Governance, audit, and discipline frameworks for AI coding agents — deterministic workflows, context budgets, tool gating, usage tracking.
Agent Governance tools are AI-powered software designed to help developers and teams tackle agent governance-related tasks more efficiently. These tools are typically published as open-source projects on GitHub and can be integrated into existing workflows via MCP (Model Context Protocol), Claude Skills, or standalone agent frameworks. On Agent Skills Hub, we index 30 quality-scored agent governance tools across languages including Shell, Python, Rust.
In 2026, the AI agent ecosystem is maturing rapidly. Agent Governance tools can significantly boost development efficiency by automating repetitive tasks, reducing human error, and providing intelligent suggestions. The top 3 tools — skills, keep-codex-fast, agentseal — have earned an average of 3,438 GitHub stars, reflecting strong community validation. 18 of the listed tools come with clear open-source licenses, ensuring freedom to use and modify.
When choosing a agent governance tool, consider these factors: 1) Community activity — GitHub stars and recent commit frequency indicate reliability; 2) Integration method — check if it supports MCP, Claude, or your preferred agent framework; 3) Language compatibility — the most common language in this list is Shell; 4) Quality score — Agent Skills Hub's composite score evaluates code quality, documentation completeness, and maintenance activity. Our recommendation: start with skills — it ranks highest in both star count and quality score.
Skills for Real Engineers. Straight from my .claude directory.
A backup-first Codex skill for keeping local Codex state fast, clean, and recoverable.
Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor for supply chain attacks, test prompt injection resistance, and audit live MCP servers for tool poisoning.
Curated, production-grade skills for AI coding agents. Battle-tested workflows for developers who use AI seriously.
Intercept and inspect API traffic from Claude Code, Codex CLI, OpenCode, and Cursor CLI in a trace viewer.
AI agents are getting tool access — shell, file system, databases, APIs, secrets. But **nobody is governing what they actually do with it**. Frameworks like LangChain, CrewAI, AutoGen, and Claude Code give agents the power to execute. Agent Armor gives you the power to control, audit, and approve every single action before it happens.
Constitution-first AI orchestration: one Charter (YAML) defines mission, budget & rules. CEO plans → CFO approves → Ledger tracks every cent & token → Auditor scores. 16 workers, Stripe, MCP. Think. Audit. Execute.
Pi coding-agent extension for pruning tool-call trees
Claude Code usage governor: compact professional output, context slimming, tool-output filtering, telemetry, and drift guardrails.
```bash
bash install.sh --force
```AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.
Python SDK for AI agent governance - audit trails, policy enforcement, quantum-safe signatures. Works with LangChain, CrewAI, MCP.
🟪 Open source Agent Governance Platform that turns any LangGraph or ADK agent into a production-ready service. Supports: AG-UI, CopilotKit API, OpenTelemetry, MCP, memory, guardrails, SSO, RBAC.
🎱 AI Agent Governance Framework — Constrain how AI Agents behave in your project. pip install pattern8
CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, Privacy, and Reporting. It supports 130+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.
Governance gateway for AI agents — bounded, auditable, session-aware control with MCP proxy, shell proxy & HTTP API. Works with Cursor, Claude Code, Codex, and any MCP-compatible agent.
Claude Skills for Governance, Risk, & Compliance (GRC): Expert-level compliance guidance for ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF, PCI DSS, EU AI Act, ISO 42001, ISO 27701, DORA, CSRD, India's DPDPA, CMMC 2.0, NIST AI Risk, SWIFT, Australia's ISM, EU NIS2, and CCPA/CPRA. Benchmark 96% (with skills) vs 82% (without skills).
MCP server for AI agent for cybersecurity: automate assessment of documents, questionnaires & reports. Multi-format parsing, RAG knowledge base,Risks, compliance gaps, remediations.
The open agent control plane. Govern autonomous AI agents with pre-execution policy enforcement, approval gates, and audit trails. Works with LangChain, CrewAI, MCP, and any framework.
AI-driven quality & governance MCP Server for dbt projects. Audit coverage, profile data, detect schema drift, and auto-generate documentation — all through natural language with your AI assistant.
Govrix Scout — AI Agent Governance Diagnostic Tool (OSS)
The Execution Security Layer for the Agentic Era. Providing deterministic "Sudo" governance and audit logs for autonomous AI agents.
YAO = Yielding AI Outcomes. A rigorous engineering, evaluation, governance, and portability system for reusable agent skills.
The Universal AI-Optimized Project Boilerplate. A Tiered Memory System (TMS) designed to maximize AI agent performance. Includes an interactive CLI tool and a high-signal documentation standard.
Open-source GRC toolkit from the GRC Engineering Club. Claude Code plugins for evidence collection, SCF crosswalks, multi-framework gap reports, OSCAL workflows.
Forge Orchestrator: Multi-AI task orchestration. File locking, knowledge capture, drift detection. Rust.
```bash
curl -fsSL https://forge.nxtg.ai/install.sh | sh
forge init
```Describe what you want. Go home. Sandcastle ships it. 6 AI providers, EU data residency, smart failover, cost intelligence, 20 step types, 236 templates. European-built, open source. pip install sandcastle-ai
🪁 A lightweight, modern Kubernetes dashboard that unifies multi-cluster and resource management, enterprise-grade user governance (OAuth, RBAC, and audit logs), and AI agents in one workspace. Not just a tool, but more like a platform.
Website auditing tool built for your agent and llm workflow.
The GEP-powered self-evolving engine for AI agents. Auditable evolution with Genes, Capsules, and Events. | evomap.ai
OpenMetadata is a unified metadata platform for data discovery, data observability, and data governance powered by a central metadata repository, in-depth column level lineage, and seamless team collaboration.
| Tool | Stars | Language | License | Score |
|---|---|---|---|---|
| skills | ★ 69.0k | Shell | MIT | 54 |
| keep-codex-fast | ★ 805 | Python | MIT | 43 |
| agentseal | ★ 231 | Python | — | 41 |
| armory | ★ 229 | Python | MIT | 46 |
| claude-tap | ★ 268 | Python | MIT | 39 |
| IAGA-Sentinel | ★ 102 | Rust | — | 40 |
| Sovereign-OS | ★ 99 | Python | — | 34 |
| pi-context-prune | ★ 86 | TypeScript | — | 37 |
| governor | ★ 74 | Python | MIT | 49 |
| agent-governance-toolkit | ★ 1.5k | Python | MIT | 46 |
| asqav-sdk | ★ 114 | Python | MIT | 40 |
| idun-agent-platform | ★ 171 | TypeScript | GPL-3.0 | 37 |
| pattern8 | ★ 99 | Python | MIT | 36 |
| ciso-assistant-community | ★ 4.0k | Python | — | 46 |
| deterministic-agent-control-protocol | ★ 145 | TypeScript | MIT | 38 |
| Claude-Skills-Governance-Risk-and-Compliance | ★ 394 | HTML | MIT | 41 |
| DocSentinel | ★ 88 | Python | MIT | 39 |
| cordum | ★ 473 | Go | — | 36 |
| dbt-doctor | ★ 123 | Python | MIT | 40 |
| govrix-scout | ★ 70 | Rust | — | 29 |
| node9-proxy | ★ 155 | TypeScript | — | 43 |
| yao-meta-skill | ★ 347 | Python | MIT | 50 |
| cortex-tms | ★ 174 | MDX | MIT | 37 |
| claude-grc-engineering | ★ 133 | JavaScript | — | 40 |
| forge-orchestrator | ★ 114 | Rust | — | 40 |
| Sandcastle | ★ 60 | Python | — | 37 |
| kite | ★ 2.7k | TypeScript | Apache-2.0 | 44 |
| squirrelscan | ★ 165 | Shell | — | 36 |
| evolver | ★ 7.3k | JavaScript | GPL-3.0 | 48 |
| OpenMetadata | ★ 13.9k | TypeScript | Apache-2.0 | 49 |
The top agent governance tools in 2026 are skills, keep-codex-fast, agentseal. Agent Skills Hub ranks 30 options by GitHub stars, quality score (6 dimensions including completeness, examples, and agent readiness), and recent activity. The list is rebuilt every 8 hours from live GitHub data.
skills (69.0k stars) is the most adopted choice for general agent governance workflows, written in Shell. keep-codex-fast (805 stars) is a strong alternative and uses Python instead. Pick by your existing stack: match the language and runtime your team already uses to minimize integration cost. If unsure, start with skills — it has the deepest community and the most examples online.
Avoid pre-built agent governance tools when (1) your use case requires deep customization that the tool's plugin system doesn't support, (2) you have strict compliance requirements that ban third-party dependencies, (3) the tool's maintenance is inactive (last commit >6 months ago), or (4) your data volume is small enough that a 50-line custom script is cheaper than learning the tool. For most production workflows above 100 requests/day, the time savings from a maintained tool outweigh the customization loss.
Agent Governance focuses specifically on governance, audit, and discipline frameworks for ai coding agents — deterministic workflows, context budgets, tool gating, usage tracking. AI Code Editors is a related but distinct category — see https://agentskillshub.top/best/ai-code-editor/ for those tools. The two often appear in the same agent pipeline but solve different problems: choose agent governance when your primary goal is the specific task, and ai code editors when the workflow is broader.
For most teams, yes. skills has 69.0k stars worth of community testing, handles edge cases you haven't thought of, and ships with documentation. Build your own only when (1) your requirements are deeply non-standard, (2) you have a security/compliance reason to avoid OSS dependencies, or (3) the maintenance burden is small enough (<200 lines of code) that you'll save time long-term. The break-even point is usually around 2-3 weeks of dev time saved.
Most agent governance tools listed are open source under permissive licenses (MIT, Apache 2.0). A handful offer paid managed/cloud versions on top of free self-hosted core. Always check the LICENSE file on each tool's GitHub repository before commercial use — some use AGPL or non-commercial restrictions that may not fit your deployment model.