[Contrib] Agent-OS Governance Extension: Kernel-Level Policy Enforcement

[imran-siddique]

Summary

Adds kernel-level governance for AutoGen multi-agent conversations using Agent-OS.

Why This Matters

AutoGen enables powerful multi-agent conversations, but lacks built-in policy enforcement. This extension provides:

• Content Filtering: Block dangerous patterns (SQL injection, shell commands)
• Tool Control: Limit which tools agents can use
• Rate Limiting: Cap messages and tool calls per session
• Audit Trail: Full logging for compliance and debugging

Changes

• Added \python/packages/autogen-ext/src/autogen_ext/governance/\
  • _governance.py\ - GovernedAgent, GovernedTeam, GovernancePolicy classes
  • _init_.py\ - Public exports
  • \README.md\ - Documentation and examples

Example Usage

\\python
from autogen_ext.governance import GovernedTeam, GovernancePolicy
from autogen_agentchat.agents import AssistantAgent

Define policy

policy = GovernancePolicy(
max_tool_calls=10,
blocked_patterns=["DROP TABLE", "rm -rf"],
blocked_tools=["shell_execute"],
)

Create governed team

team = GovernedTeam(
agents=[analyst, reviewer],
policy=policy,
)

Run with governance

result = await team.run("Analyze Q4 sales")
audit = team.get_audit_log()
\\

Value for AutoGen Users

Feature	Without Extension	With Agent-OS
Content Filtering	Manual	Automatic
Tool Limits	None	Configurable
Audit Trail	DIY	Built-in
Policy Violations	Runtime errors	Controlled handling

Integration Path

This extension works standalone, but can also integrate with the full Agent-OS kernel for:

• GDPR/HIPAA compliance policies
• Cost control limits
• Human-in-the-loop approval flows
• Cross-framework governance

References

• Agent-OS: https://github.com/imran-siddique/agent-os
• Similar integration in Agent-Lightning: [Contrib] Agent-OS Integration: Kernel-Level Safety for RL Training agent-lightning#478

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.20%. Comparing base (13e144e) to head (9f1cc61).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7212      +/-   ##
==========================================
- Coverage   81.22%   81.20%   -0.02%     
==========================================
  Files         244        2     -242     
  Lines       18512      149   -18363     
==========================================
- Hits        15036      121   -14915     
+ Misses       3476       28    -3448     

Flag	Coverage Δ
unittests	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[imran-siddique]

Ready for Final Review 🙏

This PR has been open for a while. The AgentMesh trust layer integration is complete and tested.

Could a maintainer please provide a final review? Happy to address any remaining concerns.

Thank you!

[imran-siddique]

Codecov Report

❌ Patch coverage is 0% with 162 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.47%. Comparing base (13e144e) to head (c338201).

Files with missing lines	Patch %	Lines
...ogen-ext/src/autogen_ext/governance/_governance.py	0.00%	160 Missing ⚠️
...autogen-ext/src/autogen_ext/governance/__init__.py	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7212      +/-   ##
==========================================
- Coverage   81.22%   80.47%   -0.76%     
==========================================
  Files         244      246       +2     
  Lines       18512    18674     +162     
==========================================
- Hits        15036    15027       -9     
- Misses       3476     3647     +171     

Flag	Coverage Δ
unittests	80.47% <0.00%> (-0.76%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Try again

[imran-siddique]

Hi maintainers! This PR adds Agent-OS governance as an autogen-ext package. All review threads are addressed and the integration follows the existing autogen-ext package patterns. Would a maintainer be able to review? Happy to make any changes needed. Thank you!

[imran-siddique]

Friendly nudge -- just wanted to share that Agent OS was merged into microsoft/agent-lightning (14k stars) yesterday: microsoft/agent-lightning#478 -- The Microsoft team validated the kernel-level governance approach for RL training. Happy to address any feedback here, including the patch coverage question!

[imran-siddique]

Update: Our AgentMesh trust layer was just merged into LlamaIndex (47k stars): run-llama/llama_index#20644. This is our second major integration merge this week after Microsoft's agent-lightning (14k stars). Would love to get this PR reviewed as well!

[imran-siddique]

Friendly follow-up! This PR has been open for ~11 days. In the meantime, our governance layer has been merged into three major frameworks:

• Dify (65K stars) -- langgenius/dify-plugins#2060 merged today
• LlamaIndex (47K stars) -- run-llama/llama_index#20644 merged, reviewed by @AstraBert
• Microsoft Agent-Lightning (15K stars) -- microsoft/agent-lightning#478 merged, reviewed by @ultmaster

This shows real demand for governance in agent frameworks. Happy to address any feedback to get this merged for AutoGen as well.