From 26d1395a0667c81ad5182f6b4e512a282cfe1065 Mon Sep 17 00:00:00 2001 From: Imran Siddique Date: Sun, 26 Apr 2026 14:13:30 -0700 Subject: [PATCH 1/4] feat: propose Agent Governance Toolkit for Sandbox stage Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- README.md | 1 + .../agent_governance_toolkit_sandbox_stage.md | 117 ++++++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md diff --git a/README.md b/README.md index d3b07a7f..3835ae0e 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,7 @@ The following Technical Initiatives have been approved by the TAC. You may learn | Name | Repository | Website | Sponsoring Org | Status | | ---------------------- | ---------------------------------------- | ----------------------------------------------------------------------------------------------------- | -------------- |---------- | +| Agent Governance Toolkit | [GitHub](https://github.com/microsoft/agent-governance-toolkit) | https://github.com/microsoft/agent-governance-toolkit | AI/ML Security WG | [Sandbox](process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md) | | Best Practices Badge | [GitHub](https://github.com/coreinfrastructure/best-practices-badge) | https://www.bestpractices.dev/ | Best Practices WG | TBD | | Bomctl | [GitHub](https://github.com/bomctl/bomctl) | | Security Tooling WG | [Sandbox](process/project-lifecycle-documents/bomctl_sandbox_stage.md) | | Criticality Score | [GitHub](https://github.com/ossf/criticality_score) | | Vulnerability Disclosures WG | TBD | diff --git a/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md b/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md new file mode 100644 index 00000000..c8407cd4 --- /dev/null +++ b/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md @@ -0,0 +1,117 @@ +## Application for creating a new project at Sandbox stage + +### List of project maintainers +The project must have a minimum of three maintainers with a minimum of two different organizational affiliations. + * Imran Siddique, Microsoft, @imran-siddique (466 commits, project creator and lead) + * Jack Batzner, Microsoft, @jackbatzner (31 commits, trusted contributor) + * @lawcontinue, Independent, (9 commits, external contributor) + * @kanish5, Independent, (8 commits, external contributor) + * @tomjwxf, Independent, (8 commits, external contributor) + +Note: While the project originated at Microsoft, it has 20+ contributors from multiple organizations. We are actively working to formalize community maintainer roles to further diversify organizational affiliation as part of OpenSSF onboarding. + +### Sponsor +Most projects will report to an existing OpenSSF Working Group, although in some cases a project may report directly to the TAC. The project commits to providing quarterly updates on progress to the group they report to. + * AI/ML Security WG + +The Agent Governance Toolkit directly addresses the security challenges of AI agent systems, which aligns with the AI/ML Security Working Group's mission. The toolkit provides runtime governance, policy enforcement, and security tooling specifically designed for agentic AI workloads. + +As a secondary fit, the project also aligns with: + * Supply Chain Integrity WG: The toolkit includes SBOM generation, Sigstore signing, build provenance attestation, and supply chain verification for AI agent deployments. + * Security Tooling WG: The toolkit provides reusable security tools (pre-commit hooks, GitHub Actions, CI workflows) that can benefit the broader open source security ecosystem. + +### Mission of the project +The project must be aligned with the OpenSSF mission and either be a novel approach for existing areas, address an unfulfilled need, or be initial code needed for OpenSSF WG work. It is preferred that extensions of existing OpenSSF projects collaborate with the existing project rather than seek a new project. + +The Agent Governance Toolkit addresses an unfulfilled need in the open source security ecosystem: **runtime governance and security enforcement for autonomous AI agents**. + +AI agent frameworks (Microsoft Agent Framework, LangChain, CrewAI, Google ADK, OpenAI Agents SDK) enable agents to call tools, spawn sub-agents, and take real-world actions. However, the existing open source security tooling ecosystem lacks comprehensive runtime security models for these workloads: + +- **No policy enforcement**: Agents can call any tool with any arguments without authorization checks +- **No identity verification**: Agents cannot prove who they are to each other or to the services they consume +- **No execution isolation**: A compromised agent can access resources beyond its intended scope +- **No reliability engineering**: No SLOs, error budgets, or chaos testing specifically designed for agent workloads + +The OWASP Agentic Security Initiative (ASI) Top 10 codifies these risks. The Agent Governance Toolkit addresses 10 of 10 ASI risks with working, tested implementations. + +**Why this is novel and not an extension of existing OpenSSF projects:** + +The Agent Governance Toolkit operates at a different layer than existing OpenSSF projects: +- **SAFE-Framework** (OpenSSF Sandbox): Catalogs agentic failure modes and provides mitigation guidance. AGT provides the runtime enforcement engine that implements those mitigations. The projects are complementary, not competing. +- **Model Signing** (OpenSSF Sandbox): Focuses on ML model integrity verification. AGT uses model provenance as one input to its trust scoring system but focuses on runtime agent behavior governance. +- **Sigstore** (OpenSSF Graduated): AGT uses Sigstore for release signing and build provenance. AGT extends supply chain integrity into the agent runtime, tracking not just code provenance but agent identity and behavioral provenance. +- **SLSA**: AGT generates SLSA build provenance attestations for its own releases and provides tooling to help AI agent deployments achieve SLSA compliance. +- **Scorecard**: AGT has integrated Scorecard into its CI/CD pipeline and scores actively. The governance toolkit extends the "shift-left security" philosophy from code repositories to AI agent runtime. + +We are committed to collaborating with existing OpenSSF projects rather than duplicating their work. For example, AGT already integrates Sigstore for signing, uses the OpenSSF Best Practices badge criteria as a quality baseline, and runs Scorecard assessments. + +**Key capabilities:** + +| Package | Description | Tests | +|---------|------------|-------| +| Agent OS Kernel | Core governance kernel: policy engine, capability model, audit logging, syscall interception, MCP gateway | 2,500+ | +| AgentMesh | Inter-agent trust: Ed25519 DID identity, SPIFFE/SVID credentials, trust scoring (0-1000), A2A/MCP/IATP protocol bridges | 1,600+ | +| Agent Runtime | Execution isolation: 4-tier privilege rings (Ring 0-3), saga orchestration, kill switch, Shapley-value fault attribution | 326 | +| Agent SRE | Reliability engineering: SLO engine, error budgets, chaos testing, progressive delivery, anomaly detection | 1,071+ | +| Agent Compliance | Compliance framework: OWASP ASI mapping, regulatory frameworks (EU AI Act, ISO 42001, Singapore MGF, CSA ATF) | 200+ | + +Total: 9,500+ automated tests across all packages. Multi-language SDKs: Python, TypeScript, .NET, Rust, Go. + +**OWASP Agentic Security Initiative Top 10 Coverage:** + +| Risk | ID | Coverage | Component | +|------|----|----------|-----------| +| Agent Hijacking | ASI-01 | Covered | Policy Engine: blocked patterns, content safety | +| Tool Misuse | ASI-02 | Covered | Capability Sandbox: tool allow/deny, rate limits | +| Insecure Identity | ASI-03 | Covered | AgentMesh: DID identity, IATP, SPIFFE certs | +| Supply Chain | ASI-04 | Covered | SBOM generation, Sigstore signing, build provenance | +| Insecure Output | ASI-05 | Covered | Runtime: execution rings, output validation | +| Memory Poisoning | ASI-06 | Covered | VFS + CMVK (content-addressable memory) | +| Insufficient Monitoring | ASI-07 | Covered | Agent SRE: SLOs, OTel export, anomaly detection | +| Error Handling | ASI-08 | Covered | Circuit breakers, saga compensation, error budgets | +| HITL Bypass | ASI-09 | Covered | Approval workflows, human-in-the-loop gates | +| Uncontrolled Autonomy | ASI-10 | Covered | Kill switch, resource limits, goal drift detection | + +### Alignment with the OpenSSF MVSSR +The mission of the Project must be aligned with the Mission, Vision, Values, Strategy, and Roadmap (MVVSR) of the OpenSSF. Please indicate to which of the three strategies and four pillars of the OpenSSF the Project contributes to. + +Strategies: + +**i) Catalyst for Change**: The Agent Governance Toolkit introduces a new paradigm: treating AI agent security as a first-class concern at the same level as traditional software security. Just as OpenSSF championed SBOM, supply chain integrity, and scorecard for traditional software, AGT brings these same principles to the emerging AI agent ecosystem. The toolkit demonstrates that governance can be deterministic, enforceable, and external to the agent, establishing new best practices for an entirely new class of software. + +**ii) Educate and Empower the Modern Developer**: The toolkit includes 45+ tutorials covering every aspect of agent governance, from basic policy writing to advanced multi-agent trust networks. It provides pre-commit hooks, GitHub Actions, and CI workflow templates that developers can adopt incrementally. The shift-left governance approach (catch violations at commit time, not runtime) directly empowers developers to build secure agents from the start. + +**iii) Ecosystem Leader**: The toolkit integrates with 12+ agent frameworks (Microsoft, Google, OpenAI, Anthropic, open-source) and has active proposals with 4 standards bodies (OWASP ASI, CoSAI/OASIS, LF AI and Data, CSA ATF). It provides a vendor-neutral governance layer that works across the entire agentic AI ecosystem, positioning OpenSSF as the home for AI agent security standards. + +Pillars: + +**i) Programs and Projects**: AGT is a production-grade open source project with 9,500+ tests, CI/CD automation, and multi-language SDKs. It provides reusable security tooling (GitHub Actions, pre-commit hooks, policy templates) that can benefit other OpenSSF projects and the broader community. + +**ii) Education**: 45+ tutorials, comprehensive documentation, quickstart guides, and example integrations. The toolkit's tutorial structure follows a learning path from basic concepts to advanced production deployment patterns. + +**iv) Community and Events**: Active community engagement with 20+ contributors, GitHub Discussions, and integration proposals across the agent framework ecosystem. The project has been presented at standards body meetings and has active community contributions from multiple organizations. + +### IP policy and licensing due diligence +When contributing an existing Project to the OpenSSF, the contribution must undergo license and IP due diligence by the Linux Foundation (LF). + * Yes, IP and license due diligence will be required. The project is licensed under MIT and all dependencies use permissive licenses (MIT, Apache 2.0, BSD). A TAC issue for tracking the LF IP review will be created upon acceptance. The project was approved for open source release by Microsoft's CELA (Corporate, External, and Legal Affairs) team. + +### Project References +The project should provide a list of existing resources with links to the repository, and if available, website, a roadmap, contributing guide, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the project. + +| Reference | URL | +|---------------------|-----| +| Repo | https://github.com/microsoft/agent-governance-toolkit | +| Website | https://github.com/microsoft/agent-governance-toolkit (MkDocs documentation site) | +| Contributing guide | https://github.com/microsoft/agent-governance-toolkit/blob/main/CONTRIBUTING.md | +| Security.md | https://github.com/microsoft/agent-governance-toolkit/blob/main/SECURITY.md | +| Roadmap | https://github.com/microsoft/agent-governance-toolkit/blob/main/docs/ROADMAP.md | +| Demos | https://github.com/microsoft/agent-governance-toolkit/tree/main/demo | +| Tutorials | https://github.com/microsoft/agent-governance-toolkit/tree/main/docs/tutorials (45+ tutorials) | +| OpenSSF Badge | https://www.bestpractices.dev/projects/12085 (99% passing) | +| PyPI Packages | https://pypi.org/project/agent-os-kernel/, https://pypi.org/project/agentmesh-platform/, https://pypi.org/project/agent-sre/, https://pypi.org/project/agent-runtime/, https://pypi.org/project/ai-agent-compliance/ | +| npm Package | https://www.npmjs.com/package/agentos-mcp-server | +| OWASP Compliance | https://github.com/microsoft/agent-governance-toolkit/blob/main/docs/OWASP-COMPLIANCE.md | +| Architecture | https://github.com/microsoft/agent-governance-toolkit/blob/main/docs/ARCHITECTURE.md | +| Threat Model | https://github.com/microsoft/agent-governance-toolkit/blob/main/docs/THREAT_MODEL.md | +| CHANGELOG | https://github.com/microsoft/agent-governance-toolkit/blob/main/CHANGELOG.md | +| Examples | https://github.com/microsoft/agent-governance-toolkit/tree/main/examples | From e0465c84862cb7d40c0a16055d03ce38f8ad094b Mon Sep 17 00:00:00 2001 From: Imran Siddique Date: Fri, 1 May 2026 08:39:50 -0700 Subject: [PATCH 2/4] docs: address TAC reviewer feedback on proposal - Fix maintainer list: only list actual maintainers (Imran, Jack, Elton), all Microsoft. Transparently flag multi-org affiliation as not yet met. - Remove 'production-grade' claim (project is 2 months old) - Remove standalone '9500+ tests' boilerplate (per-package table retained) - Add Project History section with provenance details - Add SLSA/Sigstore attestation links to Project References - Add AI-Assisted Development Disclosure section Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../agent_governance_toolkit_sandbox_stage.md | 25 +++++++++++++------ 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md b/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md index c8407cd4..f8a5d2b2 100644 --- a/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md +++ b/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md @@ -2,13 +2,11 @@ ### List of project maintainers The project must have a minimum of three maintainers with a minimum of two different organizational affiliations. - * Imran Siddique, Microsoft, @imran-siddique (466 commits, project creator and lead) - * Jack Batzner, Microsoft, @jackbatzner (31 commits, trusted contributor) - * @lawcontinue, Independent, (9 commits, external contributor) - * @kanish5, Independent, (8 commits, external contributor) - * @tomjwxf, Independent, (8 commits, external contributor) + * Imran Siddique, Microsoft, @imran-siddique (project creator and lead maintainer) + * Jack Batzner, Microsoft, @jackbatzner (maintainer, CI/CD and documentation infrastructure) + * Elton Carr, Microsoft, @eltoncarr-ms (maintainer, CI workflows and security tooling) -Note: While the project originated at Microsoft, it has 20+ contributors from multiple organizations. We are actively working to formalize community maintainer roles to further diversify organizational affiliation as part of OpenSSF onboarding. +**Not yet met**: All three current maintainers are Microsoft employees. The project has 20+ contributors from multiple organizations, and we are working to grow community maintainers with commit access from outside Microsoft. We are being transparent about this gap rather than listing contributors as maintainers when they do not yet have that role. ### Sponsor Most projects will report to an existing OpenSSF Working Group, although in some cases a project may report directly to the TAC. The project commits to providing quarterly updates on progress to the group they report to. @@ -20,6 +18,10 @@ As a secondary fit, the project also aligns with: * Supply Chain Integrity WG: The toolkit includes SBOM generation, Sigstore signing, build provenance attestation, and supply chain verification for AI agent deployments. * Security Tooling WG: The toolkit provides reusable security tools (pre-commit hooks, GitHub Actions, CI workflows) that can benefit the broader open source security ecosystem. +### Project History + +The Agent Governance Toolkit was created as a public open source project from day one. The first commit was pushed to github.com/microsoft/agent-governance-toolkit on March 2, 2026, under the MIT license. There was no prior internal or private repository. The project was conceived as open source and approved for public development by Microsoft CELA (Corporate, External, and Legal Affairs) before the first line of code was written. + ### Mission of the project The project must be aligned with the OpenSSF mission and either be a novel approach for existing areas, address an unfulfilled need, or be initial code needed for OpenSSF WG work. It is preferred that extensions of existing OpenSSF projects collaborate with the existing project rather than seek a new project. @@ -55,7 +57,7 @@ We are committed to collaborating with existing OpenSSF projects rather than dup | Agent SRE | Reliability engineering: SLO engine, error budgets, chaos testing, progressive delivery, anomaly detection | 1,071+ | | Agent Compliance | Compliance framework: OWASP ASI mapping, regulatory frameworks (EU AI Act, ISO 42001, Singapore MGF, CSA ATF) | 200+ | -Total: 9,500+ automated tests across all packages. Multi-language SDKs: Python, TypeScript, .NET, Rust, Go. +Multi-language SDKs: Python, TypeScript, .NET, Rust, Go. **OWASP Agentic Security Initiative Top 10 Coverage:** @@ -85,7 +87,7 @@ Strategies: Pillars: -**i) Programs and Projects**: AGT is a production-grade open source project with 9,500+ tests, CI/CD automation, and multi-language SDKs. It provides reusable security tooling (GitHub Actions, pre-commit hooks, policy templates) that can benefit other OpenSSF projects and the broader community. +**i) Programs and Projects**: AGT is an actively developed open source project with CI/CD automation and multi-language SDKs. It provides reusable security tooling (GitHub Actions, pre-commit hooks, policy templates) that can benefit other OpenSSF projects and the broader community. **ii) Education**: 45+ tutorials, comprehensive documentation, quickstart guides, and example integrations. The toolkit's tutorial structure follows a learning path from basic concepts to advanced production deployment patterns. @@ -115,3 +117,10 @@ The project should provide a list of existing resources with links to the reposi | Threat Model | https://github.com/microsoft/agent-governance-toolkit/blob/main/docs/THREAT_MODEL.md | | CHANGELOG | https://github.com/microsoft/agent-governance-toolkit/blob/main/CHANGELOG.md | | Examples | https://github.com/microsoft/agent-governance-toolkit/tree/main/examples | +| Build Attestations | GitHub Attestations tab on each release (via [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) v4) | +| Python Signatures | [Sigstore](https://github.com/sigstore/gh-action-sigstore-python) v3, `.sigstore` bundles published alongside PyPI packages | +| Container Provenance | GitHub Attestations on container images (via publish-containers workflow) | + +### AI-Assisted Development Disclosure + +This project uses AI-assisted development tools (GitHub Copilot, Claude) for code generation, documentation, and test writing. All AI-generated code is reviewed by human maintainers before merge. The project's [CONTRIBUTING.md](https://github.com/microsoft/agent-governance-toolkit/blob/main/CONTRIBUTING.md) includes an AI contribution policy requiring disclosure of AI tool usage in pull requests, and the PR template includes attestation checkboxes for AI assistance. From 9ee781e7ffca783cddf6e3b56c9ca492616874c6 Mon Sep 17 00:00:00 2001 From: Imran Siddique Date: Fri, 1 May 2026 08:43:19 -0700 Subject: [PATCH 3/4] docs: fix project history with accurate timeline Development started Jan 2026 as separate repos under personal account, consolidated into microsoft org on Mar 2, 2026. All public from day one. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../agent_governance_toolkit_sandbox_stage.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md b/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md index f8a5d2b2..58c44195 100644 --- a/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md +++ b/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md @@ -20,7 +20,17 @@ As a secondary fit, the project also aligns with: ### Project History -The Agent Governance Toolkit was created as a public open source project from day one. The first commit was pushed to github.com/microsoft/agent-governance-toolkit on March 2, 2026, under the MIT license. There was no prior internal or private repository. The project was conceived as open source and approved for public development by Microsoft CELA (Corporate, External, and Legal Affairs) before the first line of code was written. +Development began in late January 2026 as a series of standalone open source repositories under the lead maintainer's personal GitHub account (@imran-siddique): + +- **Jan 26, 2026**: `agent-os` created (core policy engine and kernel) +- **Feb 1, 2026**: `agent-mesh` and `agentmesh-api` created (inter-agent trust and identity) +- **Feb 13, 2026**: `agent-sre` created (reliability engineering) +- **Feb 15, 2026**: `agentmesh-integrations` created (framework adapters) +- **Feb 20, 2026**: `agent-hypervisor` created (monitoring dashboard) +- **Feb 21, 2026**: `agent-governance` created (consolidated governance package) +- **Mar 2, 2026**: All components consolidated into `microsoft/agent-governance-toolkit` as a monorepo under the MIT license, approved by Microsoft CELA + +All predecessor repositories are now marked as deprecated with pointers to the microsoft org repo. There was no private or internal-only repository at any point; all development happened in public GitHub repos from the start. ### Mission of the project The project must be aligned with the OpenSSF mission and either be a novel approach for existing areas, address an unfulfilled need, or be initial code needed for OpenSSF WG work. It is preferred that extensions of existing OpenSSF projects collaborate with the existing project rather than seek a new project. From 96989c06aad14a192960f32396db15f8478ed5cc Mon Sep 17 00:00:00 2001 From: Imran Siddique Date: Wed, 6 May 2026 16:16:22 -0700 Subject: [PATCH 4/4] docs: update sandbox proposal with current stats and governance artifacts - Update maintainers: 6 from 4 orgs (was 3 from Microsoft only) - Update packages: 42 PyPI (214K+ monthly), 9 npm, 3 NuGet, 2 crates - Update OpenSSF badge: 100% passing (was 99%) - Add governance docs: CHARTER.md, RELEASE.md, MAINTAINERS.md, DCO - Add stats: 1,433 stars, 273 forks, 76 contributors - Add traffic: 52,949 clones, 23,129 views (14-day) - Add CI detail: 33 workflows including ClusterFuzzLite Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../agent_governance_toolkit_sandbox_stage.md | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md b/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md index 58c44195..05d939d2 100644 --- a/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md +++ b/process/project-lifecycle-documents/agent_governance_toolkit_sandbox_stage.md @@ -5,8 +5,11 @@ The project must have a minimum of three maintainers with a minimum of two diffe * Imran Siddique, Microsoft, @imran-siddique (project creator and lead maintainer) * Jack Batzner, Microsoft, @jackbatzner (maintainer, CI/CD and documentation infrastructure) * Elton Carr, Microsoft, @eltoncarr-ms (maintainer, CI workflows and security tooling) + * Kevin Knapp, Aileron, @Knapp-Kevin (maintainer, governance and compliance) + * Andrew Rubinger, MythologIQ, @ALRubinger (maintainer, architecture and integrations) + * Miya Nisshar, Dayos, @miyanisshar (maintainer, SDK and developer experience) -**Not yet met**: All three current maintainers are Microsoft employees. The project has 20+ contributors from multiple organizations, and we are working to grow community maintainers with commit access from outside Microsoft. We are being transparent about this gap rather than listing contributors as maintainers when they do not yet have that role. +6 maintainers from 4 organizations (Microsoft, Aileron, MythologIQ, Dayos). See [MAINTAINERS.md](https://github.com/microsoft/agent-governance-toolkit/blob/main/MAINTAINERS.md) for full details. ### Sponsor Most projects will report to an existing OpenSSF Working Group, although in some cases a project may report directly to the TAC. The project commits to providing quarterly updates on progress to the group they report to. @@ -101,7 +104,7 @@ Pillars: **ii) Education**: 45+ tutorials, comprehensive documentation, quickstart guides, and example integrations. The toolkit's tutorial structure follows a learning path from basic concepts to advanced production deployment patterns. -**iv) Community and Events**: Active community engagement with 20+ contributors, GitHub Discussions, and integration proposals across the agent framework ecosystem. The project has been presented at standards body meetings and has active community contributions from multiple organizations. +**iv) Community and Events**: Active community engagement with 76 contributors from multiple organizations, GitHub Discussions, and integration proposals across the agent framework ecosystem. The project has been presented at standards body meetings and has active community contributions from multiple organizations. ### IP policy and licensing due diligence When contributing an existing Project to the OpenSSF, the contribution must undergo license and IP due diligence by the Linux Foundation (LF). @@ -119,9 +122,11 @@ The project should provide a list of existing resources with links to the reposi | Roadmap | https://github.com/microsoft/agent-governance-toolkit/blob/main/docs/ROADMAP.md | | Demos | https://github.com/microsoft/agent-governance-toolkit/tree/main/demo | | Tutorials | https://github.com/microsoft/agent-governance-toolkit/tree/main/docs/tutorials (45+ tutorials) | -| OpenSSF Badge | https://www.bestpractices.dev/projects/12085 (99% passing) | -| PyPI Packages | https://pypi.org/project/agent-os-kernel/, https://pypi.org/project/agentmesh-platform/, https://pypi.org/project/agent-sre/, https://pypi.org/project/agent-runtime/, https://pypi.org/project/ai-agent-compliance/ | -| npm Package | https://www.npmjs.com/package/agentos-mcp-server | +| OpenSSF Badge | https://www.bestpractices.dev/projects/12085 (100% passing) | +| PyPI Packages | 42 packages, 214,000+ monthly downloads. Top packages: https://pypi.org/project/agent-os-kernel/, https://pypi.org/project/agentmesh-platform/, https://pypi.org/project/agent-governance-toolkit/ | +| npm Packages | 9 packages under @microsoft scope | +| NuGet Packages | 3 packages: Microsoft.AgentGovernance + 2 extensions (2,972 total downloads) | +| Rust Crates | 2 crates: agentmesh (1,031 downloads) + agent-governance | | OWASP Compliance | https://github.com/microsoft/agent-governance-toolkit/blob/main/docs/OWASP-COMPLIANCE.md | | Architecture | https://github.com/microsoft/agent-governance-toolkit/blob/main/docs/ARCHITECTURE.md | | Threat Model | https://github.com/microsoft/agent-governance-toolkit/blob/main/docs/THREAT_MODEL.md | @@ -130,6 +135,11 @@ The project should provide a list of existing resources with links to the reposi | Build Attestations | GitHub Attestations tab on each release (via [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) v4) | | Python Signatures | [Sigstore](https://github.com/sigstore/gh-action-sigstore-python) v3, `.sigstore` bundles published alongside PyPI packages | | Container Provenance | GitHub Attestations on container images (via publish-containers workflow) | +| Governance Docs | [GOVERNANCE.md](https://github.com/microsoft/agent-governance-toolkit/blob/main/GOVERNANCE.md), [CHARTER.md](https://github.com/microsoft/agent-governance-toolkit/blob/main/CHARTER.md), [MAINTAINERS.md](https://github.com/microsoft/agent-governance-toolkit/blob/main/MAINTAINERS.md), [RELEASE.md](https://github.com/microsoft/agent-governance-toolkit/blob/main/RELEASE.md) | +| DCO Enforcement | CI check on all PRs for Developer Certificate of Origin sign-off | +| CI Workflows | 33 workflows: CI, CodeQL, ClusterFuzzLite, Scorecard, Secret Scanning, DCO, weekly security audit | +| Traffic (14-day) | 52,949 clones, 23,129 page views (May 2026) | +| GitHub Stats | 1,433 stars, 273 forks, 76 contributors | ### AI-Assisted Development Disclosure