,1852,1944 'sdk':1688 'search':464,1009,1013,1033,1037,1048,1053,1543,1581,1587,1635 'search-ag':1008 'secret':411,481 'secur':1451,1554 'self':222,270,1117,1136,1153,1183,1273,1281,1303,1321,1401,1407,1442,1465,1485 'self._entries':1402,1458,1476,1505 'self._entries.append':1420 'self.allowed':254,261 'self.blocked':240,288 'self.failures':1140,1187 'self.get':1314,1329 'self.last':1130,1148,1170 'self.require':248 'self.score':1123,1126,1129,1142,1145,1147,1178 'self.scores':1274,1291,1292,1297 'self.successes':1121,1186,1189 'semant':326,524 'send':468,499,580 'sensit':106,1222,1792,1968 'separ':1887 'serializ':129 'set':1922 'setup':1908 'shell':85,401,472,1712 'show':1054 'signal':541,569,575,706,707,714,730,750,762 'signals.append':721 'skill':5 'social':1552 'source-github' 'specif':311,391,2005 'sq':648 'ssn':1551 'standard':1778 'start':943,966,1901 'storag':1926 'store':450,1816 'str':170,174,183,192,211,225,272,274,508,551,563,699,735,817,925,989,1035,1036,1276,1284,1306,1307,1324,1370,1373,1375,1381,1410,1413,1415,1418,1468,1487,1585,1586,1604,1606,1607,1728,1729 'strict':1763,1786 'success':1101,1116,1207,1209,1212 'sudo':621 'summar':1014 'support':1539,1574,1609 'support-bot':1538 'system':22,90,639,652,663,1201,1253,1495,1569,1808 'tabl':662 'task':1206,1625 'team':308,419,425,445 'tempor':1090,1162 'test':1709,1956,1963,1970,1980 'third':602 'threat':65,572,574,705,713 'threshold':736,749,758,1320,1325,1334 'ticket':1546,1601,1610 'tickets.create':1614 'time':809,1067,1083,1362,1856 'time.monotonic':944,965 'time.time':969,992,1113,1132,1150,1169,1423 'timestamp':968,991,1366,1422,1508 'titl':1603,1615,1616 'tool':35,61,75,82,172,181,216,221,223,230,237,241,245,255,257,262,337,360,363,365,371,376,379,382,400,427,463,471,769,794,800,835,847,852,856,857,868,869,877,878,958,959,983,984,1012,1371,1411,1428,1430,1514,1542,1634,1669,1695,1703,1711,1720,1779,1802,1845,1913,1933,1959 'tool-level':793 'tool.func':1673,1674 'toolkit':1991 'top':2008 'total':1185,1190,1192 'track':1063 'trail':54,826,953,978,1028,1338,1394,1678,1925,1953,1976 'transact':109 'travers':1747 'tri':945 'trigger':565 'truncat':486,660 'trust':15,68,97,1061,1072,1087,1100,1164,1202,1225,1251,1263,1280,1302,1315,1330,1849,1851,1943 'trust.current':1227,1234 'trust.record':1208,1211,1218 'trustscor':1086,1203,1277,1285,1295 'type':143 'untrust':1096 'updat':69,1108,1131,1149,1171 'usag':385,998,1196 'use':72,537,1449,1769 'user':55,1939 'valid':1955 'valueerror':1745 'verifi':1974 'w':490,586,1499 'weight':568,711,726 'wide':307,398 'win':325,1829,1986 'wire':1950 'within':30 'without':1166,1824 'wrap':798,1656 'wrapper':844,995 'write':432,437,1706 'yaml':449,456,503 'yaml.safe':516 'yaml/json':1819","prices":[{"id":"8580c54f-b3af-4bc5-a8ff-5605c6f4c70c","listingId":"9736a031-f536-4f2e-a112-6c855dbc5d63","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"github","category":"awesome-copilot","install_from":"skills.sh"},"createdAt":"2026-04-18T20:25:43.257Z"}],"sources":[{"listingId":"9736a031-f536-4f2e-a112-6c855dbc5d63","source":"github","sourceId":"github/awesome-copilot/agent-governance","sourceUrl":"https://github.com/github/awesome-copilot/tree/main/skills/agent-governance","isPrimary":false,"firstSeenAt":"2026-04-18T21:48:06.177Z","lastSeenAt":"2026-04-22T12:52:04.554Z"},{"listingId":"9736a031-f536-4f2e-a112-6c855dbc5d63","source":"skills_sh","sourceId":"github/awesome-copilot/agent-governance","sourceUrl":"https://skills.sh/github/awesome-copilot/agent-governance","isPrimary":true,"firstSeenAt":"2026-04-18T20:25:43.257Z","lastSeenAt":"2026-04-22T16:40:17.576Z"}],"details":{"listingId":"9736a031-f536-4f2e-a112-6c855dbc5d63","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"github","slug":"agent-governance","source":"skills_sh","category":"awesome-copilot","skills_sh_url":"https://skills.sh/github/awesome-copilot/agent-governance"},"updatedAt":"2026-04-22T16:40:17.576Z"}}