Python: [Python][Agents] AgentMesh: Trust and Governance Layer

[imran-siddique]

Summary

Adds agentmesh module to \semantic_kernel.agents\ providing cryptographic identity verification and governance controls for Semantic Kernel agents.

Features

Trust Layer

• CMVKIdentity: Ed25519-based cryptographic identity
• TrustedAgentCard: Agent discovery and verification
• TrustHandshake: Peer verification protocol

Governance Layer

• GovernancePolicy: Comprehensive policy configuration
• GovernedAgent: Agent wrapper with policy enforcement
• GovernanceKernel: Kernel wrapper with governance controls

Governance Capabilities

Feature	Description
Rate Limiting	Per-minute and per-hour limits
Function Control	Allow/deny lists for functions
Resource Limits	Concurrent tasks, memory limits
Audit Logging	Full invocation audit trail
Trust Requirements	Identity verification, trust scores

Example

\\python
from semantic_kernel.agents.agentmesh import (
CMVKIdentity,
GovernedAgent,
GovernancePolicy,
)

identity = CMVKIdentity.generate('assistant', capabilities=['chat'])

policy = GovernancePolicy(
max_requests_per_minute=30,
allowed_functions=['chat'],
audit_all_invocations=True,
)

governed = GovernedAgent(agent=base_agent, identity=identity, policy=policy)
\\

Related

• AgentMesh Project
• Similar integrations: LangChain (#35057), LlamaIndex (#20644)

[moonbox3]

Python Test Coverage Report •

File	Stmts	Miss	Cover	Missing
__init__.py	4	0	100%
agents/agentmesh
__init__.py	4	4	0%	7–8, 14, 21
governance.py	169	169	0%	7, 9–12, 14–15, 26, 29–33, 36–37, 40–45, 48–49, 56–58, 61–63, 66–68, 71–74, 77–79, 82–83, 86–89, 92, 99, 112–115, 122–125, 127–128, 130, 132–133, 135, 137–138, 140, 142, 151, 153–154, 156, 159–162, 165–168, 171–174, 177–178, 180, 182, 191–193, 195–197, 199, 201, 219, 226–227, 229, 246–250, 252, 260, 262, 281, 284–287, 293–294, 297–298, 304–305, 308–309, 315–316, 319–320, 326, 329–330, 332–338, 340, 342, 344, 346, 348, 350, 352, 354, 356, 358, 360, 372, 378, 391–394, 401–402, 404, 406, 411–412, 414–415, 417, 419–420, 422, 424–425, 427, 429, 438–439, 441, 443
identity.py	79	79	0%	3, 5–10, 12–14, 16–18, 21–22, 25–28, 30–31, 38–41, 49–50, 53–58, 60–61, 63–65, 67–71, 73–75, 77, 85, 87–88, 90–94, 96–97, 99, 101, 103–104, 106–115, 117–118, 126–129, 137, 139
trust.py	93	93	0%	3, 5–8, 10, 13–14, 17–21, 24–25, 28–32, 35–36, 39–45, 47–48, 56, 58, 60–62, 64, 66–69, 71–72, 79–83, 85–89, 100, 103–107, 109–115, 117–118, 120, 127–128, 130–133, 135–136, 140–141, 145–146, 150–151, 157–161, 168, 175–176, 178–179
TOTAL	28492	5166	81%

Python Unit Test Overview

Tests	Skipped	Failures	Errors	Time
3833	23 💤	0 ❌	0 🔥	1m 45s ⏱️

[imran-siddique]

Ready for Final Review 🙏

This PR has been open for a while. The AgentMesh trust layer integration is complete and tested.

Could a maintainer please provide a final review? Happy to address any remaining concerns.

Thank you!

[moonbox3]

What's the requirement/need driving this?

[imran-siddique]

Great question! The need comes from several production multi-agent scenarios:

Key Requirements

1. Identity Verification - When agents communicate (A2A, multi-agent orchestration), there's no built-in way to verify "who" you're talking to. Without cryptographic identity, any process can claim to be any agent.

2. Trust-Gated Operations - Sensitive operations (code execution, data access, external API calls) should only be allowed from verified, trusted agents. This module provides configurable trust thresholds per operation.

3. Audit Compliance - Enterprise deployments need full audit trails of all agent invocations for compliance (GDPR, HIPAA, SOX). The governance layer logs every action with identity tracking.

4. Rate Limiting & Resource Control - Prevent runaway agents from exhausting resources. The policy layer enforces per-minute/per-hour limits and concurrent task bounds.

Real Example

In a multi-agent system where:

• Agent A requests Agent B to execute code
• Agent B should verify Agent A is trusted before execution
• All interactions must be logged for audit

This module makes that possible with minimal code changes:

\\python
governed = GovernedAgent(agent=base_agent, identity=identity, policy=policy)

Now all invocations are identity-verified, policy-checked, and audit-logged

\\

Similar integrations have been merged/submitted to AutoGen, CrewAI, A2A, and others. Happy to discuss specific use cases!

[imran-siddique]

Great question @moonbox3! The driving need is runtime governance for AI agents — specifically:

1. Compliance requirements: Enterprises deploying SK-based agents need deterministic policy enforcement (not just prompt-based guardrails) for regulated industries (finance, healthcare, government)

2. Safety at the kernel function level: Current approaches rely on the LLM to follow instructions, but agent-os intercepts before execution — if a kernel function would violate policy (e.g., accessing forbidden resources, exceeding token budgets), it's blocked deterministically

3. Audit trail: Every kernel function invocation, policy decision, and tool call is logged with cryptographic integrity — critical for SOC2/ISO compliance

4. Real-world demand: We've seen this pattern requested across multiple frameworks — we have similar integrations open for AutoGen (.Net: Ollama Connector : Added metadata, integration tests + more adjustments #7212), CrewAI, LangChain, and LlamaIndex. The A2A protocol team at Google is also reviewing our trust layer approach.

The integration is lightweight (~200 lines) and opt-in — it wraps existing SK kernel functions without changing their behavior unless a policy violation is detected.

Happy to discuss further or adjust the approach!

[moonbox3]

Thanks for the contribution, @imran-siddique. These types of features usually have a longer tail in design/implementation: we need to review the requirement with the team, capture design in an ADR (while looking at different ways to design it), and make sure things also align with .NET. Our focus is currently on the Microsoft Agent Framework. We aren't bringing new features like this in to Semantic Kernel.

[imran-siddique]

Thanks @moonbox3 for reviewing! I understand this may not align with the project's current priorities. I'll keep improving the governance layer independently and would love to revisit this when there's a clearer need from the SK ecosystem. Appreciate your time!