microsoft/agent-governance-toolkit

AI Summary: This issue proposes integrating 'nono', a lightweight, kernel-native sandboxing library, as an alternative to the current heavy OpenShell integration. This would provide OS-level isolation for applications without the overhead of Docker or k3s, making it more suitable for local development, CI, and edge deployments.

AI Summary: This issue proposes the creation of a 3-part video series to explain the architecture of the agent-governance-toolkit. The series will cover the Agent OS & Policy Engine, Agent Mesh & Trust Layer, and Agent SRE & Observability, targeting developers interested in contributing or building on the toolkit. Deliverables include YouTube uploads, documentation updates, and diagram storage.

AI Summary: This issue requests the creation of a comprehensive 2-hour workshop kit for teaching AI agent governance. The kit should include a slide deck, hands-on lab guide with code templates and exercises, facilitator notes, and a prerequisite checklist. The goal is to produce a ready-to-use teaching resource that has been tested with a real audience.

AI Summary: This issue requests a blog post comparing various AI agent governance approaches, including manual prompt engineering, platform restrictions, framework-level governance (specifically the agent-governance-toolkit), and regulatory-first methods. The post should analyze the pros and cons of each, their ideal use cases, how they can be combined, and advocate for policy-as-code as a scalable solution. The deliverable is a 1500-2500 word article to be published and linked in the community documentation.

AI Summary: This issue requests the creation of a tutorial demonstrating how to use Agent SRE for chaos testing AI agents. The tutorial should cover setting up Agent SRE, defining and running various chaos experiments, analyzing results, and writing custom profiles, ultimately aiming to validate agent resilience.

AI Summary: This issue involves mapping an existing toolkit against the ISO 42001 standard for AI Management Systems. The goal is to create documentation that helps organizations seeking certification by identifying alignment and any gaps with recommendations.

AI Summary: This issue proposes the creation of a blog post outlining a governance maturity model for organizations transitioning from basic chatbots to complex autonomous agent systems. The post will detail five suggested levels of governance, from no governance to autonomous governance, and will include a maturity assessment checklist.

AI Summary: This issue requests a blog post explaining how multi-agent systems build trust using cryptographic identities like DIDs and Ed25519 signatures, along with the AgentMesh trust scoring model. The post should cover topics such as agent identity needs, trust scoring mechanisms, delegation chains, and a practical example, comparing it to human trust models.

AI Summary: This issue requests a comprehensive blog post guiding AI agent developers on complying with the EU AI Act by its August 2026 deadline. It outlines key topics such as timelines, risk classification, specific requirements for high-risk systems, and transparency obligations, with a deliverable of a 2000-3000 word article and a community documentation update.

AI Summary: This issue requests the creation of a 10-15 minute video tutorial demonstrating the deployment of the agent governance toolkit stack using Docker Compose. The video should cover cloning the repository, setting up the development environment, exploring observability dashboards, running a governed agent, and viewing logs and traces. The deliverable includes the YouTube video and an update to the deployment documentation.

AI Summary: This issue requests a blog post explaining how to apply Site Reliability Engineering (SRE) principles to AI agent systems. It outlines key topics such as defining Service Level Objectives (SLOs), managing error budgets, implementing circuit breakers, and the importance of observability and chaos testing for AI agents. The deliverable is a published blog post of 1500-2500 words and a PR to add its link to COMMUNITY.md.

AI Summary: This issue requests a beginner-friendly blog post detailing how to add governance features to an AI agent project within 30 minutes. The post should cover installing a governance tool, implementing policy restrictions, audit logging, trust identity, and OWASP compliance checks, with a comparison of before and after agent behavior.

AI Summary: This issue requests a blog post of 1500-2500 words explaining the security risks associated with the Model Context Protocol (MCP) in AI agent frameworks. It outlines key topics to cover, including MCP's adoption, OWASP MCP Top 10 risks, auditing for vulnerabilities, and practical mitigation strategies like using a security proxy. The deliverable includes publishing the post and adding its link to the community documentation.

AI Summary: This issue requests a blog post introducing the OWASP Agentic Security Initiative (ASI) Top 10 risks for AI agent systems. The post should differentiate agent security from LLM safety, detail each of the 10 ASI risks with examples, discuss detection and mitigation, and cover compliance checks and framework shortcomings. The deliverable is a 2000-3000 word blog post with a link added to COMMUNITY.md.

AI Summary: This issue requests a tutorial demonstrating how to build a policy-governed chatbot using LangChain and the AgentMesh trust layer. The tutorial should cover setting up a LangChain agent, integrating AgentMesh middleware, defining and testing policies (like rate limits and tool usage), and showcasing the audit trail. The final deliverable will be a working Jupyter notebook or markdown document with end-to-end code.

AI Summary: This issue requires an assessment of how the agent-governance-toolkit aligns with the NIST AI Risk Management Framework (AI RMF 1.0). The deliverable is a markdown document detailing this alignment, including a matrix and a gap analysis with recommendations. No coding is involved, and the focus is on understanding governance and compliance frameworks.

AI Summary: This issue requests a technical article detailing the governance challenges of scaling AI agents from a small number to thousands. It should cover topics like policy management, trust, auditing, multi-tenancy, and resource control, and explain how the `agent-governance-toolkit` addresses these. The deliverable is a published article and a link in `COMMUNITY.md`.

AI Summary: This issue requests the creation of an educational article explaining the trust problem in multi-agent systems and how Decentralized Identifiers (DIDs) offer a solution. The article should cover topics like agent identity importance, traditional vs. DID-based authentication, AgentMesh's DID implementation, capability delegation, trust scoring, and include a real-world analogy. The deliverable is a 2000-2500 word article with diagrams, to be published and linked in COMMUNITY.md.

AI Summary: This issue requests the creation of a visual infographic to illustrate the architecture of the agent-governance-toolkit. The infographic should clearly depict the relationships and data flow between various components like Agent OS, Agent Mesh, Agent Hypervisor, Agent SRE, and integrations. The deliverable includes the infographic in high-resolution formats, a pull request to add it to the documentation, and the source file for the diagram.

AI Summary: This issue requests a 30-45 minute live-coding video demonstrating the creation of a governed multi-agent system from scratch using Python. The video should showcase the entire development process, including potential mistakes and debugging, and cover agent creation, policy definition, and policy enforcement.

AI Summary: This issue requires mapping the SOC 2 Type II trust service criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) against the capabilities of the agent-governance-toolkit. The goal is to create documentation that helps organizations demonstrate compliance for AI agent deployments by identifying which toolkit features address each criterion, providing evidence sources, and highlighting any gaps.

AI Summary: This issue requests a blog post comparing prompt engineering guardrails with policy-as-code governance for AI models. The post should highlight the limitations of prompt-level guardrails, the benefits of infrastructure-level policy enforcement, and demonstrate scenarios where one approach fails while the other succeeds. It also suggests layering both for a robust solution.

AI Summary: This issue requests the creation of a short video tutorial (8-10 minutes) demonstrating how to get started with Agent OS. The tutorial should cover installation, writing a basic policy, running an agent, and viewing audit logs, aiming to make the framework more accessible to new developers.

AI Summary: This issue proposes building an interactive demo showcasing multi-agent collaboration with real-time trust verification and policy enforcement. The demo should be built using Streamlit or Gradio and illustrate agent identity, trust scoring, policy evaluation, and an audit log. Several scenario ideas are provided, and the focus is on wrapping existing APIs rather than deep framework knowledge.

AI Summary: This issue proposes the creation of a multi-part tutorial on implementing policy-as-code for AI agents. The tutorial will cover fundamental concepts like allow/deny rules, capability scoping, rate limiting, conditional policies, approval workflows, testing, and versioning, progressing to production-ready implementations. The deliverable includes documentation, code examples, and YAML templates.

AI Summary: This issue requests the creation of a case study template and the development of 2-3 hypothetical case studies demonstrating the use of an agent governance toolkit in enterprise settings. The case studies should cover industries like financial services, healthcare, and e-commerce, focusing on practical applications and governance policies. No coding is required, but technical writing and industry knowledge are beneficial.

AI Summary: This issue proposes building a real-time dashboard to visualize agent governance metrics. The dashboard will display policy evaluations, trust scores, audit events, and violations, with features like live feeds, heatmaps, and alerts. The goal is to create a demo application with clear setup instructions and Docker Compose for easy deployment.

AI Summary: This issue proposes benchmarking the performance impact of adding governance features to AI agents. The goal is to measure latency, throughput, and memory usage of governed vs. ungoverned agents, with the results to be documented and visualized.

AI Summary: This issue proposes adding a feature to the agent-mesh toolkit to automatically generate technical documentation required by the EU AI Act's Annex IV. The exporter will aggregate existing compliance reports, policy documents, and audit logs, and create placeholders for human-authored content, outputting structured Markdown or JSON for conformity review.

AI Summary: This issue proposes to move the EU AI Act risk classifier from example code into the agent-mesh library. The current implementation is not robust, lacks proper testing, and uses simplistic keyword matching. The proposed solution involves promoting the classifier, improving its logic to include specific articles and exemptions, and making it configurable for future regulatory changes.

AI Summary: This issue proposes adding a formal mechanism to declare expected accuracy levels for AI systems, aligning with EU AI Act requirements. Currently, accuracy metrics are only measured at runtime, and there's no way to specify desired accuracy targets as part of the system's design. The solution involves creating an `AccuracyDeclaration` model, documenting recommended thresholds, and adding validation to ensure configured targets meet these declarations.

AI Summary: This issue proposes adding a "Transparency Interceptor" to the agent-os-kernel package to enforce EU AI Act requirements for AI disclosure. The solution involves injecting disclosure metadata into tool call results, blocking execution if disclosure isn't confirmed, and introducing new policy conditions and attributes to manage disclosure levels based on risk. This aims to move transparency enforcement from examples into core library code.

AI Summary: This issue requests a technical blog post explaining the importance of AI agent governance as autonomous agents become more prevalent. The post should cover the rise of AI agents, potential risks without governance, how a specific toolkit addresses these, key governance concepts, and a call to action with a quickstart link. The deliverable includes the blog post and a PR to add its link to `COMMUNITY.md`.

AI Summary: This issue proposes creating a concise tutorial demonstrating how to add governance to an existing AI agent with minimal code modifications. The tutorial will guide users through three simple steps: installation, wrapping the agent, and configuration, using a single YAML file for policy enforcement. It aims to be accessible to beginners with basic Python knowledge.

AI Summary: This issue proposes exploring and documenting the integration of Hugging Face Agents with the agent-governance-toolkit. The goal is to understand how Hugging Face agents make decisions and where governance hooks can be applied, with potential policy examples and trust verification. A deliverable includes an exploration document and a prototype integration.

AI Summary: This issue requests the translation of the project's README and Quickstart documentation into several priority languages, including Spanish, Portuguese, Japanese, Chinese, Korean, and French. The goal is to increase the toolkit's global accessibility. Translated files should be placed in a specific directory, and technical terms should remain in English.

AI Summary: This issue requests the creation of a comprehensive tutorial for developers to build custom governance integrations for agent frameworks. The guide will cover understanding integration interfaces, wrapping agent lifecycle hooks, implementing policy evaluation and trust verification, and finally, publishing the integration. Existing integrations will serve as templates for this new documentation.

AI Summary: This issue requests the creation of an integration guide for the Model Context Protocol (MCP) trust proxy. The guide should explain MCP, its trust proxy setup, policy configuration, agent identity verification, and audit logging, along with providing an example MCP server with trust verification.

AI Summary: This issue proposes the creation of a compliance checklist to map EU AI Act requirements against the capabilities of the agent-governance-toolkit. The goal is to help organizations assess their readiness for deploying AI agents under the new regulations by documenting how the toolkit addresses key areas like risk classification, transparency, and human oversight.

AI Summary: This issue proposes building an end-to-end demo showcasing the integration of CrewAI with a governance toolkit. The demo will feature a multi-agent crew performing content creation, with governance policies dictating tool access, data sharing, output quality, and API rate limits. The deliverable includes a working demo, setup instructions, and visual aids.

AI Summary: This issue requests the creation of a practical integration guide demonstrating how to combine OpenAI's Agents SDK with the agent-governance-toolkit. The guide should cover installation, wrapping an agent with governance middleware, providing policy examples, comparing governed and ungoverned behavior, and handling errors. The deliverable is a markdown tutorial with working Python code examples.

AI Summary: This issue requires mapping the OWASP Top 10 for LLM Applications (2025) against the capabilities of the agent-governance-toolkit. The goal is to create a documentation file that details which risks are mitigated, partially covered, or not yet addressed by the toolkit, including recommendations for any identified gaps. No code changes are expected, and the primary focus is on documentation and analysis.

AI Summary: This issue proposes adding a new CLI command to validate governance policies written in YAML. The command will parse the YAML, check it against a predefined schema, and report any errors with line numbers, ensuring a non-zero exit code for failed validations to support CI workflows.

AI Summary: This issue requests the addition of module-level and function-level docstrings to several Python adapter files within the `agent-os` package. The goal is to improve code documentation by ensuring all public functions have clear parameter and return descriptions.

AI Summary: This issue proposes adding a GitHub Actions workflow to automatically check for broken markdown links in the repository's documentation. The goal is to ensure the integrity of links within README files, especially when changes are made to them.

AI Summary: This issue requires implementing cryptographic signature verification for the nexus registry module. The task involves adding actual signature generation and verification logic using the `cryptography` library, specifically for Ed25519 or similar algorithms. It's also important to maintain backward compatibility with existing unsigned entries.

AI Summary: This issue proposes adding OpenTelemetry tracing to the copilot extension to improve observability and debugging. Currently, the extension uses Winston for logging but lacks distributed tracing capabilities, which this enhancement aims to address by instrumenting requests through its endpoints.

AI Summary: This issue proposes adding request body validation to several POST endpoints in the copilot extension. The goal is to use Zod or Joi to ensure incoming data conforms to expected schemas, returning a 400 error with descriptive messages for any invalid input.

AI Summary: This issue proposes adding rate limiting middleware to the Copilot extension's HTTP endpoints to prevent abuse. The task involves integrating the `express-rate-limit` library and making the limits configurable through environment variables.

AI Summary: The Copilot extension's webhook endpoint is vulnerable to denial-of-service attacks due to the lack of a payload size limit. The task is to configure the Express `json()` middleware with a size limit to mitigate this security risk.

AI Summary: This issue proposes adding a `--json` output flag to the agent-os Python CLI. This enhancement will allow the CLI to output structured JSON, making it easier to integrate with other tools and scripts.

AI Summary: This issue addresses a security vulnerability in the Langchain integration with AgentMesh. It requires implementing cryptographic verification for the scope chain to ensure the integrity of delegation. The task includes adding tests to cover both valid and tampered scope chains.

AI Summary: This issue proposes to enhance the CI process by adding automatic labeling for pull requests related to integration packages. The current labeler configuration is incomplete and needs to be updated to include rules for all 20 integrations within the `packages/agentmesh-integrations/` directory, ensuring PRs are correctly tagged.

AI Summary: This issue proposes to enhance the security of the Copilot extension by replacing the overly permissive `Access-Control-Allow-Origin: *` with a configurable allowlist. This allowlist will be managed via an environment variable, defaulting to GitHub domains in production, to restrict which origins can make requests to the extension.

AI Summary: This issue addresses a security vulnerability where the copilot extension serves HTML pages without proper Content-Security-Policy headers. This could potentially expose users to Cross-Site Scripting (XSS) attacks. The task is to add the specified CSP headers to all HTML responses within a particular file.

AI Summary: This issue proposes adding a GitHub Actions workflow example to demonstrate how to integrate agent-os governance checks into CI/CD pipelines. The workflow should cover installing agent-os, performing policy validation and compliance checks on pull request changes, and posting the results back as comments.

AI Summary: This issue proposes to add CodeQL analysis for TypeScript packages within the repository. The goal is to ensure that all TypeScript source code, specifically for the copilot extension, MCP server, and agent-mesh TS SDK, is covered by the existing CodeQL configuration, which currently focuses on Python.

AI Summary: This issue proposes adding automated spell checking to the CI pipeline for documentation files. The goal is to catch typos and ensure the quality of project documentation by integrating tools like cspell or typos and a custom dictionary for project-specific terms.

AI Summary: This issue proposes enhancing the CI test workflows to include a matrix of multiple Python versions (3.10, 3.11, 3.12, and 3.13). The goal is to ensure the project's compatibility across these different Python environments by adding this matrix to the GitHub Actions workflow file.

AI Summary: This issue proposes adding npm dependency caching to an Azure DevOps (ADO) pipeline to speed up builds. The current pipeline executes `npm ci` without caching `node_modules`, leading to unnecessary build times. The task is to implement caching using ADO's `Cache@2` task before the `npm ci` commands for each npm package.

AI Summary: This issue addresses a security vulnerability where a hardcoded placeholder for a PagerDuty routing key exists in the agent-sre package. The task is to replace this placeholder with a value read from an environment variable, PAGERDUTY_ROUTING_KEY, to prevent accidental exposure of real keys and to document this new environment variable.

AI Summary: This issue proposes adding a `--watch` mode to the policy validation command. This feature would automatically re-run policy validation whenever `.yaml` files are modified, streamlining the development workflow for users iterating on governance policies.

AI Summary: This issue proposes adding color-coded terminal output to the agent-os Python CLI to improve readability. The goal is to highlight success, warnings, errors, policy violations, and passed checks with distinct colors and styles, making it easier for users to quickly scan and understand the CLI's output.

AI Summary: This issue proposes adding a new command-line interface (CLI) command or script to automate the creation of new framework integrations within the `agentmesh-integrations` package. The command will generate a standard directory structure and essential template files like `pyproject.toml`, `README.md`, and `CHANGELOG.md` to streamline the development process.

AI Summary: This issue proposes adding a command-line flag `--log-level` to the MCP server. This flag will allow users to configure log levels directly via the CLI, overriding the existing environment variable `AGENTOS_LOG_LEVEL` for greater flexibility.

AI Summary: This issue proposes adding accessibility labels and ensuring keyboard navigation for tree views and webview panels within a VSCode extension. The goal is to improve the user experience for individuals relying on assistive technologies.

AI Summary: This issue proposes adding dark mode support to the Chrome extension's popup. The current popup uses a fixed light color scheme, and the task is to implement CSS that responds to the `prefers-color-scheme: dark` media query for automatic dark mode switching.

AI Summary: This issue proposes adding a new `/health` endpoint to the MCP server when it's running in HTTP mode. This endpoint will provide essential information like server status, uptime, and version, making it easier for load balancers and monitoring systems to check the server's health.

AI Summary: This issue proposes adding internationalization (i18n) support to user-facing error messages and CLI output, which are currently hardcoded in English. The initial scope focuses on the Python CLI, extracting strings into a locale file and using a translation function. This will make the toolkit more accessible to a global audience.

AI Summary: This issue addresses a "TODO" comment in a CaaS module test file, indicating that a specific test's tier classification needs to be corrected. The task involves fixing this tier classification and expanding test coverage for edge cases within structure-aware indexing.

AI Summary: This issue proposes adding automated smoke tests for 33 example projects within the `packages/agent-os/examples/` directory. The tests should verify dependency files, Python imports, and run any existing test files, reporting the overall status. The initial focus will be on the `hello-world` and `quickstart` examples.

AI Summary: This issue proposes adding unit tests for the control-plane's A2A and MCP adapters. The goal is to cover the negotiation flow and prompt management by mocking external services, addressing existing TODO comments related to unimplemented logic.

AI Summary: This issue proposes adding comprehensive tests for the VSCode extension's webview panels. The goal is to ensure the functionality of message passing and state management within these panels, which currently lack any test coverage.

AI Summary: This issue proposes adding integration tests for the MCP server's tool handlers. The goal is to increase test coverage for individual tool handlers within the `src/tools/` directory, ensuring they handle success, errors, and edge cases correctly.

AI Summary: This issue proposes adding integration tests for the nostr-wot provider using `respx` to mock HTTP requests to the Web of Trust API. The goal is to ensure the core functionality of the trust provider is adequately tested by simulating external API interactions.

AI Summary: This issue requests the addition of unit tests for the GitHub CLI extension. The tests should cover the core functionalities of the extension, including its CLI commands, how it parses arguments, and how it formats its output.

AI Summary: This issue requests the addition of unit tests for the Cursor extension located in `packages/agent-os/extensions/cursor/`. The goal is to cover the core functionality of the extension, which currently lacks any tests, by utilizing standard VSCode extension testing patterns.

AI Summary: This issue proposes adding unit tests to the Chrome extension located in `packages/agent-os/extensions/chrome/`. The goal is to create tests for the core background service worker and popup components, as these currently lack any test coverage.

AI Summary: This issue requests the addition of unit tests for the Copilot extension's HTTP endpoints. The goal is to ensure comprehensive test coverage for all listed API routes, including chat handling, webhook verification, template retrieval, compliance validation, audit logs, and status checks. The suggested approach involves using Jest and supertest for implementation.

AI Summary: This issue requests the addition of auto-generated API reference documentation for the agent-os Python package. The task involves setting up a documentation generator like Sphinx, MkDocs, or pdoc to create API docs for the public modules and including instructions for local generation.

AI Summary: This issue requests improvements to the documentation for the JetBrains plugin. The goal is to provide clearer instructions for building and installing the plugin locally, including details on Gradle builds, installation steps, IDE compatibility, and visual aids like screenshots.

AI Summary: This issue proposes adding CHANGELOG.md files to the `agent-sre` and `agent-compliance` packages. The goal is to document the version history of these packages by reviewing their git history and adhering to the Keep a Changelog format.

AI Summary: This issue requests the addition of JSDoc comments to several exported functions, classes, and interfaces within the copilot extension source files. The goal is to improve the documentation of the `packages/agent-os/extensions/copilot/src/` directory.

AI Summary: This issue proposes creating a catalog for 33 existing example projects within the `packages/agent-os/examples/` directory. The goal is to improve discoverability by adding a `README.md` file that lists each example with its description, difficulty, and demonstrated features.

AI Summary: This issue requests the creation of an architecture diagram for the agent-mesh package's trust and identity layer. The diagram should visually represent key processes like identity registration, trust handshakes, scope chain verification, and message signing/verification, and should be added to the package's documentation.

AI Summary: This issue requests the addition of a comprehensive deployment guide for the MCP server, specifically detailing its integration with Claude Desktop. The guide should cover prerequisites, configuration steps for Claude Desktop, development setup, environment variables, and troubleshooting.

AI Summary: This issue proposes to enhance the documentation for the Copilot extension by adding inline code examples for its chat commands. Currently, only command names are listed, but the task requires creating a new markdown file with descriptions, example input/output conversations, and potentially screenshots for each command.

AI Summary: This issue requests the addition of individual README files for each of the 13 modules within the `packages/agent-os/modules/` directory. Developers are asked to select a module without a README, understand its source code, and create a `README.md` detailing its purpose, installation, and basic usage.

AI Summary: The CONTRIBUTING.md file needs to be updated to accurately reflect the current number of top-level packages in the repository. The document currently mentions seven packages, but there are now over ten, and the list needs to be revised to include all of them.

AI Summary: This issue requests the creation of standalone quickstart guides for each framework integration within the agentmesh project. Each guide should cover installation, basic setup, and a minimal working example with expected output and a link to full documentation.

AI Summary: This issue proposes adding a new CLI command to the agent-compliance tool. This command will lint YAML policy files, checking for common errors like missing fields, invalid rule types, conflicting rules, and deprecated fields, and will output a list of warnings or errors with file and line references.

AI Summary: This issue proposes adding a new command-line interface (CLI) feature to display a trust score visualization for registered agents. The command will output details like agent DID, trust score, tier, task success/failure, and last activity, with support for both table and JSON formats. The implementation should leverage the 'rich' library for enhanced terminal output.

AI Summary: This issue requests the addition of a comprehensive comparison table to the project's documentation. The table should compare the current governance framework (AGT) against several other popular frameworks, highlighting specific features like Identity/Trust, Policy Enforcement, and Observability. The goal is to provide factual and accurate information by consulting the documentation of each listed project.

AI Summary: This issue proposes adding fuzz tests to the `fuzz/` directory to test the parsing of policy YAML files. The goal is to use the Atheris fuzzing library to find crashes, hangs, or unexpected exceptions when processing malformed policy data. The implementation should follow the existing `fuzz/fuzz_policy_yaml.py` pattern.

AI Summary: This issue requests the creation of a new Markdown document in the `docs/` directory to detail the security threat model for the Agent Governance Toolkit. The document should cover trust boundaries, attack surfaces, and the mitigations offered by various packages, referencing existing compliance documentation.

AI Summary: This issue proposes adding Architecture Decision Records (ADRs) to the project's documentation. It requires creating a new directory and populating it with 3-5 ADRs that explain significant architectural choices, following the MADR template format and word count guidelines.

AI Summary: This issue requests the addition of comprehensive unit tests for the plugin signing functionality within the agent-marketplace package. The goal is to ensure the Ed25519 signing mechanism is robust by testing various scenarios, including successful signing and verification, handling of tampered data, incorrect keys, and proper serialization/deserialization.

AI Summary: This issue proposes adding pre-commit hooks to the repository to automate code quality checks. It includes specific hooks for linting, type checking, secret scanning, and basic file format validation. The issue also outlines instructions for installation and testing these hooks.

AI Summary: This issue requests the creation of a CHANGELOG.md file at the repository root, adhering to the Keep a Changelog format. The changelog should document past releases (v1.0.0, v1.0.1, v1.1.0, v2.1.0, v2.2.0) by aggregating information from existing release notes and git logs, categorizing changes, and linking to relevant pull requests.

AI Summary: This issue requests the addition of unit tests for the `PolicySchema` validation logic within the `agent-compliance` package. The tests should cover various scenarios including valid policies, missing required fields, empty rule lists, invalid data types, and default version handling, utilizing `pytest` and the `PolicyValidationError` exception.