Target: microsoft/agent-governance-toolkit examples/aegis-governance-profile/
Status: Implementation pending. Proposal accepted by AGT team 2026-04-22.
License: Apache 2.0 (no BSL in the dependency chain)
Kind: External platform integration

What it is

A self-contained, runnable AGT example demonstrating declarative governance profiles — a higher-level YAML format describing what an agent (or class of agents) is permitted to do, with what constraints, under what conditions — and a standalone Python compiler that emits equivalent Cedar and OPA/Rego policies consumable by AGT’s existing PolicyEvaluator.load_cedar() and load_rego() backends.

The example targets operators who think in domain terms (roles, capabilities, data scopes, delegation rules, rate limits) rather than authorization AST logic, and who want a single declarative source-of-truth that fans out to both of AGT’s external policy backends without hand-authoring either.

Why a new format

AGT already ships a YAML policy DSL. The two formats are shaped for different audiences.

AGT’s built-in YAML DSL is tuned to the toolkit’s internal evaluation model — blocked patterns, PII regex, token/rate limits, content-safety rules. It is authored by operators close to the enforcement runtime.

The AEGIS governance profile is tuned to the authorship level above that: role-based capability declarations, data-scope allow/deny, delegation rules, operational constraints — the concepts governance and compliance stakeholders work in when they describe what an agent is authorized to do at an organizational level. The profile compiles down to AGT’s existing external backends; what changes is where and how the authorization intent is authored and reviewed.

The two formats are complementary: an operator can ship a Cedar/Rego policy generated from an AEGIS profile and layer AGT’s YAML DSL on top for runtime concerns the profile deliberately does not address.

Sample profile shape

# AEGIS Governance Profile — v1
metadata:
  profile_id: research-agent-standard
  profile_version: 1.0.0
  applies_to: principal:role:researcher

capabilities:
  allowed_actions: [web_search, document_read, summarize]
  denied_actions: [file_write, shell_exec]

data_access:
  allowed_scopes: ["public/*", "research/published/*"]
  denied_scopes: ["customer/pii/*", "internal/confidential/*"]
  max_records_per_query: 1000

delegation:
  may_delegate_to: ["role:summarizer"]
  max_delegation_depth: 2

constraints:
  max_operations_per_hour: 500
  require_human_approval_when:
    - action: publish_content

compile.py reads profile.yaml and emits two files:

A getting_started.py demo loads both outputs into AGT’s PolicyEvaluator, runs the same input through each backend, and prints the decision from each — showing the two PolicyDocuments agree on the evaluation that the profile describes.

Constraints honored

Per the 2026-04-22 scoping agreement with the AGT team:

  1. No runtime dependency on aegis-core. The compiler is a single Python module with only pyyaml as an external dependency.
  2. Decoupled from AGT internals. The example consumes AGT’s public PolicyEvaluator.load_cedar() / load_rego() entry points and emits policy text conforming to Cedar and Rego grammars — no AGT-private classes, modules, or schemas referenced.
  3. Apache 2.0 licensed. No BSL-licensed code in the dependency chain.
  4. Submitted as a PR following AGT’s standard process — CLA execution and CONTRIBUTING.md compliance before merge.

Maturity labelling

Per AGT’s contribution guidance, the example’s README will explicitly label the governance profile format as community-driven and experimental, with the caveat that the profile schema is not yet standardized and may evolve based on adopter feedback.

Canonical proposals

The full proposal documents (delivered to Imran Siddique 2026-04-24) live publicly on the AEGIS Governance site: