governance-sdk
AI Agent Governance for TypeScript â policy enforcement, scoring, compliance, and audit for AI agents
agent-safetyagent-securityai-agentsai-governancecomplianceinjection-detectionnpmpolicy-engineprompt-injection
Why this rank:Release freshnessStrong adoptionHealthy release cadence
Description
AI Agent Governance for TypeScript â policy enforcement, scoring, compliance, and audit for AI agents
Release History
| Version | Changes | Urgency | Date |
|---|---|---|---|
| v0.17.0 | The condition registry (`registerCondition` / `unregisterCondition` / `getRegisteredCondition` / `getRegisteredConditions` / `clearConditionRegistry`) and `PolicyEngineConfig.conditions` were already on `PolicyEngine` since 0.15, but `GovernanceInstance` (the thing `createGovernance()` returns) didn't expose them â `instance.policies` is a `ReadonlyPolicyEngine` view that intentionally hides mutators. So callers who followed the documented `createGovernance()` flow had no path to register a cus | High | 5/7/2026 |
| v0.16.0 | 0.15 introduced `governance-sdk/scan/multi-modal` as a host-callable orchestrator with a global "scan everything you opt into" shape. That worked for the SDK plumbing but coupled rules that have nothing to do with each other (a token-budget rule has no business knowing about images). 0.16 moves modality config onto the **policy rule itself**. ### Added â `scanModalities` on `PolicyRule` ```ts const rule: PolicyRule = { id: "image-aware-injection-guard", name: "Block prompt injection in vi | High | 4/30/2026 |
| v0.14.1 | `scope_boundary` and `network_allowlist` rules at stage `process` (the default for those conditions, where pre-execution blocking happens) silently never fired on tool calls in 0.14.0 â `evaluateToolCall` (the path behind `processOutputStep`) didn't populate `ctx.targetPath` / `ctx.targetUrl`, and those conditions read those fields exclusively. 0.14.0 wired the field-extraction registry into `wrapTool` (tool_result stage). 0.14.1 wires it into `evaluateToolCall` too â same registry, same generi | High | 4/30/2026 |
| 0.13.1 | Imported from npm (0.13.1) | Low | 4/21/2026 |
| v0.13.0 | ## Conventions flip + deprecation notices Follow-up to 0.12. Two small, deliberate changes that the 0.12 roadmap promised â committed now so users have runtime notice before 1.0. ### OTel \`conventions\` default flips from \`\"both\"\` to \`\"gen_ai\"\` \`createOtelHooks()\` now defaults to emitting only the GenAI semantic conventions. Governance spans correlate out of the box with Anthropic, OpenAI, and Vercel-AI SDK spans in Honeycomb / Datadog / New Relic. **Migration.** If your dashboard | High | 4/16/2026 |
| v0.13.0 | ## Conventions flip + deprecation notices Follow-up to 0.12. Two small, deliberate changes that the 0.12 roadmap promised â committed now so users have runtime notice before 1.0. ### OTel \`conventions\` default flips from \`\"both\"\` to \`\"gen_ai\"\` \`createOtelHooks()\` now defaults to emitting only the GenAI semantic conventions. Governance spans correlate out of the box with Anthropic, OpenAI, and Vercel-AI SDK spans in Honeycomb / Datadog / New Relic. **Migration.** If your dashboard | High | 4/16/2026 |
| v0.13.0 | ## Conventions flip + deprecation notices Follow-up to 0.12. Two small, deliberate changes that the 0.12 roadmap promised â committed now so users have runtime notice before 1.0. ### OTel \`conventions\` default flips from \`\"both\"\` to \`\"gen_ai\"\` \`createOtelHooks()\` now defaults to emitting only the GenAI semantic conventions. Governance spans correlate out of the box with Anthropic, OpenAI, and Vercel-AI SDK spans in Honeycomb / Datadog / New Relic. **Migration.** If your dashboard | Medium | 4/16/2026 |
| v0.13.0 | ## Conventions flip + deprecation notices Follow-up to 0.12. Two small, deliberate changes that the 0.12 roadmap promised â committed now so users have runtime notice before 1.0. ### OTel \`conventions\` default flips from \`\"both\"\` to \`\"gen_ai\"\` \`createOtelHooks()\` now defaults to emitting only the GenAI semantic conventions. Governance spans correlate out of the box with Anthropic, OpenAI, and Vercel-AI SDK spans in Honeycomb / Datadog / New Relic. **Migration.** If your dashboard | Medium | 4/16/2026 |
| v0.13.0 | ## Conventions flip + deprecation notices Follow-up to 0.12. Two small, deliberate changes that the 0.12 roadmap promised â committed now so users have runtime notice before 1.0. ### OTel \`conventions\` default flips from \`\"both\"\` to \`\"gen_ai\"\` \`createOtelHooks()\` now defaults to emitting only the GenAI semantic conventions. Governance spans correlate out of the box with Anthropic, OpenAI, and Vercel-AI SDK spans in Honeycomb / Datadog / New Relic. **Migration.** If your dashboard | Medium | 4/16/2026 |
| v0.13.0 | ## Conventions flip + deprecation notices Follow-up to 0.12. Two small, deliberate changes that the 0.12 roadmap promised â committed now so users have runtime notice before 1.0. ### OTel \`conventions\` default flips from \`\"both\"\` to \`\"gen_ai\"\` \`createOtelHooks()\` now defaults to emitting only the GenAI semantic conventions. Governance spans correlate out of the box with Anthropic, OpenAI, and Vercel-AI SDK spans in Honeycomb / Datadog / New Relic. **Migration.** If your dashboard | Medium | 4/16/2026 |
| v0.13.0 | ## Conventions flip + deprecation notices Follow-up to 0.12. Two small, deliberate changes that the 0.12 roadmap promised â committed now so users have runtime notice before 1.0. ### OTel \`conventions\` default flips from \`\"both\"\` to \`\"gen_ai\"\` \`createOtelHooks()\` now defaults to emitting only the GenAI semantic conventions. Governance spans correlate out of the box with Anthropic, OpenAI, and Vercel-AI SDK spans in Honeycomb / Datadog / New Relic. **Migration.** If your dashboard | Medium | 4/16/2026 |
| v0.13.0 | ## Conventions flip + deprecation notices Follow-up to 0.12. Two small, deliberate changes that the 0.12 roadmap promised â committed now so users have runtime notice before 1.0. ### OTel \`conventions\` default flips from \`\"both\"\` to \`\"gen_ai\"\` \`createOtelHooks()\` now defaults to emitting only the GenAI semantic conventions. Governance spans correlate out of the box with Anthropic, OpenAI, and Vercel-AI SDK spans in Honeycomb / Datadog / New Relic. **Migration.** If your dashboard | Medium | 4/16/2026 |
| v0.12.0 | ## Trust hardening Closes the three most load-bearing honesty gaps surfaced by the post-0.11 audit. Theme: the things the SDK already claims must actually hold up under restart, real observability, and real naming. ### Durable integrity audit chain Before 0.12, `integrityAudit: { signingKey }` held chain state (latest hash, sequence, per-event integrity) in a `createGovernance()` closure. Process restart reset the chain to genesis and every Postgres event lost its integrity metadata because t | High | 4/16/2026 |
| v0.11.2 | Adds infrastructure to keep `packages/governance/README.md` (the file npm publishes) in sync with the repo-root README â so the v0.11.1 fix can never silently regress. ## What's new - **`scripts/sync-readme.mjs`** â generates the package README from the root, normalizing repo-relative links (`./packages/...`, `./LICENSE`, `./CONTRIBUTING.md`, etc.) to absolute GitHub URLs so they resolve correctly on npmjs.com. Idempotent. - **`prepublishOnly` hook** runs sync-readme before tsc, guaranteeing e | High | 4/16/2026 |
| v0.10.0 | Tightens the SDK to the surface we can defend, and is honest about everything it doesn't do. No new features. **1,348 tests** pass with **0 failures**. ## Removed (BREAKING) - **`governance-sdk/federation`** â was advisory-only posture exchange with no distributed protocol or signature enforcement. (Note: as of 0.11 this is also not shipped in Lua Governance Cloud.) - **`governance-sdk/sandbox`** â was a `node:vm` wrapper. `node:vm` is not a security boundary (per Node docs; see CVE-2023-32002 | High | 4/15/2026 |
| v0.11.1 | The `packages/governance/README.md` (the file npm publishes) had drifted ~3 release cycles behind the repo-root README. This patch syncs the two so npm users see the same content GitHub viewers see â including the "What this is NOT" scope disclosures, the 0.11 module removals, and the behavioral-scorer demotion. Relative links normalized to absolute GitHub URLs so they resolve correctly when read on npmjs.com. **No code changes. SDK behavior identical to 0.11.0.** If you're already on 0.11.0, | High | 4/15/2026 |
| v0.11.0 | Follow-up to the v0.10 cleanup. After a feature-by-feature audit against actual `governance-cloud` consumers and major competitors (Microsoft `agent-governance-toolkit`, NeMo Guardrails, Phoenix, Langfuse, Braintrust), this release removes 5 modules with no consumers and clarifies framing around 4 more that were oversold as built-in observability/eval infrastructure. **1,328 tests** pass with **0 failures**. **0 runtime dependencies** (unchanged). ## Removed (BREAKING) - **`governance-sdk/eva | High | 4/15/2026 |
| v0.9.0 | ## Highlights **Full pre/post/streaming coverage across all 10 featured framework adapters.** Every featured adapter now supports input pre-scan, output post-scan, streaming post-scan (buffered / sliding / per-chunk), and tool-call enforcement. ## What's new ### Featured adapters â full lifecycle - **Vercel AI SDK** â `createGovernanceMiddleware` now returns `transformParams` (pre), `wrapGenerate` (post), `wrapStream` (streaming post). Config accepts `streamMode`, `streamLookbackChunks`, `str | High | 4/14/2026 |
Dependencies & License Audit
Loading dependencies...
Similar Packages
@piiiico/agent-auditSecurity scanner for AI agent tooling â MCP servers, tool definitions, and agentic pipelinesv0.3.9
opena2aOpen-source security tools for AI agents. Find vulnerabilities, fix root causes, prove compliance.v0.10.7
controlkeelControl plane for governed AI coding: validate agent changes, enforce policy, track findings, and ship with proof.v0.3.46
AgentGuardProtect AI agents by detecting and blocking prompt, command injection, Unicode bypass, and social engineering attacks with customizable security controls.main@2026-06-05
More in MCP Servers
PlanExeCreate a plan from a description in minutes
agentroveYour own Claude Code UI, sandbox, in-browser VS Code, terminal, multi-provider support (Anthropic, OpenAI, GitHub Copilot, OpenRouter), custom skills, and MCP servers.
ProxmoxMCP-PlusEnhanced Proxmox MCP server with advanced virtualization management and full OpenAPI integration.
node9-proxyThe Execution Security Layer for the Agentic Era. Providing deterministic "Sudo" governance and audit logs for autonomous AI agents.