End-to-end scenario folders showing how the Agent Governance Toolkit (AGT) layers onto the real Microsoft Agent Framework (MAF) Python and .NET agent patterns across governed agent scenarios.
Scenarios 01-05 stay self-contained by scenario and include aligned Python and .NET governance stories. The Python implementations bootstrap the repo-local AGT packages so you can run them directly from this checkout.
Scenario 06 is a repo-local .NET validation sample for the shared
Microsoft.AgentGovernance.Extensions.Microsoft.Agents package and intentionally
references the in-repo agent-governance-dotnet projects.
Each Python example uses:
- the published
agent-frameworkpackage from the real Microsoft Agent Framework repo - a real
agent_framework.Agent - a real MAF chat client (
OpenAIChatClientfor optional live preview or a deterministic scripted client for the offline walkthrough) - real AGT middleware from
agent_os.integrations.maf_adapter - the same scenario stories used in
docs/tutorials/34-maf-integration.mdandexamples/demos/maf-integration
The .NET demos use the real Microsoft Agent Framework SDK through the
native Microsoft.Agents.AI middleware surface.
- The scenario projects reference
Microsoft.Agents.AIdirectly - Governed MAF agents are created with
BuildAIAgent(...)plus native.Use(...)middleware - Policies stay local to the examples and evaluate prompt/tool rules inside the demo middleware
- Demo output is deterministic: the examples use a local MAF chat client instead of live model credentials
The .NET examples also share a small shared-dotnet/DemoCommon.cs helper for the
terminal walkthrough, rogue-detection probe, and Merkle audit display.
Scenario 06 is different by design: it is a repo-local validation sample for the shared extension package rather than a copy-anywhere scenario demo.
| # | Scenario | Industry | What it demonstrates |
|---|---|---|---|
| 01 | Loan Processing | Banking | PII blocking, approval gating, tool sandboxing, rogue transfer detection |
| 02 | Customer Service | Retail | Refund fraud prevention, payment-data protection, escalation rules |
| 03 | Healthcare | Healthcare | HIPAA PHI blocking, prescription safety, cross-department isolation |
| 04 | IT Helpdesk | Enterprise IT | Privilege escalation prevention, credential isolation, infrastructure protection |
| 05 | DevOps Deploy | DevOps | Production deployment gates, destructive-operation blocking, deployment-storm detection |
| 06 | .NET Extension Validation | Platform | Validates the shared Microsoft.Agents governance extension with a minimal runnable app |
cd examples/maf-integration/01-loan-processing/python
pip install -r requirements.txt
# Optional: use a live model backend
export GITHUB_TOKEN=$(gh auth token)
python main.pyThe walkthrough always runs. If a supported model credential is configured, the
example also performs a small live Agent.run(...) preview before the scripted
governance acts. Without credentials, it skips the live call and still runs the
four governance acts through the real Agent.run(...) tool loop with a
deterministic scripted MAF client.
For the scenario demos:
cd examples/maf-integration/01-loan-processing/dotnet
dotnet runFor the shared extension validation sample:
cd examples/maf-integration/06-dotnet-extension-validation/dotnet
dotnet runThe validation sample is intentionally repo-local rather than copy-anywhere self-contained. It validates the shared Microsoft.Agents extension package against the exact in-repo source on this branch.
Python demos detect backends in this order:
| Priority | Backend | Configuration |
|---|---|---|
| 1 | GitHub Models | GITHUB_TOKEN |
| 2 | OpenAI | OPENAI_API_KEY |
| 3 | Azure OpenAI | AZURE_OPENAI_API_KEY plus AZURE_OPENAI_ENDPOINT or AZURE_OPENAI_BASE_URL |
| 4 | Offline walkthrough | No model credentials required |
Each demo runs a 4-act governance walkthrough:
- Policy Enforcement — governed requests are allowed or denied inside the real MAF middleware pipeline
- Capability Sandboxing — governed MAF tool calls are allowed or blocked by function middleware
- Rogue Agent Detection — repeated risky actions trigger anomaly detection and quarantine
- Audit Trail — governance events are written into a Merkle-chained tamper-evident log
Each Python demo wires the same runtime shape:
AuditTrailMiddlewarerecords request and tool events.GovernancePolicyMiddlewareevaluates YAML policies with the realPolicyEvaluator.CapabilityGuardMiddlewareenforces allow/deny tool lists.RogueDetectionMiddlewarerecords behavior against a realRogueAgentDetector.- The scenario script drives those checks through real
Agent.run(...)calls and prints the resulting policy blocks, capability decisions, rogue detection, and audit integrity results.
The .NET scenario demos follow the same flow, but implement the walkthrough with
native MAF middleware inside the example projects themselves.
The validation sample uses the shared AgentFrameworkGovernanceAdapter and
WithGovernance(...) extension methods to validate run-level and tool-level
governance against Microsoft.Agents.AI.
Python policy documents use the real AGT schema and operator set. For example:
- name: "block_high_value_approval"
condition:
field: "message"
operator: "matches"
value: '(?i)(approve.*loan|loan approval|\$\s*(?:[5-9]\d{4,}|[1-9]\d{5,}))'
action: "deny"
priority: 95
message: "Loan approvals above the delegated threshold require human review"The .NET scenario demos keep their policy documents local to the demos and use
simple prompt/tool rule expressions such as:
rules:
- name: block-fund-transfer
condition: "tool_name == 'transfer_funds'"
action: deny
priority: 100