Tutorials¶
Step-by-step guides organized by what you're trying to accomplish.
Where to start?
New here? Start with 2-Line Quickstart to see AGT in action, then follow Policy Engine Basics for a full walkthrough.
Learning Paths¶
Pick a path based on your role. Each path is a curated sequence of tutorials, not a flat list.
Path 1: First governed agent (30 min)¶
For developers adding governance to their first agent.
- 2-Line Quickstart —
govern()in 2 lines - Policy Engine Basics — write your first policy
- Framework Integrations — connect to LangChain, CrewAI, OpenAI, etc.
- Govern an AI Agent — full audit trail
Path 2: Secure an agent fleet (60 min)¶
For platform teams deploying agents in production.
- Trust & Identity — agent identity with SPIFFE
- MCP Security Gateway — govern MCP tool servers
- Execution Sandboxing — privilege rings
- Prompt Injection Detection — detect and block attacks
- Security Hardening — production best practices
- Multi-Agent Fleet Policies — collective enforcement
Path 3: Compliance and audit (45 min)¶
For teams that need to prove what happened to auditors or regulators.
- OPA / Rego / Cedar — policy engine options
- Delegation Chains — who authorized what
- Compliance Verification — OWASP, NIST mapping
- SBOM & Signing — artifact integrity
- Decision BOM — audit artifacts
Path 4: SRE for agents (45 min)¶
For SRE teams operating agents at scale.
- Agent Reliability — SLOs and error budgets
- Kill Switch & Rate Limiting — emergency controls
- Cost Governance — budget enforcement
- Chaos Testing — fault injection
- Observability & Tracing — distributed tracing
- OpenTelemetry Integration — OTel for governance events
All Tutorials by Category¶
Getting Started¶
The essentials to get your first governed agent running in minutes.
| Tutorial | What you'll accomplish |
|---|---|
| 2-Line Quickstart | Add governance to any agent in 2 lines of code |
| Policy Engine Basics | Write and evaluate your first policy rules |
| Agent Control Specification | Build a direct ACS policy enforcement point with allow, transform, and deny verdicts |
| Framework Integrations | Connect AGT to LangChain, CrewAI, OpenAI, etc. |
| Progressive Governance | Start simple, add layers incrementally |
End-to-End Scenarios¶
Complete workflows from a customer perspective: pick the scenario closest to your use case.
| Scenario | Description |
|---|---|
| Govern an AI Agent (Python) | Full audit trail with compliance mapping for a Python agent |
| Govern MCP Tool Servers | Per-tool policy enforcement for MCP servers |
| .NET MAF Integration | Govern agents built with Microsoft Agent Framework |
| .NET MAF Hook | Add governance hooks to .NET MAF agents |
| Multi-Agent Fleet Policies | Collective policy enforcement across agent fleets |
| Multi-Stage Pipeline | Chained policy evaluation for complex workflows |
| Retrofit Existing Agents | Add governance to agents already in production |
| Shift-Left CI/CD Gates | Pre-commit hooks, CI gates, build-time enforcement |
| A2A Conversation Policy | Govern agent-to-agent conversations |
| Copilot CLI Governance | Install governance policies for GitHub Copilot CLI |
Security¶
Hardening, threat mitigation, and data protection.
| Tutorial | What you'll learn |
|---|---|
| Execution Sandboxing | Privilege rings, runtime isolation |
| Prompt Injection Detection | Detect and block prompt injection attacks |
| Security Hardening | Production security best practices |
| DLP & Attribute Ratchets | Data loss prevention, sensitivity escalation |
| Defense-in-Depth | Advisory classifiers, layered security |
| SBOM & Signing | Software bill of materials, artifact signing |
| MCP Scan CLI | Static analysis for MCP server security |
| E2E Encrypted Messaging | End-to-end encrypted agent communication |
| Red-Team Testing | Adversarial security testing |
Policy & Authorization¶
Writing, composing, and enforcing governance policies.
| Tutorial | What you'll learn |
|---|---|
| Agent Control Specification | Direct ACS manifests, snapshots, verdicts, and host enforcement |
| OPA / Rego / Cedar | Policy engines comparison and integration |
| Policy Composition | Enterprise governance layers, policy merging |
| Approval Workflows | Human-in-the-loop approval gates |
| Intent-Based Authorization | Authorize actions by declared intent |
| Delegation Chains | Agent-to-agent authorization |
| Cost & Token Budgets | Resource governance and budget enforcement |
| Cost Governance | Budget enforcement, cost attribution |
Policy-as-Code Series¶
A focused series on writing, testing, and versioning governance policies.
| # | Tutorial | What you'll learn |
|---|---|---|
| 1 | Your First Policy | Write and evaluate a basic policy |
| 2 | Capability Scoping | Restrict agent tool access |
| 3 | Rate Limiting | Token and request budgets |
| 4 | Conditional Policies | Context-aware policy rules |
| 5 | Approval Workflows | Human approval gates |
| 6 | Policy Testing | Unit testing policies |
| 7 | Policy Versioning | Version control for policies |
| - | MCP Governance | MCP-specific policy patterns |
| # | Tutorial | What you'll learn |
|---|---|---|
| 19 | .NET package | Agent governance in C# / .NET |
| 42 | C# MCP extension | Govern MCP servers built with the official C# SDK |
| 20 | TypeScript package | Agent governance in TypeScript |
| 21 | Rust crate | Agent governance in Rust |
| 22 | Go module | Agent governance in Go |
| 52 | Antigravity CLI governance | Install governance policies for Antigravity CLI with hooks, commands, and MCP checks |
| 54 | OpenCode CLI governance | In-process OpenCode plugin for AGT policy on prompts, tools, and tool-output secret redaction |