tutorials

📚 Tutorials

Step-by-step guides for every layer of the Agent Governance Toolkit — from your first policy rule to production-grade observability. Each tutorial includes runnable code examples, API reference tables, and cross-references to related guides.

New here? Try the 2-hour hands-on workshop first — it covers policy, trust, and audit with guided labs. Then work through the numbered tutorials for deeper dives.

Already comfortable with the basics? Start with Tutorial 01 — Policy Engine and follow the numbered sequence.

---

Getting Started

#	Tutorial	What You'll Learn	Package
–	Retrofit Governance onto an Existing Agent	Add policy enforcement to any existing agent in 3 steps	agent-governance-toolkit-core
–	Progressive Governance — Start Simple, Add Layers	5-level progressive complexity model; pick the level that matches your risk	All

Core Governance

#	Tutorial	What You'll Learn	Package
01	Policy Engine	YAML rules, operators, conflict resolution, middleware integration	agent-governance-toolkit-core
02	Trust & Identity	Ed25519 credentials, DIDs, SPIFFE/SVID, trust scoring (0–1000)	agent-governance-toolkit-core
03	Framework Integrations	Govern LangChain, CrewAI, AutoGen, OpenAI Agents, Google ADK	agent-governance-toolkit-core
04	Audit & Compliance	Append-only audit logs, hash chains, OWASP ASI mapping	agent-governance-toolkit-cli

Policy & Security

#	Tutorial	What You'll Learn	Package
07	MCP Security Gateway	Tool poisoning detection, parameter sanitization, human-in-the-loop	agent-governance-toolkit-core
08	OPA/Rego & Cedar Policies	External policy backends, 3 evaluation modes, enterprise policies	agent-governance-toolkit-core
09	Prompt Injection Detection	7 attack types, MemoryGuard, ConversationGuardian, red-teaming	agent-governance-toolkit-core

Runtime & Execution

#	Tutorial	What You'll Learn	Package
05	Agent Reliability (SRE)	SLOs, error budgets, circuit breakers, chaos testing	agent-governance-toolkit-sre
06	Execution Sandboxing	4-tier privilege rings, resource limits, termination control	agent-governance-toolkit-runtime
11	Saga Orchestration	Multi-step transactions, DSL, fan-out, compensating actions	agent-governance-toolkit-runtime
12	Liability & Attribution	Vouching, slashing, causal attribution, quarantine	agent-governance-toolkit-runtime
14	Kill Switch & Rate Limiting	Emergency termination, rate limiting, ring elevation	agent-governance-toolkit-runtime
51	Cost Governance	Tiered budgets, auto-throttle, kill switch, anomaly detection, cost optimization	agent-governance-toolkit-sre

Trust & Networking

#	Tutorial	What You'll Learn	Package
16	Protocol Bridges	A2A, MCP proxy, IATP attestation, trust-gated communication	agent-governance-toolkit-core
17	Advanced Trust & Behavior	Behavior monitoring, reward engine, trust policies, shadow mode	agent-governance-toolkit-core
31	Entra Agent ID Bridge	Bridge DID identity with Microsoft Entra Agent ID, Conditional Access, sponsor accountability	agent-governance-toolkit-core
32	E2E Encrypted Messaging	Signal protocol (X3DH + Double Ratchet), SecureChannel, trust-gated encryption	agent-governance-toolkit-core

Ecosystem

#	Tutorial	What You'll Learn	Package
10	Plugin Marketplace	Plugin signing, verification, CLI, supply-chain security	agent-governance-toolkit-core
13	Observability & Tracing	Causal traces, event bus, Prometheus, OpenTelemetry	agent-governance-toolkit-runtime
15	RL Training Governance	GovernedRunner, PolicyReward, Gym-compatible environments	agent-governance-toolkit-core
18	Compliance Verification	Governance grading, regulatory frameworks, attestation	agent-governance-toolkit-cli
50	Decision BOM	Reconstruct full decision context from observability signals, completeness scoring, batch audit	agent-governance-toolkit-core

Multi-Language Packages

#	Tutorial	What You'll Learn	Package
19	.NET package	GovernanceKernel, policy, rings, saga, SLO, OpenTelemetry in C#	Microsoft.AgentGovernance
42	C# MCP extension	Add governed tool execution, startup scanning, and response sanitization to MCP servers	Microsoft.AgentGovernance.Extensions.ModelContextProtocol
20	TypeScript package	Identity, trust, policy, audit in TypeScript/Node.js	@microsoft/agent-governance-sdk
21	Rust crate	Policy, trust, audit, identity with agentmesh crate	agentmesh
22	Go module	Policy, trust, audit, identity with Go module	agentmesh

Delegation & Cost Control

#	Tutorial	What You'll Learn	Package
23	Delegation Chains	Monotonic scope narrowing, multi-agent delegation, cascade revocation	@microsoft/agent-governance-sdk
24	Cost & Token Budgets	Per-session token limits, context scheduling, budget signals	agent-governance-toolkit-core
49	Multi-Agent Collective Policies	Aggregate constraints across agents: rate limits, concurrent caps, alert-only monitoring	agent-governance-toolkit-core

Supply Chain Security

#	Tutorial	What You'll Learn	Package
25	Security Hardening	Gitleaks, Dependabot, CodeQL, fuzzing, Scorecard, branch protection	agent-governance-toolkit-cli
26	SBOM & Signing	SPDX/CycloneDX SBOMs, Ed25519 artifact signing, attestation	agent-governance-toolkit-cli
27	MCP Scan CLI	MCP tool scanning, rug-pull detection, CI integration	agent-governance-toolkit-core
45	Shift-Left Governance	Pre-commit hooks, GitHub Actions, CI gates, language-specific build-time enforcement	agent-governance-toolkit-cli

---

Discovery & Inventory

#	Tutorial	What You'll Learn	Package
29	Agent Discovery	Shadow AI scanning, inventory dedup, reconciliation, risk scoring, CI/CD integration	agent-governance-toolkit-core
30	Agent Lifecycle Management	Provisioning, approval workflows, credential rotation, orphan detection, decommissioning	agent-governance-toolkit-core

Enterprise Identity

#	Tutorial	What You'll Learn	Package
31	Entra Agent ID Bridge	Bridge AGT DIDs with Microsoft Entra Agent ID / Agent365, AKS workload identity, roles & responsibilities	agent-governance-toolkit-core

Advanced Governance (v3.2+)

#	Tutorial	What You'll Learn	Package
35	Policy Composition	extends for 3-tier governance hierarchies (CISO → platform → app), additive-only merge, diamond dedup	agent-governance-toolkit-core
36	2-Line Governance with govern()	The govern() wrapper — policy enforcement + audit in 2 lines of code	agent-governance-toolkit-core
37	Multi-Stage Policy Pipeline	4-stage lifecycle: pre_input → pre_tool → post_tool → pre_output	agent-governance-toolkit-core
38	Approval Workflows	Human-in-the-loop gates with Callback, Webhook, and Console handlers	agent-governance-toolkit-core
39	DLP with Attribute Ratchets	Monotonic session state — sensitivity only goes up, never resets	agent-governance-toolkit-core
40	OTel Observability	OpenTelemetry spans + metrics for policy, approval, and trust operations	agent-governance-toolkit-core
41	Advisory Defense-in-Depth	Pattern, ML, and HTTP classifiers as non-deterministic defense layer	agent-governance-toolkit-core
48	Intent-Based Authorization	Declare/approve/execute/verify lifecycle, drift detection, child intent scope narrowing	agent-governance-toolkit-core

Extending the Toolkit

#	Tutorial	What You'll Learn	Package
28	Building Custom Integrations	Trust integrations, kernel adapters, publishing your own governance package	agent-governance-toolkit-core / standalone

Policy-as-Code Deep Dive

A self-contained sub-series progressing from basic allow/deny rules to production-grade policy management. Each chapter has a matching Python script in policy-as-code/examples/.

Chapter	Topic	What You'll Learn
01 — Your First Policy	Allow/deny basics	Write a YAML policy and evaluate it with Python
02 — Capability Scoping	Restricting tool access by agent role	Give different agents different permissions
03 — Rate Limiting	Preventing runaway agents	Set limits on how many actions an agent can take
04 — Conditional Policies	Policy composition and conflict resolution	Layer base + environment policies with conflict strategies
05 — Approval Workflows	Human-in-the-loop for sensitive actions	Route dangerous actions to a human before execution
06 — Policy Testing	Systematic validation with test matrices	Test every role + action + environment combination
07 — Policy Versioning	Safe rollout of policy changes	Compare v1 vs v2 behavior, catch regressions before deploying
MCP Governance	Supplemental	Governing MCP tool access with the proxy, trust-gated components, OWASP-aligned rules

See the Policy-as-Code README for installation and running instructions.

---

Learning Paths

🚀 "I want to govern my agent in 5 minutes"

1. 01 — Policy Engine → define allow/deny rules
2. 03 — Framework Integrations → wrap your framework
3. 04 — Audit & Compliance → log everything

🔒 "I need production-grade security"

1. 02 — Trust & Identity → cryptographic agent identity
2. 09 — Prompt Injection Detection → input security
3. 07 — MCP Security Gateway → tool call security
4. 06 — Execution Sandboxing → privilege rings
5. 14 — Kill Switch & Rate Limiting → emergency controls
6. 25 — Security Hardening → CI/CD security gates
7. 27 — MCP Scan CLI → scan tool definitions for threats
8. 45 — Shift-Left Governance → pre-commit, PR, CI, and release gates

🏢 "I need enterprise compliance"

1. 08 — OPA/Rego & Cedar → bring existing policies
2. 04 — Audit & Compliance → tamper-proof audit trails
3. 18 — Compliance Verification → regulatory grading
4. 13 — Observability & Tracing → distributed tracing
5. 26 — SBOM & Signing → supply chain security
6. 33 — Offline-Verifiable Decision Receipts → external accountability for each decision
7. 31 — Entra Agent ID Bridge → enterprise identity with Entra / Agent365

🛡️ "I need enterprise-grade governance" (v3.2+ features)

1. 36 — govern() Quickstart → 2-line integration
2. 35 — Policy Composition → CISO → platform → app layers
3. 37 — Multi-Stage Pipeline → 4-stage lifecycle checks
4. 38 — Approval Workflows → human-in-the-loop for regulated actions
5. 39 — DLP with Ratchets → sensitivity that only goes up
6. 40 — OTel Observability → production monitoring
7. 41 — Advisory Layer → ML-based defense-in-depth

🤖 "I'm building multi-agent systems"

1. 02 — Trust & Identity → agent credentials
2. 32 — E2E Encrypted Messaging → encrypted agent channels
3. 23 — Delegation Chains → scope narrowing and delegation
4. 16 — Protocol Bridges → cross-protocol communication
5. 11 — Saga Orchestration → multi-step workflows
6. 12 — Liability & Attribution → who's responsible
7. 17 — Advanced Trust & Behavior → dynamic trust
8. 24 — Cost & Token Budgets → control agent spend

🔎 "I need to find all agents in my org"

1. 29 — Agent Discovery → scan processes, configs, and repos
2. 02 — Trust & Identity → register discovered agents
3. 01 — Policy Engine → govern the agents you find
4. 27 — MCP Scan CLI → secure discovered MCP servers

---

Prerequisites

• Python 3.10+ for Python tutorials (01–18, 24–27, 29–31)
• .NET 8.0+ for the .NET tutorials (19, 42)
• Node.js 18+ for the TypeScript tutorials (20, 23)
• Rust 1.75+ for the Rust tutorial (21)
• Go 1.21+ for the Go tutorial (22)

Install the full toolkit:

pip install agent-governance-toolkit[full]    # Python
dotnet add package Microsoft.AgentGovernance  # .NET
npm install @microsoft/agent-governance-sdk                    # TypeScript
cargo add agentmesh                           # Rust
go get github.com/microsoft/agent-governance-toolkit/agent-governance-golang  # Go

More Resources

• Quick Start — Zero to governed agents in 5 minutes
• Architecture — System design and security model
• OWASP Compliance — ASI-01 through ASI-10 mapping
• Benchmarks — Performance data
• Examples — One-file quickstarts for each framework