fix(agent-sre): CostGuard input validation + org kill bypass#272
Merged
imran-siddique merged 2 commits intomainfrom Mar 15, 2026
Merged
fix(agent-sre): CostGuard input validation + org kill bypass#272imran-siddique merged 2 commits intomainfrom
imran-siddique merged 2 commits intomainfrom
Conversation
- Restructure README to match microsoft/agent-framework layout: Banner → Getting Started → Installation → Documentation → Highlights → Quickstart → Examples → Packages → OWASP → Performance → Contributors - Add SVG banner image (docs/assets/readme-banner.svg) - Add COMMUNITY.md (community resources, related projects) - Move Architecture Notes to docs/ARCHITECTURE.md (trim README) - Organize 16 proposal docs into docs/proposals/ subdirectory - Add 'We want your feedback' and 'Important Notes' sections - Fix broken PROPOSALS-INDEX.md link in RELEASE_NOTES_v1.0.0.md Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Reject NaN/Inf/negative values at __init__ for org_monthly_budget, per_task_limit, per_agent_daily_limit, kill_switch_threshold, and alert_thresholds (prevents silent budget bypass via IEEE 754) - Reject NaN/Inf/negative estimated_cost in check_task() - Reject NaN/Inf/negative cost_usd in record_cost() - Add _org_killed flag: once org budget kill threshold is crossed, ALL new agents (including those created after the kill) are blocked - Update tests to match new validation behavior (34 passing) Based on ideas from @amabito in PRs #248 and #249. Co-authored-by: Keita A. <amabito@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-actions
bot
added
documentation
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
This was referenced Mar 15, 2026
imran-siddique
added a commit
to imran-siddique/agent-governance-toolkit
that referenced
this pull request
Mar 18, 2026
…sories - Add in-memory storage warning to demo startup - Add sample policy disclaimer to demo startup - Add --include-attacks flag for adversarial demo scenarios (prompt injection, tool alias bypass, SQL policy bypass) - Add security advisories to SECURITY.md for CostGuard org kill bypass (microsoft#272) and thread safety fixes (v2.1.0) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
imran-siddique
added a commit
to imran-siddique/agent-governance-toolkit
that referenced
this pull request
Mar 18, 2026
…CHANGELOG Move CostGuard org kill bypass (microsoft#272), CostGuard thread safety (microsoft#253), ErrorBudget unbounded deque (microsoft#172), and VectorClock race condition (microsoft#243) from 'Fixed' to 'Security' section in v2.1.0 CHANGELOG — these are security fixes affecting concurrent governance enforcement. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
imran-siddique
added a commit
to imran-siddique/agent-governance-toolkit
that referenced
this pull request
Mar 18, 2026
…sories - Add in-memory storage warning to demo startup - Add sample policy disclaimer to demo startup - Add --include-attacks flag for adversarial demo scenarios (prompt injection, tool alias bypass, SQL policy bypass) - Add security advisories to SECURITY.md for CostGuard org kill bypass (microsoft#272) and thread safety fixes (v2.1.0) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
imran-siddique
added a commit
to imran-siddique/agent-governance-toolkit
that referenced
this pull request
Mar 18, 2026
…CHANGELOG Move CostGuard org kill bypass (microsoft#272), CostGuard thread safety (microsoft#253), ErrorBudget unbounded deque (microsoft#172), and VectorClock race condition (microsoft#243) from 'Fixed' to 'Security' section in v2.1.0 CHANGELOG — these are security fixes affecting concurrent governance enforcement. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
imran-siddique
added a commit
that referenced
this pull request
Mar 18, 2026
…ents (#296) * fix(security): replace XOR placeholder with AES-256-GCM, add Security Model section Address 3 findings from security review: 1. Replace insecure XOR placeholder encryption in DMZ module with real AES-256-GCM via cryptography library (was: 'NOT SECURE - placeholder only' comment in nexus/dmz.py) 2. Add 'Security Model & Limitations' section to root README making clear this is application-level middleware, not OS kernel isolation. Includes table of what each layer provides vs. does not provide. 3. Add checksum verification guidance to community preview disclaimer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix(security): add demo warnings, adversarial mode, and security advisories - Add in-memory storage warning to demo startup - Add sample policy disclaimer to demo startup - Add --include-attacks flag for adversarial demo scenarios (prompt injection, tool alias bypass, SQL policy bypass) - Add security advisories to SECURITY.md for CostGuard org kill bypass (#272) and thread safety fixes (v2.1.0) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs: relabel CostGuard and thread safety fixes as security items in CHANGELOG Move CostGuard org kill bypass (#272), CostGuard thread safety (#253), ErrorBudget unbounded deque (#172), and VectorClock race condition (#243) from 'Fixed' to 'Security' section in v2.1.0 CHANGELOG — these are security fixes affecting concurrent governance enforcement. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * fix: address PR review feedback — docstrings, changelog, yaml safety - Add docstring to scenario_adversarial_attacks - Document --include-attacks flag in README - Pin pyyaml version in security-scan workflow - Audit and fix unsafe yaml.load() calls (if any) - Add unreleased changelog entries Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CostGuard Hardening
Applies two security improvements from community feedback (PRs #248, #249 by @amabito):
Input Validation
ecord_cost()\
Org Kill Bypass Fix
Tests
34 passing (updated to match new validation behavior)
Supersedes #248 and #249 (both had merge conflicts with #253).