[SAMPLE] Agent Governance — tool policy enforcement, trust scoring, and audit trails

[imran-siddique]

Sample: Agent Governance — Tool Policy, Trust Scoring, and Audit

What kind of sample would you like to see?

A governance-focused sample demonstrating how to use ADK's BasePlugin and callbacks to enforce runtime governance on agent tool usage.

Proposed: agent-governance sample

This sample would demonstrate:

1. GovernancePlugin — A BasePlugin that enforces tool policies

   • before_tool_callback: Allowlist/blocklist tools, scan arguments for sensitive patterns, enforce rate limits
   • on_user_message_callback: Detect threat signals (data exfiltration, privilege escalation, prompt injection) before agent processing
   • after_tool_callback: Append-only audit trail of all tool calls with policy decisions

2. Multi-agent trust scoring — A SequentialAgent where:

   • A "router" agent delegates to specialist sub-agents
   • Each sub-agent has its own governance policy (different tool permissions)
   • Trust scores decay over time and improve with successful completions
   • Low-trust agents get stricter policies

3. YAML-driven policy configuration — Policies loaded from config files, not hardcoded:

   name: customer-service
   allowed_tools: [search_kb, create_ticket, lookup_order]
   blocked_patterns: ["(?i)(ssn|credit.card|password)"]
   max_calls_per_request: 20
   require_human_approval: [create_ticket]

How it differs from existing samples

	safety-plugins	policy-as-code	This proposal
Focus	Content safety (Model Armor)	Infrastructure policy (Terraform/OPA)	Runtime tool governance
Cloud dependency	Requires Google Cloud	Requires GCP + OPA	None (pure Python)
Enforcement point	Model input/output	Before deployment	Before each tool call
Multi-agent	No	No	Yes (trust scoring)
Audit trail	No	No	Yes (JSON Lines)

Proposed Directory Structure

python/agents/agent-governance/
├── agent_governance/
│   ├── __init__.py
│   ├── agent.py              # Root agent with governance callbacks
│   ├── governance_plugin.py  # BasePlugin implementation
│   ├── policy.py             # GovernancePolicy dataclass + YAML loading
│   ├── intent.py             # Threat signal classification
│   ├── trust.py              # Trust scoring with decay
│   ├── audit.py              # Append-only audit trail
│   └── tools.py              # Example governed tools
├── policies/
│   ├── production.yaml
│   └── strict.yaml
├── tests/
│   └── test_governance.py
├── pyproject.toml
└── README.md

ADK language

Python

Context

We've built this pattern for PydanticAI (57 tests passing), CrewAI, and OpenAI Agents. Happy to submit a PR porting this to ADK's plugin architecture.

[github-actions]

There is a problem with the Gemini CLI issue triaging. Please check the action logs for details.

[douglasborthwick-crypto]

For the multi-agent trust scoring component, one gap in simulated trust scores: they're self-referential. An agent's trust improves by completing tasks within the same system, which doesn't verify anything about the agent's actual identity or holdings.

A concrete external data source for the TrustScorer: InsumerAPI returns ECDSA-signed wallet trust profiles — 14 on-chain checks across stablecoins, governance tokens, and NFTs on 31 EVM chains. This gives your governance plugin a real, externally verifiable signal to compose with behavioral scores.

For a Python ADK sample using the LangChain integration:

from langchain_insumer import InsumerWalletTrust

trust_tool = InsumerWalletTrust(api_key="...")
result = trust_tool.invoke({"wallet": agent_wallet, "chain": "ethereum"})
# Returns per-dimension breakdown: stablecoins (7/7), governance (3/4), NFTs (2/3)
# ECDSA-signed, verifiable via JWKS at /.well-known/jwks.json

This maps to your proposed architecture:

• GovernancePlugin.before_tool_callback → check agent's wallet trust profile before allowing tool access
• High governance token holdings → more permissive policy
• Zero on-chain footprint → restrict to read-only tools
• Trust signal decays naturally with the behavioral score

The package is on PyPI (pip install langchain-insumer, MIT). Full API spec: https://insumermodel.com/openapi.yaml

[imran-siddique]

Closing - project moved to microsoft/agent-governance-toolkit. Will re-submit fresh proposals from the Microsoft repo. Thank you!