agent_mcp_governance is a re-export shim with no MCP-specific logic

[finnoybu]

Observation

agent_mcp_governance/__init__.py is the entire source for the agent-mcp-governance package. It contains a docstring, a version pin, and four re-exports:

from agent_os.governance.middleware import GovernanceMiddleware
from agent_os.audit.middleware import AuditMiddleware
from agent_os.trust.gate import TrustGate
from agent_os.services.behavior_monitor import BehaviorMonitor

None of the re-exported classes are MCP-specific — GovernanceMiddleware, AuditMiddleware, TrustGate, and BehaviorMonitor are the general governance / audit / trust primitives from agent_os. The package's docstring says "MCP governance primitives," but importing it gives the user the same surface as importing agent_os.governance.middleware directly.

Meanwhile, the genuinely MCP-specific logic in the toolkit — agent_os/mcp_security.py (tool fingerprinting, cross-server impersonation, typosquat detection, rug-pull tracking) — lives in agent-os and isn't re-exported through agent-mcp-governance at all.

Why this matters

For an agent-mcp-governance consumer the distribution promise is ambiguous:

• If MCP-specific primitives are the eventual scope, the package is currently empty in that dimension and users discover MCP scanning only by stumbling into agent_os.mcp_security.
• If the package is just a curated re-export bundle for MCP-deployment ergonomics, the README and docstring should say so explicitly and ideally point at the MCP-aware pieces in agent-os.

Either reading is reasonable; the package as published doesn't tell the user which one is correct.

Possible resolutions

1. Document the current intent. Update the module docstring + README to declare the package as a "curated re-export bundle for MCP deployments" and add the MCP-aware re-exports (MCPSecurityScanner, ToolFingerprint, etc.) so the package actually delivers what its name implies.
2. Move logic in. Migrate agent_os/mcp_security.py (and any future MCP-specific code) into agent_mcp_governance, leaving agent_os for the cross-cutting governance primitives.
3. Sunset the shim. If the long-term plan is to consolidate everything under agent_os, mark agent-mcp-governance as a deprecated convenience alias and tell users to import from agent_os directly.

Happy to send a PR once the project's intent is clear — I don't want to synthesize "MCP-specific" logic on the back of a guess.

Reproduction

$ python -c "import agent_mcp_governance; import inspect; print(inspect.getsourcefile(agent_mcp_governance))"
.../agent_mcp_governance/__init__.py

$ python -c "import agent_mcp_governance; print([n for n in dir(agent_mcp_governance) if not n.startswith('_')])"
['AuditMiddleware', 'BehaviorMonitor', 'GovernanceMiddleware', 'TrustGate']

Compare to the MCP-specific surface that lives in agent-os:

$ python -c "from agent_os.mcp_security import MCPSecurityScanner, ToolFingerprint; print('available in agent_os, not agent_mcp_governance')"

---

Surfaced during independent audit conducted by @finnoybu (Ken Tannenbaum, AEGIS Initiative); [LOW, Python Governance].

[github-actions]

🟡 Contributor Check: MEDIUM

Check	Result
Profile	MEDIUM
Credential	NONE
Overall	MEDIUM

Automated check by AGT Contributor Check.

[miyannishar]

Valid point. Go with option 1 - add the MCP-specific re-exports (MCPSecurityScanner, ToolFingerprint, etc.) so the package actually delivers what its name implies, and update the docstring. PR welcome.

[imran-siddique]

Tracking for v3.7. The agent_mcp_governance shim should be consolidated into agent-os or agent-mesh once we finalize the MCP governance surface area. Current re-export pattern adds confusion without adding value.

Plan:

1. Move any MCP-specific logic from the shim into the target package
2. Keep the package name as a thin backward-compat wrapper with deprecation warnings (one release cycle)
3. Remove in v1.0

Related: #2013 (Rust MCP duplicate)