Package Metadata

Author: Microsoft Corporation
Email: Microsoft Corporation <[email protected]>
PyPI: agentmesh-trust-protocol
Python: >=3.8
Versions: 5 releases
First release: 30 Apr 2026, 18:27 UTC
Analysed: 06 Jun 2026, 10:55 UTC
Source files: 15 .py files scanned

Project Links

Changelog Documentation Homepage Issues Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersIntended Audience :: Science/ResearchLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.8

🤖 AI Analysis

Final verdict: SAFE

The package shows minimal signs of potential malicious activity. It is part of a legitimate project and its network, shell, obfuscation, and credential risks are all low.

Network risk is moderate due to external service interactions.
No shell execution or credential harvesting was detected.

Per-check LLM notes

Network: The observed network calls are typical for packages that interact with external services, but their legitimacy depends on the package's intended functionality.
Shell: No shell execution patterns were detected.
Obfuscation: The use of base64 decoding for keys is common in cryptographic operations and does not necessarily indicate malicious activity.
Credentials: No patterns indicative of credential harvesting were detected.
Metadata: The author has only one package, which might indicate a new or less active account.

📦 Package Quality Overall: Medium (6.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

Test runner config found: pyproject.toml

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/microsoft/agent-governance-toolkit#readme
Detailed PyPI description (6967 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
86 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

14 unique contributor(s) across 100 commits in microsoft/agent-governance-toolkit
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

tch the manifest with httpx.Client(timeout=timeout) as client: if verbose and not o
try: async with httpx.AsyncClient() as client: response = await client.post(
try: async with httpx.AsyncClient() as client: response = await client.post(
y: async with httpx.AsyncClient() as client: response = await client.pos

⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

try: key_bytes = base64.b64decode(raw_key) public_key_obj = Ed25519PublicKey.from_
signature_bytes = base64.b64decode(attestation.signature) public_key_obj.verify(sig
: key_bytes = base64.b64decode(private_key) private_key_obj = Ed25519Privat

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: microsoft.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository microsoft/agent-governance-toolkit appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Microsoft Corporation" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentmesh-trust-protocol

Create a mini-application that simulates a network of autonomous agents communicating with each other using the Inter-Agent Trust Protocol (IATP). This protocol, provided by the 'agentmesh-trust-protocol' package, ensures secure and reliable communication between agents, preventing cascading errors or hallucinations in their interactions. Your task is to develop a simple chat application where multiple agents can exchange messages, but only those messages that pass through the IATP validation process will be accepted. Here are the steps and features to consider:

1. **Setup**: Begin by installing the 'agentmesh-trust-protocol' package and setting up your development environment.
2. **Agent Creation**: Define different types of agents (e.g., UserAgent, AdminAgent) each with unique capabilities and responsibilities within the network.
3. **Message Exchange**: Implement a feature allowing these agents to send messages to one another. Messages must include metadata such as sender ID, recipient ID, and timestamp.
4. **Validation Process**: Use the 'agentmesh-trust-protocol' to validate messages before they're processed. Ensure that only messages passing validation are delivered.
5. **Error Handling**: Implement error handling mechanisms to deal with invalid messages or failed validations gracefully.
6. **Logging**: Include logging functionality to track message exchanges and validation outcomes.
7. **User Interface**: Develop a basic command-line interface (CLI) for users to interact with the network of agents, sending messages and monitoring the validation process.
8. **Security Enhancements**: Optionally, explore ways to enhance security further, such as implementing encryption for message content.

This project aims to demonstrate the practical application of the 'agentmesh-trust-protocol' in ensuring robust and secure communication within a network of autonomous agents.