Package Metadata

Author: Microsoft Corporation
Email: Microsoft Corporation <[email protected]>
PyPI: agentmesh_control_plane
Python: >=3.8
Versions: 5 releases
First release: 30 Apr 2026, 18:27 UTC
Analysed: 06 Jun 2026, 10:57 UTC
Source files: 62 .py files scanned

Project Links

Bug Tracker Documentation Homepage Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersIntended Audience :: Science/ResearchOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.8Programming Language :: Python :: 3.9

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks related to shell execution, obfuscation, and credential manipulation. These factors suggest potential malicious intent, though no definitive evidence of harmful activity was found.

High shell risk indicating possible execution of arbitrary code
Potential credential manipulation through interaction with sensitive system files

Per-check LLM notes

Network: No network calls were detected, which is not necessarily suspicious but may warrant further investigation if the package's purpose involves network communication.
Shell: The detected shell execution pattern suggests potential execution of arbitrary code, which could indicate malicious intent or the presence of a backdoor. Further analysis is required to confirm its legitimacy.
Obfuscation: The observed code pattern suggests base64 decoding and splitting, which could be used for obfuscating malicious payloads or scripts.
Credentials: The package attempts to read and possibly write to sensitive system files like '/etc/passwd', indicating potential unauthorized access or tampering.
Metadata: The author has only one package, which might indicate a new or less active account, raising some suspicion but not enough to conclusively label it as malicious.

📦 Package Quality Overall: Medium (7.4/10)

✦ High Test Suite 9.0

Test suite present — 6 test file(s) found

Test runner config found: pyproject.toml
6 test file(s) detected (e.g. test_a2a_adapter.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/microsoft/agent-governance-toolkit/tree/m
Detailed PyPI description (1629 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
616 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

14 unique contributor(s) across 100 commits in microsoft/agent-governance-toolkit
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

ortlib, json, sys, time raw = base64.b64decode(sys.stdin.buffer.read()) parts = raw.split(b"|", 2) if len(p

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

"|" + payload) proc = subprocess.Popen( [sys.executable, "-c", _SUBPROCESS_BOOTSTRAP],

⚠ Credential Harvesting score 10.0

Found 6 credential access pattern(s)

.FILE_READ, {"path": "/etc/passwd"} ) print(f" Success: {result3['success']}") i
.FILE_READ, {"path": "/etc/passwd"} ) print(f"✗ System file access: {result['success'
, tool_args={"path": "/etc/passwd", "content": "evil"} ) print(f"Tool: write_file (pa
rint(f"Tool: write_file (path=/etc/passwd)") print(f"Result: {result}") print(f"Status: {resu
print("\n Action 2: Write /etc/passwd") kernel.intercept_tool_execution( "audit-agent
rite_file", {"path": "/etc/passwd"}, input_prompt="User: Update system file", )

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: microsoft.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository microsoft/agent-governance-toolkit appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Microsoft Corporation" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentmesh_control_plane

Create a mini-application named 'AgenticFileExplorer' that leverages the 'agentmesh_control_plane' Python package to demonstrate a simplified version of an agentic AI system's file management capabilities. This application will simulate a POSIX-compliant environment where users can interact with a virtual filesystem (VFS) through a command-line interface (CLI). The goal is to showcase the deterministic governance framework provided by 'agentmesh_control_plane', including signal handling and the separation between kernel and user spaces.

### Key Features:
1. **User Space Interface**: Implement a CLI that allows users to perform basic file operations such as `ls`, `cd`, `mkdir`, `rm`, and `cat`. These commands should be executed within a simulated VFS.
2. **Kernel Space Management**: Use 'agentmesh_control_plane' to manage these operations in a way that ensures no violations occur. This includes handling POSIX-style signals to control the execution flow and enforce rules on file access.
3. **Deterministic Execution**: Ensure that all operations are deterministic, meaning that given the same input, the application produces the same output every time it runs.
4. **Security and Isolation**: Demonstrate how 'agentmesh_control_plane' enforces security and isolation by preventing unauthorized access to files and directories.
5. **Logging and Monitoring**: Implement logging to record all operations performed by the CLI and any signals sent by the kernel space. Additionally, provide monitoring capabilities to observe the state of the VFS.

### Steps to Build the Application:
1. **Setup Environment**: Install Python and the 'agentmesh_control_plane' package.
2. **Design the Virtual File System (VFS)**: Define the structure of the VFS and implement basic file operations using 'agentmesh_control_plane'.
3. **Implement CLI Commands**: Develop the CLI commands mentioned above, ensuring they interact correctly with the VFS under the governance of 'agentmesh_control_plane'.
4. **Signal Handling**: Integrate signal handling mechanisms to manage operations based on POSIX standards.
5. **Testing and Validation**: Test the application thoroughly to ensure determinism and compliance with security policies. Validate that all operations behave as expected and that there are no unintended side effects.
6. **Documentation and User Guide**: Write comprehensive documentation and a user guide explaining how to use the application, its features, and how it leverages 'agentmesh_control_plane'.

This project will not only serve as a practical demonstration of 'agentmesh_control_plane' but also as a valuable learning tool for understanding advanced concepts in agentic AI systems.