agent-governance

# Agent Governance Patterns Patterns for adding safety, trust, and policy enforcement to AI agent systems. ## Overview Governance patterns ensure AI agents operate within defined boundaries — controlling which tools they can call, what content they can process, how much they can do, and maintaining accountability through audit trails. ``` User Request → Intent Classification → Policy Check → Tool Execution → Audit Log ↓ ↓ ↓ Threat Detection Allow/Deny Trust Update ``` ## When to Use - **Agents with tool access**: Any agent that calls external tools (APIs, databases, shell commands) - **Multi-agent systems**: Agents delegating to other agents need trust boundaries - **Production deployments**: Compliance, audit, and safety requirements - **Sensitive operations**: Financial transactions, data access, infrastructure management --- ## Pattern 1: Governance Policy Define what an agent is allowed to do as a composable, serializable policy object. ```python from dataclasses import dataclass, field from enum import Enum from typing import Optional import re class PolicyAction(Enum): ALLOW = "allow" DENY = "deny" REVIEW = "review" # flag for human review @dataclass class GovernancePolicy: """Declarative policy controlling agent behavior.""" name: str allowed_tools: list[str] = field(default_factory=list) # allowlist blocked_tools: list[str] = field(default_...