https://thedotnetblog.com/tags/governance/Articles, tutorials and insights from the .NET community.Hugoen@thedotnetblog (The .NET Blog)@thedotnetblogFri, 29 May 2026 00:00:00 +0000https://thedotnetblog.com/news/emiliano-montesdeoca/maf-agent-governance-toolkit-runtime-policy/Fri, 29 May 2026 00:00:00 +0000Emiliano Montesdeocahttps://thedotnetblog.com/news/emiliano-montesdeoca/maf-agent-governance-toolkit-runtime-policy/Microsoft Agent Framework and Agent Governance Toolkit pair up to enforce runtime policy, govern tool calls, and provide Merkle-chained audit logs — without touching your agent prompts.<p>There&rsquo;s a pattern in AI agent development that I&rsquo;ve started calling &ldquo;demo regret.&rdquo; The agent works great in demos. Then someone asks: what happens if it calls the wrong tool? What if it accesses data it shouldn&rsquo;t? Who audited that?</p> <p>Microsoft Agent Framework has your back for building and orchestrating. Agent Governance Toolkit (AGT) covers the part after that — governance, policy enforcement, and auditability at runtime.</p> <h2 id="what-each-project-actually-does">What Each Project Actually Does</h2> <p><strong>Microsoft Agent Framework (MAF)</strong> gives you the programming model: multi-agent workflows, A2A protocol interoperability, middleware hooks, memory, and managed hosting via Foundry Agent Service. It handles content safety at the model input/output level.</p> <p><strong>Agent Governance Toolkit (AGT)</strong> plugs into that same middleware pipeline to govern <em>actions</em>. Every tool call, resource access, and inter-agent message gets evaluated against policy before execution. Sub-millisecond overhead. No sidecars, no proxies, no prompts modified.</p> <pre tabindex="0"><code>Agent Action --&gt; Policy Check --&gt; Allow / Deny --&gt; Audit Log (&lt; 0.1 ms) </code></pre><p>Different layers, complete coverage, one pipeline.</p> <h2 id="plugging-in-is-just-adding-middleware">Plugging In Is Just Adding Middleware</h2> <p>In Python, AGT adds to the same <code>middleware</code> parameter you&rsquo;d use for logging or content filters:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="n">agent</span> <span class="o">=</span> <span class="n">Agent</span><span class="p">(</span> </span></span><span class="line"><span class="cl"> <span class="n">client</span><span class="o">=</span><span class="n">OpenAIChatClient</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="s2">&#34;gpt-5.3&#34;</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="n">name</span><span class="o">=</span><span class="s2">&#34;Contoso Loan Officer&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">instructions</span><span class="o">=</span><span class="s2">&#34;You are a governed loan assistant.&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">tools</span><span class="o">=</span><span class="p">[</span><span class="n">check_credit_score</span><span class="p">,</span> <span class="n">get_loan_rates</span><span class="p">,</span> <span class="n">approve_small_loan</span><span class="p">],</span> </span></span><span class="line"><span class="cl"> <span class="n">middleware</span><span class="o">=</span><span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="n">AuditTrailMiddleware</span><span class="p">(</span><span class="n">audit_log</span><span class="o">=</span><span class="n">audit_log</span><span class="p">,</span> <span class="n">agent_did</span><span class="o">=</span><span class="s2">&#34;loan-agent&#34;</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="n">GovernancePolicyMiddleware</span><span class="p">(</span><span class="n">evaluator</span><span class="o">=</span><span class="n">evaluator</span><span class="p">,</span> <span class="n">audit_log</span><span class="o">=</span><span class="n">audit_log</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="n">CapabilityGuardMiddleware</span><span class="p">(</span><span class="n">allowed_tools</span><span class="o">=</span><span class="p">[</span><span class="s2">&#34;check_credit_score&#34;</span><span class="p">,</span> <span class="s2">&#34;get_loan_rates&#34;</span><span class="p">]),</span> </span></span><span class="line"><span class="cl"> <span class="n">RogueDetectionMiddleware</span><span class="p">(</span><span class="n">detector</span><span class="o">=</span><span class="n">detector</span><span class="p">,</span> <span class="n">agent_id</span><span class="o">=</span><span class="s2">&#34;loan-agent&#34;</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="p">],</span> </span></span><span class="line"><span class="cl"><span class="p">)</span> </span></span></code></pre></div><p>In .NET, same pattern via <code>.Use()</code>:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="kt">var</span> <span class="n">agent</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="n">BuildAIAgent</span><span class="p">(</span><span class="n">model</span><span class="p">:</span> <span class="s">&#34;gpt-5.3&#34;</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">.</span><span class="n">Use</span><span class="p">(</span><span class="k">new</span> <span class="n">GovernancePolicyMiddleware</span><span class="p">(</span><span class="n">evaluator</span><span class="p">))</span> </span></span><span class="line"><span class="cl"> <span class="p">.</span><span class="n">Use</span><span class="p">(</span><span class="k">new</span> <span class="n">CapabilityGuardMiddleware</span><span class="p">(</span><span class="n">allowedTools</span><span class="p">))</span> </span></span><span class="line"><span class="cl"> <span class="p">.</span><span class="n">Use</span><span class="p">(</span><span class="k">new</span> <span class="n">AuditTrailMiddleware</span><span class="p">(</span><span class="n">auditLog</span><span class="p">));</span> </span></span></code></pre></div><p>Same agent, same orchestration, same tools. AGT adds governance capabilities without touching the agent logic.</p> <h2 id="what-you-get">What You Get</h2> <ul> <li><strong>GovernancePolicyMiddleware</strong> — evaluates every action against declarative policy rules</li> <li><strong>CapabilityGuardMiddleware</strong> — allowlists which tools an agent is permitted to call (the <code>approve_small_loan</code> tool isn&rsquo;t in the allowed list above — deliberate)</li> <li><strong>RogueDetectionMiddleware</strong> — detects anomalous behavior patterns at runtime</li> <li><strong>AuditTrailMiddleware</strong> — Merkle-chained audit log so every action is cryptographically tamper-evident</li> </ul> <p>That last one matters for compliance. A Merkle chain means if anyone modifies the log, the chain breaks. The audit is the evidence.</p> <h2 id="five-industry-scenarios">Five Industry Scenarios</h2> <p>The AGT repo ships five complete end-to-end scenarios: financial services (loan officer), healthcare (patient data), legal (contract review), government (citizen services), and manufacturing (quality control). Each one pairs real MAF agents with real AGT governance middleware.</p> <p>These aren&rsquo;t toy demos. They&rsquo;re the kind of scenarios where you&rsquo;d actually need governance in production.</p> <h2 id="wrapping-up">Wrapping Up</h2> <p>If you&rsquo;re building agents that touch real data, make decisions with consequences, or run unattended in production — governance isn&rsquo;t optional. The combination of MAF + AGT gives you the whole stack: build it with Agent Framework, govern it with AGT.</p> <p>Both projects are open source. The original article has links to the full code samples.</p> <p>Original post: <a href="https://devblogs.microsoft.com/agent-framework/governance-at-the-speed-of-agents-microsoft-agent-framework-and-agent-governance-toolkit-better-together/">Governance at the Speed of Agents: Microsoft Agent Framework and Agent Governance Toolkit, Better Together</a></p>