npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@microsoft/agent-governance-copilot-cli

v4.0.0

Published

Public Preview — Copilot CLI governance installer for Agent Governance Toolkit developer protection policies

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

microsoft1esmicrosoft1esmicrosoft-oss-releasesmicrosoft-oss-releases

Keywords

copilotcliagentgovernancesecuritypolicy

Readme

AGT Copilot CLI Installer

This package is the production install surface for the AGT Copilot CLI governance integration.

It installs a packaged Copilot CLI extension into the user's Copilot home, seeds a default developer-protection policy, and provides explicit lifecycle commands:

  • agt-copilot install
  • agt-copilot update
  • agt-copilot uninstall
  • agt-copilot doctor

It uses @microsoft/agent-governance-sdk as the runtime dependency for the installed extension.

Why this package exists

The repo also contains examples/copilot-cli-agt, which remains the tutorial and scenario-driven reference implementation. This package exists so production installs do not depend on:

  • example-local scripts
  • repo-local SDK builds
  • npm install side effects that mutate ~/.copilot

Install

Published install flow:

npx @microsoft/agent-governance-copilot-cli install

To refresh an existing AGT-managed install in place:

npx @microsoft/agent-governance-copilot-cli update
npx @microsoft/agent-governance-copilot-cli update --force-policy

From the repo during development:

cd agent-governance-copilot-cli
npm install
node .\bin\agt-copilot.mjs install
node .\bin\agt-copilot.mjs update --force-policy

The installer copies the extension into:

  • C:\Users\<you>\.copilot\extensions\agt-global-policy

and seeds the default policy at:

  • C:\Users\<you>\.copilot\agt\policy.json

It does not edit Copilot settings automatically. If extensions are not enabled yet, set:

{
  "experimental": true,
  "experimental_flags": ["EXTENSIONS"]
}

Then reload Copilot CLI with:

/clear
/agt status

Commands

Install

agt-copilot install
agt-copilot install --force-policy
agt-copilot update
agt-copilot update --force-policy
agt-copilot install --copilot-home C:\temp\.copilot

Policy

agt-copilot policy path
agt-copilot policy show
agt-copilot policy validate
agt-copilot policy validate --file .\my-policy.json
agt-copilot policy apply --file .\my-policy.json
agt-copilot policy apply --profile balanced

Bundled profiles currently available:

  • strict
  • balanced
  • advisory

Uninstall

agt-copilot uninstall
agt-copilot uninstall --remove-policy

By default, uninstall removes the managed extension but preserves the user's policy file.

Doctor

agt-copilot doctor
agt-copilot doctor --json

Doctor checks:

  • whether the extension is installed
  • whether the install is AGT-managed
  • whether the vendored SDK is present
  • whether the user policy parses cleanly and uses a supported schema version
  • whether the installed extension version matches the package version you are running
  • whether Copilot CLI extensions are enabled

If you accidentally save an invalid policy, remove ~/.copilot/agt/policy.json or point AGT_COPILOT_POLICY_PATH at a valid replacement.

Default policy

The packaged default policy is a developer-protection baseline that:

  • fails closed on policy errors
  • reviews unknown tools by default unless they are explicitly allow-listed
  • blocks downloaded script execution, credential reads, metadata endpoint access, and destructive shell patterns
  • reviews risky shell, fetch-style, and persistence-oriented write operations
  • scans fetched-content tools for poisoning and exfiltration cues
  • inspects bash and powershell output in advisory mode so suspicious output is surfaced without being silently dropped

For this PR, the package keeps that strict baseline as the shipped default. Example profile starting points for strict, balanced, and advisory live under:

  • examples/copilot-cli-agt/config/profiles/

Notes

  • npm install for this package should remain inert with respect to ~/.copilot.
  • The Copilot home mutation happens only through explicit CLI commands.
  • If you were testing an older build in the same Copilot session, run /agt reload or /clear after updating so the refreshed policy runtime is reloaded.
  • The installed extension keeps a bundled default policy so it can fall back safely even when the user policy file is missing or invalid.

Example and tutorial

For a concrete walkthrough and test prompts, see:

  • examples/copilot-cli-agt
  • examples/copilot-cli-agt/scenarios/guarded-repo-triage