aicoolies logo
Agent Governance Toolkit logo
Agent Governance Toolkit logo

Agent Governance Toolkit

Microsoft’s public-preview runtime governance toolkit for policy, identity, sandboxing, audit, and MCP security around AI agents.

open sourcetelemetry concernsupdated Jun 26, 2026

Agent Governance Toolkit is Microsoft’s MIT-licensed public-preview toolkit for governing AI agent runtimes. It adds policy enforcement, zero-trust identity, execution sandboxing, audit, reliability, and MCP security-gateway patterns around tool calls and autonomous actions, helping platform teams move beyond prompt-only guardrails while preserving architecture review requirements.

Read our Agent Governance Toolkit review

A detailed review by the aicoolies team — click to read

Agent Governance Toolkit is Microsoft’s public-preview, MIT-licensed runtime governance toolkit for autonomous AI agents. It focuses on the control plane around agent actions rather than prompt wording alone: policy enforcement, zero-trust identity, execution sandboxing, audit trails, reliability controls, kill switches, rate limiting, and MCP security gateway patterns for systems that can call tools or touch sensitive workflows.

Current source signals are concrete enough for engineering evaluation. The GitHub repository describes coverage across the OWASP Agentic Top 10 and remains active, while PyPI lists agent_governance_toolkit 4.1.0 as a public-preview package for Python 3.9+. The Microsoft docs and launch material add details around policy engines, DID-style identity, plugin signing, provenance checks, sandboxing, and MCP gateway controls.

AGT is best treated as governance infrastructure that complements agent frameworks such as LangGraph, Semantic Kernel, CrewAI, AutoGen, or custom MCP stacks. Teams still need to define policies, map identities, integrate logs, test failure modes, and review support expectations before production use. It is promising for platform and security teams, but it is not a turnkey compliance stamp or a replacement for eval, red-team, or observability tooling.

Pricing

MIT-licensed open-source toolkit; model, hosting, identity, observability, security-review, and operations costs are separate.

Platforms

Python 3.9+ public-preview package, GitHub/docs, policy engine, identity/trust framework, execution sandboxing, audit, reliability, and MCP Security Gateway patterns.

Categories

Tags

Use Cases

Alternatives

NVIDIA logo

NeMo Guardrails

Programmable safety rails for LLM applications

NeMo Guardrails is NVIDIA's open-source toolkit for adding programmable safety rails to LLM applications. It supports five guardrail types — input, dialog, retrieval, execution, and output rails — covering content safety, jailbreak detection, topic control, PII masking, hallucination detection, and fact-checking. The toolkit uses Colang, a domain-specific language for defining conversational constraints, and integrates with OpenAI, Azure, Anthropic, HuggingFace, and LangChain/LangGraph.

free
Guardrails AI logo

Guardrails AI

Validate and structure LLM outputs with composable Guards

Guardrails AI is an open-source Python and JavaScript framework for validating and structuring LLM outputs using composable Guards built from a Hub of pre-built validators. It handles structured data extraction with Pydantic models, content safety checks including toxicity, PII detection, competitor mentions, and bias filtering, plus automatic re-prompting when validation fails. The Guardrails Hub offers dozens of validators from regex matching to hallucination detection via LLM judges.

free
rampart

Rampart

Microsoft’s pytest-native red teaming framework for turning AI agent safety findings into CI tests.

RAMPART is an open-source Microsoft framework for safety and security testing of agentic AI applications. It brings red-team findings into a pytest-native workflow so teams can turn prompt injection, unsafe tool use, and behavioral boundary failures into repeatable regression tests. The strongest aicoolies angle is developer workflow: RAMPART makes agent safety part of CI/CD instead of a one-off security review.

Open Source
MCP-Scan logo

MCP-Scan

Security scanner for MCP servers against tool poisoning attacks

MCP-Scan is a security tool that scans MCP servers for vulnerabilities including tool poisoning, prompt injection, cross-origin escalation, and rug pull attacks. Acquired by Snyk in 2026, it is the first dedicated security scanner for the MCP ecosystem. It analyzes tool descriptions, permissions, and behavior patterns to detect malicious or compromised MCP servers before they can exploit AI agents.

Open Source

Related Tools

KaibanJS

JavaScript framework for building and visualizing multi-agent workflows on a Kanban board

KaibanJS is an MIT-licensed JavaScript framework for defining AI agents, tasks, tools, and teams, then orchestrating their work through a Kanban-inspired runtime and visual board. It can run inside Node.js, React, or Next.js projects, supports custom UIs and headless workflows, and provides real-time task-state visibility for multi-agent applications.

Open SourceTelemetry
MEDUSA logo

MEDUSA

AI-first security scanner for LLM, agent, MCP, and RAG codebases

MEDUSA is an AGPL-3.0 AI-first security scanner from Pantheon Security that checks AI and machine-learning applications, LLM agents, MCP workflows, RAG pipelines, repository-poisoning risks, secrets, and agent-specific compromise patterns.

Open Source
iFixAi logo

iFixAi

Open-source diagnostic for AI operational misalignment

iFixAi is an Apache-2.0 diagnostic tool for scoring AI agents and models against operational-misalignment risks such as hallucination, manipulation, sabotage, sandbagging, and oversight evasion.

Open Source

Inspect AI

UK AI Security Institute framework for LLM safety evaluations

Inspect AI is an MIT-licensed framework from the UK AI Security Institute for running large language model evaluations, including tool use, multi-turn dialogue, model-graded scoring, and reusable evaluation tasks.

Open Source
Presidio logo

Presidio

Open-source PII detection and anonymization for AI data flows

Presidio is an MIT-licensed privacy framework for identifying and anonymizing personally identifiable information in text, images, and structured data. It can act as a de-identification layer around LLM prompts, logs, RAG corpora, and customer-data workflows.

Open Source

Sakana Fugu

Multi-agent model API that orchestrates frontier models behind one OpenAI-compatible endpoint

Sakana Fugu is a hosted model-provider API that exposes a learned multi-agent system as one OpenAI-compatible model. It dynamically routes coding, code review, research, and reasoning tasks across a frontier-model pool, with Fugu for lower-latency work and Fugu Ultra for harder workloads where answer quality matters more than cost or speed.

paidTelemetry

Comparisons