Agent Governance

Agent governance is implemented while you design and wire agent capabilities—the canonical shelf is Build because that is when tool access and multi-agent delegation are first introduced. The skill targets procedural patterns for agent runtimes, tool permissions, and accountability—not a single third-party API integration.

Also useful

Also useful

Where it fits

Example use

Define allow/deny rules and audit logging before enabling shell or database tools on your agent.

Example use

Map intent classification and content filters into a pre-launch security checklist for tool-using agents.

Example use

Use audit trail patterns to investigate unexpected tool calls and update trust scores after incidents.

How it compares

Reference governance patterns for your agent codebase—not a prebuilt MCP server or hosted policy engine you install once.

Common Questions / FAQ

Who is agent-governance for?

Indie and solo developers building AI agents that touch APIs, databases, files, or shells, especially when multiple agents delegate work and you need accountability.

When should I use agent-governance?

During Build when wiring tool access; again in Ship when reviewing security and launch gates; and in Operate when you need audit trails and ongoing trust boundaries for production agents.

Is agent-governance safe to install?

It is documentation and patterns in SKILL.md—review the Security Audits panel on this Prism page and inspect the skill package in your repo before enabling it in automated agents.

SKILL.md

READMESKILL.md - Agent Governance

# Agent Governance Patterns

Patterns for adding safety, trust, and policy enforcement to AI agent systems.

## Overview

Governance patterns ensure AI agents operate within defined boundaries — controlling which tools they can call, what content they can process, how much they can do, and maintaining accountability through audit trails.

```
User Request → Intent Classification → Policy Check → Tool Execution → Audit Log
                     ↓                      ↓               ↓
              Threat Detection         Allow/Deny      Trust Update
```

## When to Use

- **Agents with tool access**: Any agent that calls external tools (APIs, databases, shell commands)
- **Multi-agent systems**: Agents delegating to other agents need trust boundaries
- **Production deployments**: Compliance, audit, and safety requirements
- **Sensitive operations**: Financial transactions, data access, infrastructure management

---

## Pattern 1: Governance Policy

Define what an agent is allowed to do as a composable, serializable policy object.

```python
from dataclasses import dataclass, field
from enum import Enum
from typing import Optional
import re

class PolicyAction(Enum):
    ALLOW = "allow"
    DENY = "deny"
    REVIEW = "review"  # flag for human review

@dataclass
class GovernancePolicy:
    """Declarative policy controlling agent behavior."""
    name: str
    allowed_tools: list[str] = field(default_factory=list)       # allowlist
    blocked_tools: list[str] = field(default_factory=list)       # blocklist
    blocked_patterns: list[str] = field(default_factory=list)    # content filters
    max_calls_per_request: int = 100                             # rate limit
    require_human_approval: list[str] = field(default_factory=list)  # tools needing approval

    def check_tool(self, tool_name: str) -> PolicyAction:
        """Check if a tool is allowed by this policy."""
        if tool_name in self.blocked_tools:
            return PolicyAction.DENY
        if tool_name in self.require_human_approval:
            return PolicyAction.REVIEW
        if self.allowed_tools and tool_name not in self.allowed_tools:
            return PolicyAction.DENY
        return PolicyAction.ALLOW

    def check_content(self, content: str) -> Optional[str]:
        """Check content against blocked patterns. Returns matched pattern or None."""
        for pattern in self.blocked_patterns:
            if re.search(pattern, content, re.IGNORECASE):
                return pattern
        return None
```

### Policy Composition

Combine multiple policies (e.g., org-wide + team + agent-specific):

```python
def compose_policies(*policies: GovernancePolicy) -> GovernancePolicy:
    """Merge policies with most-restrictive-wins semantics."""
    combined = GovernancePolicy(name="composed")

    for policy in policies:
        combined.blocked_tools.extend(policy.blocked_tools)
        combined.blocked_patterns.extend(policy.blocked_patterns)
        combined.require_human_approval.extend(policy.require_human_approval)
        combined.max_calls_per_request = min(
            combined.max_calls_per_request,
            policy.max_calls_per_request
        )
        if policy.allowed_tools:
            if combined.allowed_tools:
                combined.allowed_tools = [
                    t for t i

What is this skill?

Request pipeline: intent classification → policy check → tool execution → audit log

Patterns for threat detection, allow/deny policy, and trust updates in multi-agent flows

Covers rate limits, content filters, and tool restrictions on agent actions

Framework-agnostic guidance (PydanticAI, CrewAI, OpenAI Agents, LangChain, AutoGen)

Audit trails and trust scoring for production compliance and safety

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 9.1k installs on skills.sh; 34.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

Also useful

Where it fits

Example use

Define allow/deny rules and audit logging before enabling shell or database tools on your agent.

Example use

Map intent classification and content filters into a pre-launch security checklist for tool-using agents.

Example use