ai-agent-compliance 1.0.2

Unified installer and compliance documentation for the Agent Governance Toolkit

Agent Compliance

Unified installer and compliance documentation for the Agent Governance Toolkit

One install for the complete governance stack — kernel · trust mesh · runtime supervisor · reliability engineering

pip install ai-agent-compliance[full]

Architecture • Quick Start • Components • Why Unified? • Ecosystem • OWASP Compliance • Traction

⭐ If this project helps you, please star it! It helps others discover the agent governance stack.

🔗 Part of the Agent Governance Ecosystem — Installs Agent OS · AgentMesh · Agent Hypervisor · Agent SRE

---

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                      agent-compliance                            │
│                  pip install ai-agent-compliance[full]            │
├─────────────────────────────────────────────────────────────────┤
│                                                                 │
│   ┌───────────────────┐      ┌───────────────────────────┐     │
│   │   Agent OS Kernel │◄────►│   AgentMesh Platform      │     │
│   │                   │      │                           │     │
│   │  Policy Engine    │      │  Zero-Trust Identity      │     │
│   │  Capability Model │      │  Mutual TLS for Agents    │     │
│   │  Audit Logging    │      │  Encrypted Channels       │     │
│   │  Syscall Layer    │      │  Trust Scoring             │     │
│   └────────┬──────────┘      └─────────────┬─────────────┘     │
│            │                               │                   │
│            ▼                               ▼                   │
│   ┌───────────────────┐      ┌───────────────────────────┐     │
│   │ Agent Hypervisor  │      │   Agent SRE               │     │
│   │                   │      │                           │     │
│   │  Execution Rings  │      │  Health Monitoring        │     │
│   │  Resource Limits  │      │  SLO Enforcement          │     │
│   │  Runtime Sandboxing│     │  Incident Response        │     │
│   │  Kill Switch      │      │  Chaos Engineering        │     │
│   └───────────────────┘      └───────────────────────────┘     │
│                                                                 │
└─────────────────────────────────────────────────────────────────┘

---

Quick Start

import asyncio
from agent_os import StatelessKernel, ExecutionContext
from agentmesh import AgentIdentity

# Boot the governance kernel
kernel = StatelessKernel()
ctx = ExecutionContext(agent_id="my-agent", policies=["read_only"])

# Establish zero-trust agent identity
identity = AgentIdentity.create(
    name="my-agent",
    sponsor="alice@company.com",
    capabilities=["read:data", "write:reports"],
)

# Execute a governed action
async def main():
    result = await kernel.execute(
        action="database_query",
        params={"query": "SELECT * FROM users"},
        context=ctx,
    )
    print(f"Success: {result.success}, Data: {result.data}")

asyncio.run(main())

Install only what you need:

# Core: kernel + trust mesh
pip install ai-agent-compliance

# Full stack: adds hypervisor + SRE
pip install ai-agent-compliance[full]

# À la carte
pip install ai-agent-compliance[hypervisor]
pip install ai-agent-compliance[sre]

---

Components

Component	Package	What It Does
Agent OS	agent-os-kernel	Governance kernel — policy enforcement, capability-based security, audit trails, and the syscall abstraction layer for AI agents
AgentMesh	agentmesh-platform	Zero-trust communication — mutual TLS for agents, encrypted channels, trust scoring, and secure multi-agent orchestration ("SSL for AI Agents")
Agent Hypervisor	agent-hypervisor	Runtime supervisor — execution rings, resource limits, sandboxed execution, kill switches, and real-time intervention for autonomous agents
Agent SRE	agent-sre	Reliability engineering — health monitoring, SLO enforcement, incident response automation, and chaos engineering for agent fleets

Star the ecosystem

        

---

Why a Unified Governance Stack?

Running AI agents in production without governance is like deploying microservices without TLS, RBAC, or monitoring. Each layer solves a different problem:

Concern	Without Governance	With Agent Governance
Security	Agents call any tool, access any resource	Capability-based permissions, policy enforcement
Trust	No identity verification between agents	Mutual TLS, trust scores, encrypted channels
Control	Runaway agents consume unbounded resources	Execution rings, resource limits, kill switches
Reliability	Silent failures, no observability	SLO enforcement, health checks, incident automation
Compliance	No audit trail for agent decisions	Immutable audit logs, decision lineage tracking

One install. Four layers of protection.

The meta-package ensures all components are version-compatible and properly integrated. No dependency conflicts, no version mismatches — just a single pip install to go from zero to production-grade agent governance.

---

The Agent Governance Ecosystem

agent-compliance ─── The meta-package (you are here)
├── agent-os-kernel ─── Governance kernel
├── agentmesh-platform ─── Zero-trust mesh
├── agent-hypervisor ─── Runtime supervisor (optional)
└── agent-sre ─── Reliability engineering (optional)

Each component works standalone, but they're designed to work together. The kernel enforces policy, the mesh secures communication, the hypervisor controls execution, and SRE keeps everything running.

---

Examples

See the examples/ directory for runnable demos:

# Quick start — boot the governance stack in 30 lines
python examples/quickstart.py

# Full stack — all 4 layers working together
python examples/governed_agent.py

---

Framework Integration

# LangChain
pip install langchain ai-agent-compliance

# CrewAI
pip install crewai ai-agent-compliance

# AutoGen
pip install pyautogen ai-agent-compliance

---

🗺️ Roadmap

Quarter	Milestone
Q1 2026	✅ Unified meta-package, 4 components integrated, PyPI published
Q2 2026	Cross-component integration tests, unified CLI, dashboard UI
Q3 2026	Helm chart for Kubernetes, managed cloud preview
Q4 2026	SOC2 Type II certification, enterprise support tier

---

🛡️ OWASP Agentic Top 10 Coverage

The agent governance stack covers 9 of 10 risks from the OWASP Top 10 for Agentic Applications (2026):

OWASP Risk	Coverage	Component
Agent Goal Hijack	✅	Agent OS — Policy Engine
Tool Misuse	✅	Agent OS — Capability Sandboxing
Identity & Privilege Abuse	✅	AgentMesh — DID Identity
Supply Chain Vulnerabilities	🔄 Roadmap	Agent-SBOM (planned)
Unexpected Code Execution	✅	Agent Hypervisor — Execution Rings
Memory & Context Poisoning	✅	Agent OS — VFS + CMVK
Insecure Inter-Agent Communication	✅	AgentMesh — IATP Protocol
Cascading Failures	✅	Agent SRE — Circuit Breakers
Human-Agent Trust Exploitation	✅	Agent OS — Approval Workflows
Rogue Agents	✅	Agent Hypervisor — Kill Switch

→ Full OWASP compliance mapping with code examples

---

📈 Traction

The ecosystem is growing — 3,000+ views, 9,400+ clones, and 1,278 unique developers in the last 14 days alone. Traffic from Medium, Reddit, LinkedIn, Google, and even ChatGPT.

→ See full traction report

---

Contributing

We welcome contributions! See our Contributing Guide for details.

For component-specific contributions, see:

• Agent OS
• AgentMesh
• Agent Hypervisor
• Agent SRE

License

MIT — see LICENSE for details.

---

github.com/microsoft/agent-governance-toolkit · Documentation · GitHub

Building the governance layer for the agentic era