Governance | The .NET Bloghttps://thedotnetblog.com/zh/tags/governance/Articles, tutorials and insights from the .NET community.Hugozh@thedotnetblog (The .NET Blog)@thedotnetblogFri, 29 May 2026 00:00:00 +0000构建智能体是容易的部分——安全运行它们才是难的部分https://thedotnetblog.com/zh/news/emiliano-montesdeoca/maf-agent-governance-toolkit-runtime-policy/Fri, 29 May 2026 00:00:00 +0000Emiliano Montesdeocahttps://thedotnetblog.com/zh/news/emiliano-montesdeoca/maf-agent-governance-toolkit-runtime-policy/Microsoft Agent Framework 与 Agent Governance Toolkit 协同工作,在运行时执行策略、管理工具调用并提供 Merkle 链式审计日志——无需修改智能体提示词。<p>在 AI 智能体开发中,有一个我开始称为&quot;演示后悔&quot;的模式。智能体在演示中运行良好。然后有人问:如果它调用了错误的工具会怎样?如果它访问了不该访问的数据?谁审计了这个?</p> <p>Microsoft Agent Framework 为构建和编排提供支持。Agent Governance Toolkit(AGT)覆盖之后的部分——治理、策略执行以及运行时可审计性。</p> <h2 id="每个项目的实际用途">每个项目的实际用途</h2> <p><strong>Microsoft Agent Framework (MAF)</strong> 提供编程模型:多智能体工作流、A2A 协议互操作性、中间件钩子、内存以及通过 Foundry Agent Service 进行托管。它在模型输入/输出层面处理内容安全。</p> <p><strong>Agent Governance Toolkit (AGT)</strong> 插入相同的中间件管道以管理<em>操作</em>。每次工具调用、资源访问和智能体间消息在执行前都会根据策略进行评估。亚毫秒级开销。无 sidecar,无代理,无修改的提示词。</p> <pre tabindex="0"><code>智能体操作 --&gt; 策略检查 --&gt; 允许 / 拒绝 --&gt; 审计日志 (&lt; 0.1 ms) </code></pre><p>不同层次,完整覆盖,一个管道。</p> <h2 id="接入只需添加中间件">接入只需添加中间件</h2> <p>在 Python 中,AGT 添加到与日志记录或内容过滤器相同的 <code>middleware</code> 参数:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="n">agent</span> <span class="o">=</span> <span class="n">Agent</span><span class="p">(</span> </span></span><span class="line"><span class="cl"> <span class="n">client</span><span class="o">=</span><span class="n">OpenAIChatClient</span><span class="p">(</span><span class="n">model</span><span class="o">=</span><span class="s2">&#34;gpt-5.3&#34;</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="n">name</span><span class="o">=</span><span class="s2">&#34;Contoso Loan Officer&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">instructions</span><span class="o">=</span><span class="s2">&#34;You are a governed loan assistant.&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="n">tools</span><span class="o">=</span><span class="p">[</span><span class="n">check_credit_score</span><span class="p">,</span> <span class="n">get_loan_rates</span><span class="p">,</span> <span class="n">approve_small_loan</span><span class="p">],</span> </span></span><span class="line"><span class="cl"> <span class="n">middleware</span><span class="o">=</span><span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="n">AuditTrailMiddleware</span><span class="p">(</span><span class="n">audit_log</span><span class="o">=</span><span class="n">audit_log</span><span class="p">,</span> <span class="n">agent_did</span><span class="o">=</span><span class="s2">&#34;loan-agent&#34;</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="n">GovernancePolicyMiddleware</span><span class="p">(</span><span class="n">evaluator</span><span class="o">=</span><span class="n">evaluator</span><span class="p">,</span> <span class="n">audit_log</span><span class="o">=</span><span class="n">audit_log</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="n">CapabilityGuardMiddleware</span><span class="p">(</span><span class="n">allowed_tools</span><span class="o">=</span><span class="p">[</span><span class="s2">&#34;check_credit_score&#34;</span><span class="p">,</span> <span class="s2">&#34;get_loan_rates&#34;</span><span class="p">]),</span> </span></span><span class="line"><span class="cl"> <span class="n">RogueDetectionMiddleware</span><span class="p">(</span><span class="n">detector</span><span class="o">=</span><span class="n">detector</span><span class="p">,</span> <span class="n">agent_id</span><span class="o">=</span><span class="s2">&#34;loan-agent&#34;</span><span class="p">),</span> </span></span><span class="line"><span class="cl"> <span class="p">],</span> </span></span><span class="line"><span class="cl"><span class="p">)</span> </span></span></code></pre></div><p>在 .NET 中,通过 <code>.Use()</code> 使用相同模式:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-csharp" data-lang="csharp"><span class="line"><span class="cl"><span class="kt">var</span> <span class="n">agent</span> <span class="p">=</span> <span class="n">builder</span><span class="p">.</span><span class="n">BuildAIAgent</span><span class="p">(</span><span class="n">model</span><span class="p">:</span> <span class="s">&#34;gpt-5.3&#34;</span><span class="p">)</span> </span></span><span class="line"><span class="cl"> <span class="p">.</span><span class="n">Use</span><span class="p">(</span><span class="k">new</span> <span class="n">GovernancePolicyMiddleware</span><span class="p">(</span><span class="n">evaluator</span><span class="p">))</span> </span></span><span class="line"><span class="cl"> <span class="p">.</span><span class="n">Use</span><span class="p">(</span><span class="k">new</span> <span class="n">CapabilityGuardMiddleware</span><span class="p">(</span><span class="n">allowedTools</span><span class="p">))</span> </span></span><span class="line"><span class="cl"> <span class="p">.</span><span class="n">Use</span><span class="p">(</span><span class="k">new</span> <span class="n">AuditTrailMiddleware</span><span class="p">(</span><span class="n">auditLog</span><span class="p">));</span> </span></span></code></pre></div><p>相同的智能体,相同的编排,相同的工具。AGT 在不修改智能体逻辑的情况下添加治理能力。</p> <h2 id="你能获得什么">你能获得什么</h2> <ul> <li><strong>GovernancePolicyMiddleware</strong> — 根据声明式策略规则评估每个操作</li> <li><strong>CapabilityGuardMiddleware</strong> — 白名单规定智能体允许调用哪些工具(上面 <code>approve_small_loan</code> 工具故意不在允许列表中)</li> <li><strong>RogueDetectionMiddleware</strong> — 在运行时检测异常行为模式</li> <li><strong>AuditTrailMiddleware</strong> — Merkle 链式审计日志,使每个操作在密码学上防篡改</li> </ul> <p>最后一点对合规性很重要。Merkle 链意味着如果有人修改日志,链就会断裂。审计即证据。</p> <h2 id="五个行业场景">五个行业场景</h2> <p>AGT 代码库包含五个完整的端到端场景:金融服务(贷款专员)、医疗(患者数据)、法律(合同审查)、政府(公民服务)和制造(质量控制)。每个场景都将真实的 MAF 智能体与真实的 AGT 治理中间件配对。</p> <p>这些不是玩具演示。它们是您在生产中实际需要治理的那类场景。</p> <h2 id="总结">总结</h2> <p>如果您正在构建涉及真实数据、做出有后果决策或在生产中无人监管运行的智能体——治理不是可选的。MAF + AGT 的组合提供完整的技术栈:用 Agent Framework 构建,用 AGT 治理。</p> <p>两个项目都是开源的。原文包含完整代码示例的链接。</p> <p>原文链接:<a href="https://devblogs.microsoft.com/agent-framework/governance-at-the-speed-of-agents-microsoft-agent-framework-and-agent-governance-toolkit-better-together/">Governance at the Speed of Agents: Microsoft Agent Framework and Agent Governance Toolkit, Better Together</a></p>