[research] microsoft/agent-governance-toolkit — OWASP Agentic Top 10 coverage for AgentGuard #55
Description
Agent Governance Toolkit — Runtime governance with full OWASP Agentic Top 10 coverage
What it does: Microsoft's Agent Governance Toolkit is runtime governance infrastructure for AI agents: deterministic policy enforcement (<0.1 ms latency), zero-trust Ed25519 agent identity (SPIFFE/SVID), 4-tier execution privilege rings, and agent SRE (SLOs, circuit breakers, kill switches). It ships Python, TypeScript (@agentmesh/sdk), and .NET SDKs. It covers all 10 OWASP Agentic risks (ASI-01 Goal Hijacking through ASI-10 Rogue Agents) with 9,500+ tests. Importantly, it has explicit NVIDIA OpenShell integration docs — the same sandbox layer already in ShellForge's stack.
Why it matters for ShellForge: AgentGuard today enforces YAML policy-as-code (allow/deny patterns) but has no agent identity layer, no structured audit trail format, and limited coverage of multi-agent trust boundaries. The AGT TypeScript SDK could add three things directly to ShellForge: (1) cryptographic agent IDs so governance logs are unforgeable, (2) OWASP-mapped policy controls that can be validated against the compliance matrix, and (3) a structured approach to inter-agent trust for swarm mode (ASI-07). The OpenShell integration guide is directly applicable since ShellForge already uses OpenShell for sandboxing.
GitHub: https://github.com/microsoft/agent-governance-toolkit ⭐ 339 (created March 2026)
License: MIT ✅
Rough integration effort: Moderate — adopt @agentmesh/sdk policy evaluation alongside AgentGuard's existing YAML rules; map current agentguard.yaml patterns to OWASP ASI controls; add agent identity to audit log entries.