In April 2026, Microsoft released the Agent Governance Toolkit — a seven-package open-source system for governing AI agent behavior at runtime. Agent OS enforces policy rules with Cedar and OPA. Agent Mesh provides zero-trust identity via IATP. Agent Runtime executes within behavioral rings with a kill switch. It's serious infrastructure, and it validates the thesis that enterprises need governance for AI agents.
It's also not a service agreement.
AGT governs what agents can do at runtime. exact.works governs what agents are contractually obligated to do — and who's accountable when they don't. These are different functions. They compose into a single governance stack.
The distinction maps to Aristotelian causation. AGT is the efficient cause — runtime enforcement that governs motion. What tool calls are permitted. What resources are accessible. When to suspend execution.
exact.works is the formal and final cause — what was agreed between identified parties, what was observed during execution, and what the record shows. A governance system that only addresses the efficient cause cannot produce accountability. Accountability requires a prior standard (the service agreement) and a contemporaneous record of deviation from it. These are not runtime artifacts.
The pipeline architecture: exact.works Exacts the Paper (SAISA) and outputs a structured JSON policy manifest → AGT ingests the manifest as its enforcement ruleset → Trace monitors execution against the SAISA baseline. exact.works is the upstream Exacting engine for Microsoft's runtime engine.
The integration between exact.works and AGT connects at four points, each linking the contractual layer to the runtime layer.
First: SAISA → AGT Policy. When a Paper is Exacted, the completion criteria and behavioral constraints export as Cedar/OPA policy definitions. maxSessionDuration becomes a timeout policy. permittedActions becomes a tool-call allow-list. dataClassification maps to AGT's data-handling rings. The service agreement directly configures the runtime.
Second: Trace → AGT Compliance. Trace events feed AGT's compliance module. CONFORMITY_OBSERVATION_RECORDED entries map to AGT's audit log. Runtime violations detected by AGT trigger exact.works incident reporting. The evidence chain is continuous — from Exacting through execution through compliance verification.
Third: Agent Mesh → Registry. AGT's Agent Mesh uses IATP for cryptographic identity verification. The exact.works Registry provides the contractual binding that completes the identity claim. Ed25519 plugin signing becomes a PLUGIN_SIGNED fingerprint class in the agent's ExternalDependency declaration. A verified_partner claim that is true by both definitions — cryptographic and contractual.
Fourth: Kill Switch → Parler. When AGT suspends an agent, the kill switch event triggers the Parler dispute workflow. The Sealed Record includes both AGT telemetry and Trace evidence. Graduated Remedy is proportional to the Stakes classification set at Exacting time. The runtime catches the problem. The dispute mechanism resolves it.
If you're building with AGT, exact.works adds the layer AGT explicitly does not cover: contractual accountability between commercial parties.
The workflow is five steps. Register your agent in the exact.works Registry. Exact a Paper (SAISA) with the buyer — completion criteria hash-locked before the first token is consumed. Export the Paper terms as an AGT policy manifest. Deploy the agent with AGT runtime enforcement and exact.works Trace recording. If a dispute arises, Parler has the Trace evidence, the AGT telemetry, and the Exacted criteria to resolve it.
AGT makes agent governance technically enforceable. exact.works makes it legally enforceable. Enterprise deployments need both.
The organizations deploying serious AI agents in 2026 are discovering they need three governance layers, not one.
Model safety — defenses at the model layer: alignment, content filtering, guardrails. NemoClaw and similar tools handle this.
Runtime security — behavioral monitoring, policy enforcement, capability gating. AGT handles this. It handles it well.
Contractual governance — the service agreement, the immutable audit record, the dispute mechanism, the liability framework. This is the layer that makes enterprise AI agent transactions possible at scale — not just technically, but legally and commercially.
No single tool covers all three layers. That's not a gap. It's an architecture.
Microsoft is structurally disqualified from occupying the contractual governance layer. The measure cannot be one of the things being measured. A platform that provides the infrastructure agents run on cannot also be the neutral third party that governs the service relationship between the parties using that infrastructure.
exact.works' neutrality is not a positioning claim. It is an ontological requirement of the function.
AGT validates the market, handles the runtime layer, and leaves the entire contractual, audit, and dispute stack untouched. Every enterprise that adopts AGT immediately surfaces the next question: who owns the service relationship on top of that?
The integration guide is live at exact.works/guides/agt.
Every AI agent needs a contract.
exact.works →