aicoolies logo

Agent Governance Toolkit

Microsoft’s open-source toolkit for adding policy enforcement, identity, sandboxing, and audit controls to production AI agents.

Share
open-sourceOpen SourceTelemetry Concerns
Visit Website →

Agent Governance Toolkit is an open-source Microsoft project for teams moving AI agents from demos into controlled production workflows. It focuses on runtime policy enforcement, zero-trust identity, sandboxed execution, and reliability patterns around autonomous agents, giving security and platform teams a governance layer around tool calls and agent actions rather than another prompt-only guardrail.

Agent Governance Toolkit is Microsoft’s open-source toolkit for bringing production controls to autonomous AI agents. Instead of treating safety as a prompt-only problem, it focuses on the runtime surfaces that matter when agents can call tools, touch data, run code, or trigger external systems: policy enforcement, zero-trust identity, execution sandboxing, auditability, and reliability engineering.

The strongest aicoolies angle is agent governance for platform and security teams. Existing guardrail tools often focus on model outputs or LLM policy checks; Agent Governance Toolkit sits closer to the operational layer around agent actions. That makes it relevant for teams building agentic workflows with LangChain-style frameworks, MCP tool access, internal APIs, or custom orchestrators where approval boundaries and traceability matter.

It should be evaluated as a building block, not a turnkey compliance product. The repository is active and MIT licensed, but teams still need to integrate it with their identity provider, model stack, sandbox infrastructure, observability, and deployment process. For production agent programs, it belongs on the shortlist beside guardrail, sandbox, and AI security testing tools.

Pricing

Open-source MIT-licensed toolkit. Teams still need to account for the model providers, hosting, identity systems, and infrastructure used around their agent runtime.

Platforms

Python/open-source agent governance toolkit with documentation, package distribution, and production-oriented policy, identity, sandboxing, and audit patterns.

Categories

AI Security & DevSecOpsAgent Frameworks

Tags

MicrosoftAI AgentsAgent GuardrailsAgent SafetyPolicy as CodeAI SandboxOpen Source

Use Cases

Security AuditingAgentic DevelopmentDevOps Automation

Alternatives

NeMo Guardrails

Programmable safety rails for LLM applications

NeMo Guardrails is NVIDIA's open-source toolkit for adding programmable safety rails to LLM applications. It supports five guardrail types — input, dialog, retrieval, execution, and output rails — covering content safety, jailbreak detection, topic control, PII masking, hallucination detection, and fact-checking. The toolkit uses Colang, a domain-specific language for defining conversational constraints, and integrates with OpenAI, Azure, Anthropic, HuggingFace, and LangChain/LangGraph.

free
Guardrails AI logo

Guardrails AI

Validate and structure LLM outputs with composable Guards

Guardrails AI is an open-source Python and JavaScript framework for validating and structuring LLM outputs using composable Guards built from a Hub of pre-built validators. It handles structured data extraction with Pydantic models, content safety checks including toxicity, PII detection, competitor mentions, and bias filtering, plus automatic re-prompting when validation fails. The Guardrails Hub offers dozens of validators from regex matching to hallucination detection via LLM judges.

free
rampart

Rampart

Microsoft’s pytest-native red teaming framework for turning AI agent safety findings into CI tests.

RAMPART is an open-source Microsoft framework for safety and security testing of agentic AI applications. It brings red-team findings into a pytest-native workflow so teams can turn prompt injection, unsafe tool use, and behavioral boundary failures into repeatable regression tests. The strongest aicoolies angle is developer workflow: RAMPART makes agent safety part of CI/CD instead of a one-off security review.

open-sourceOpen Source
MCP-Scan logo

MCP-Scan

Security scanner for MCP servers against tool poisoning attacks

MCP-Scan is a security tool that scans MCP servers for vulnerabilities including tool poisoning, prompt injection, cross-origin escalation, and rug pull attacks. Acquired by Snyk in 2026, it is the first dedicated security scanner for the MCP ecosystem. It analyzes tool descriptions, permissions, and behavior patterns to detect malicious or compromised MCP servers before they can exploit AI agents.

open-sourceOpen Source

Related Tools

Baz logo

Baz

Telemetry-aware AI code reviewer that checks how pull requests may affect real services.

Baz is an AI code-review platform focused on production-aware pull requests. Instead of only reading the diff, Baz connects code changes to application telemetry so reviewers can understand what endpoints, services, and runtime behavior may be affected. That makes it a useful complement to existing AI PR bots when the question is not just whether a change looks correct, but whether it could break a live system.

freemiumTelemetry
OpenHuman logo

OpenHuman

Local-first personal AI agent with memory trees, desktop integrations, and private workspace context.

OpenHuman is an open-source, local-first personal AI agent from TinyHumans. It combines a desktop app, persistent memory trees, Obsidian-compatible storage, OAuth integrations, and local model support into a private assistant harness. It is most interesting for users who want agentic workflows and long-term memory without handing every context detail to a fully cloud-hosted assistant.

open-sourceOpen SourceTelemetry
Unabyss logo

Unabyss

MCP-native personal context vault for keeping AI agents aligned with your work, voice, and projects.

Unabyss is a personal context headquarters for AI agents. It syncs sources such as email, Slack, Notion, Drive, meetings, and professional profiles into structured context files that can be served to MCP-capable clients. The strongest angle is not generic note taking; it is permissioned, reusable context for Claude, Cursor, custom agents, and other tools that otherwise need the same background explained repeatedly.

freemiumTelemetry
Re_gent logo

Re_gent

Version control for AI coding-agent actions

Re_gent is an open-source version-control layer for AI coding-agent activity. Instead of only reviewing the final Git diff, it records what the agent attempted, changed, and executed along the way so teams can trace, undo, and govern autonomous coding work. It fits Claude Code, Codex, Cursor, and multi-agent teams that need an audit trail between prompt and pull request.

open-sourceOpen Source

agentmemory

Persistent memory layer for AI coding agents — keeps Claude Code, Codex, Cursor, and any MCP agent in context across sessions

agentmemory is an open-source MCP server that gives AI coding agents persistent, cross-session memory. Built on hybrid vector-graph search, it achieves 95.2% recall on the LongMemEval-S benchmark while using up to 92% fewer context tokens than naive context injection. Works out of the box with Claude Code, Codex, Cursor, Windsurf, Cline, OpenCode, Kilo Code, Hermes, and any MCP client through 51 MCP tools plus 12 hooks and 4 skills.

open-sourceOpen Source
fast-agent logo

fast-agent

MCP, ACP and Skills support for building production coding agents — interactive or automated.

fast-agent is an Apache-licensed Python framework for building and running LLM agents with full MCP (Model Context Protocol) and ACP support. It ships with an interactive shell mode, Skills management, and multi-model routing — making it a practical platform for coding agents, workflow automation, and agent evaluation across Claude, Codex, HuggingFace, and local models.

open-source