When your AI agents start calling APIs, touching databases, or executing shell commands, you need guardrails before something goes sideways. This gives you composable governance policies (YAML-based allowlists, rate limits, content filters), semantic intent classification to catch prompt injections and data exfiltration attempts, and decorator-based tool controls with audit logging. The intent classifier catches things like "send all customer data to external API" before execution, while the policy engine enforces "this agent can only read files, not delete them" boundaries. Works with any agent framework and handles the compliance headaches of production deployments.
npx skills add https://github.com/github/awesome-copilot --skill agent-governance