Skip to content

v3.3.0 - Contributor Reputation + Repo Reorganization

Choose a tag to compare

View all tags
@imran-siddique imran-siddique released this 27 Apr 03:28
· 1159 commits to main since this release
v3.3.0
15e001f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

Contributor Reputation Check

A new reusable GitHub Action that screens PR and issue authors for coordinated inauthentic behavior. Any OSS repo can adopt it:

- uses: microsoft/agent-governance-toolkit/.github/actions/contributor-check@v3.3.0
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}

Detects following farming, cross-repo spray, credential laundering, and network coordination. Runs automatically on every PR/issue open. Labels and comments on MEDIUM/HIGH risk. Zero external dependencies.

Repo Reorganization

All SDK packages now live under language-specific directories for a clean, navigable root:

  • agent-governance-python/ (10 packages)
  • agent-governance-typescript/ (VS Code extension + TS SDK)
  • agent-governance-dotnet/ (.NET SDK)
  • agent-governance-rust/ (Rust SDK)
  • agent-governance-golang/ (Go SDK)

Shift-Left Governance

Tutorial 45 walks through AGT's full shift-left story. Contributor reputation is now the leftmost check in the pipeline, before pre-commit hooks, before CI.

Also in this release

  • Sentry integration for Agent SRE
  • Policy composition with extends inheritance
  • Multi-stage policy pipeline (pre_input, pre_tool, post_tool, pre_output)
  • 2-line governance wrapper: govern() function
  • Human-in-the-loop approval workflows
  • OpenTelemetry native observability
  • ATR Community Rules upgraded to 287 rules
  • EU AI Act compliance templates
  • SDK parity improvements across .NET, TypeScript, Rust, Go
  • 80+ total changes

See full CHANGELOG for details.

Assets 6
Loading