Skip to content

Comments

feat: add agent-governance skill — governance patterns for AI agent systems#755

Merged
aaronpowell merged 4 commits intogithub:mainfrom
imran-siddique:add-agent-governance-skill
Feb 18, 2026
Merged

feat: add agent-governance skill — governance patterns for AI agent systems#755
aaronpowell merged 4 commits intogithub:mainfrom
imran-siddique:add-agent-governance-skill

Conversation

@imran-siddique
Copy link
Contributor

Summary

Adds agent-governance — a skill teaching Copilot governance patterns for AI agent systems. This is the first security/governance-focused skill in the collection.

What's Included

skills/agent-governance/SKILL.md covers 6 core patterns:

Pattern Description
Governance Policy Declarative policies with allowlists, blocklists, content filters, rate limits. YAML-driven configuration.
Policy Composition Most-restrictive-wins merging of org → team → agent policies.
Semantic Intent Classification Pre-flight threat detection: data exfiltration, privilege escalation, prompt injection, system destruction.
Tool-Level Governance Decorator @govern(policy) decorator wrapping tool functions with policy enforcement + audit.
Trust Scoring Decay-based trust scores for multi-agent delegation with reliability tracking.
Audit Trail Append-only event log for compliance — every tool call logged with decision + policy name.

Framework Coverage

Includes integration examples for:

  • PydanticAI@agent.tool + @govern() composition
  • CrewAI — Crew-level governance wrapping all agent tools
  • OpenAI Agents SDK@function_tool + @govern() pattern

When Copilot Activates This Skill

From the description trigger:

  • Building AI agents that call external tools
  • Implementing policy-based access controls
  • Adding threat detection to agent prompts
  • Creating trust scoring for multi-agent workflows
  • Building audit trails for agent actions

Validation

✅ npm run skill:validate — All 51 skills valid
✅ npm run build — README.skills.md updated

Context

We're building Agent-OS and AgentMesh Integrations — governance frameworks for AI agent systems with integrations for PydanticAI, CrewAI, and OpenAI Agents. This skill distills those patterns into practical guidance Copilot can apply when users build agent code.

Add governance patterns and techniques for AI agent systems:
- Policy definition with allowlists, blocklists, and content filters
- Semantic intent classification for threat detection
- Tool-level governance decorator pattern
- Trust scoring with temporal decay for multi-agent systems
- Append-only audit trail design
- Framework integration examples (PydanticAI, CrewAI, OpenAI Agents)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request introduces the agent-governance skill, the first security and governance-focused skill in the Awesome Copilot collection. It provides comprehensive patterns and code examples for implementing safety controls, policy enforcement, and audit trails in AI agent systems. The skill targets developers building production AI agents that need governance controls for tool usage, multi-agent trust, and compliance requirements.

Changes:

  • New skill covering 6 core governance patterns: declarative policies, policy composition, semantic intent classification, tool-level decorators, trust scoring, and audit trails
  • Framework integration examples for PydanticAI, CrewAI, and OpenAI Agents SDK
  • Comprehensive best practices and implementation checklist for agent governance
  • Updated README.skills.md index with new entry

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
skills/agent-governance/SKILL.md New 564-line skill document covering governance patterns, code examples, framework integrations, and best practices for AI agent safety and control
docs/README.skills.md Added alphabetically-sorted entry for agent-governance skill in the skills index table

imran-siddique and others added 3 commits February 18, 2026 14:41
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
- Use context manager and path validation for file reading example
- Block directory traversal attacks with os.path.realpath check
- Update terminology: whitelist/blacklist -> allowlist/blocklist

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@aaronpowell aaronpowell merged commit f256cb2 into github:main Feb 18, 2026
3 checks passed
@imran-siddique
Copy link
Contributor Author

All review comments addressed in latest push:

  • File path validation (line 502): Now uses \os.path.realpath()\ for path traversal protection + \with open()\ context manager to prevent resource leaks
  • Inclusive terminology: Updated whitelist/blacklist → allowlist/blocklist in comments

Validated:
pm run skill:validate\ ✅
pm run build\ ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants