feat(agent-os): add native FIDES-compatible IFC layer#3245
Conversation
Add Agent OS information-flow labels, strict sink enforcement, bounded reveal/declassification/endorsement primitives, and AgentMesh signed IFC receipts. Include ACS annotation fixture, deterministic examples, focused tests, and documentation that links to FIDES while scoping distributed limitations. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Signed-off-by: Jack Batzner <jackbatzner@microsoft.com>
🤖 AI Agent: breaking-change-detector — API Compatibility
API Compatibility
|
🤖 AI Agent: security-scanner — View details
No security issues found. |
🤖 AI Agent: docs-sync-checker — Docs Sync
Docs Sync
|
🤖 AI Agent: test-generator — `agent-mesh/src/agentmesh/transport/information_flow.py`
|
PR Review Summary
Verdict: AI review comments are untrusted advisory output. The summary reports workflow-generated completion status only, not model-authored pass/fail claims. |
Allow the IFC variable URI scheme and avoid compact precheck/postcheck wording in docs. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Signed-off-by: Jack Batzner <jackbatzner@microsoft.com>
🤖 AI Agent: code-reviewer — View details
TL;DR: 0 blockers, 1 warning. The PR introduces a robust IFC layer with signed receipts but has a potential replay risk due to the nonce cache's bounded size.
Action items:
Warnings:
No other issues found. The implementation appears secure and well-documented. |
Signed-off-by: Jack Batzner <jackbatzner@microsoft.com>
Signed-off-by: Jack Batzner <jackbatzner@microsoft.com>
Description
Adds a native FIDES-compatible information-flow-control layer for AGT with concrete runtime proof: Agent OS label parsing/propagation/enforcement, AgentMesh signed IFC receipts for native agent-to-agent message handoff, ACS annotation interoperability, deterministic examples, focused tests, and documentation that cites FIDES while preserving distributed claim boundaries.
Type of Change
Package(s) Affected
Checklist
Attribution & Prior Art
Prior art / related projects (if any):
AI Assistance
If AI tools materially shaped this change, briefly note what was used:
GitHub Copilot assisted with implementation, tests, documentation, and review hardening. All output was reviewed and validated by the contributor.
IP, Patents, and Licensing
Related Issues
None.
Validation
python -m pytest agent-governance-python\agent-os\tests\policies\test_information_flow.py agent-governance-python\agent-os\tests\test_integrations.py -k "information_flow or ifc or malicious" -q- 28 passed.PYTHONPATH=agent-governance-python\agent-mesh\src python -m pytest agent-governance-python\agent-mesh\tests\test_information_flow_receipts.py -q- 13 passed.ruff check --select E,F,W --ignore E501 <changed Python files>- passed.python examples\information-flow-control\demo.py- blocked public email sink, allowed bounded reveal, allowed quarantine sink.python examples\distributed-information-flow-control\demo.py- allowed valid receipt, denied tamper/downgrade/replay.python scripts\docs\check_links.py- 0 new broken links.git diff --checkand staged secret/stub/license-header scans - passed.