feat: add GovernanceEventSink SPI — AGT as event producer for SIEM/XDR integration

[Copilot]

Description

Addresses the governance enforcement gap raised in the OS-level enforcement issue by implementing the provider-interface approach outlined by @Ricky-G: AGT becomes a structured event producer; enforcement backends (Defender, Falco, Tetragon, Sentinel, Splunk) act as sinks. No kernel code, no competing with EDR tools.

Core primitives (all four SDKs)

• GovernanceEventCategory — 6 categories aligned with CloudEvents + OTEL conventions: policy.decision, policy.breach, identity.assertion, tool.invocation, sandbox.event, audit.chain
• SignedGovernanceEvent — CloudEvents 1.0 envelope with HMAC-SHA256 tamper-evidence signature ("{type}\n{source}\n{time}\n{id}\n{data_json}")
• GovernanceEventSink — single-method async interface/protocol; mirrors the existing SandboxProvider shape

Reference sinks

• OtlpEventSink — routes to any OTLP-compatible backend (Defender for Cloud, Sentinel, Splunk, Datadog, Honeycomb, Dynatrace, Grafana). No new deps: Python uses existing optional opentelemetry-sdk; .NET uses built-in ActivitySource; TypeScript uses node:http; Rust writes OTLP JSON to a Write target.
• StdoutEventSink — JSON lines to stdout; suitable for dev/CI and container log aggregators

.NET kernel wiring

GovernanceOptions gains EventSink and EventSigningKey. When set, the kernel bridges every AuditEmitter event to the sink as a signed SignedGovernanceEvent. Sink errors surface via Trace.TraceError (observable, non-blocking).

var kernel = new GovernanceKernel(new GovernanceOptions {
    EventSink = new OtlpEventSink(),
    EventSigningKey = Encoding.UTF8.GetBytes(signingKey),
});
// Every EvaluateToolCall() now emits a signed CloudEvents envelope to OTLP

sink = OtlpEventSink()  # or StdoutEventSink() for dev
event = SignedGovernanceEvent.build(
    GovernanceEventCategory.POLICY_DECISION,
    source="did:agentmesh:agent-1",
    subject="tool:file_write",
    data={"decision": "deny"},
    signing_key=key,
)
await sink.emit(event)
assert event.verify_signature(key)

Threat model coverage

Ask	Status
Cryptographically verifiable audit trail	✅ HMAC-SHA256 signed CloudEvents
External enforcement/visibility	✅ Falco/Tetragon/Defender become OTLP sinks
Bypass-resistant telemetry	⚠️ In-process; SIEM silence-as-signal pattern applies
eBPF/WFP/kernel drivers	❌ Out of scope — delegated to backend EDR tooling

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update
• Maintenance (dependency updates, CI/CD, refactoring)
• Security fix

Package(s) Affected

• agent-os-kernel
• agent-mesh
• agent-runtime
• agent-sre
• agent-governance
• docs / root

Checklist

• My code follows the project style guidelines (ruff check)
• I have added tests that prove my fix/feature works
• All new and existing tests pass (pytest)
• I have updated documentation as needed
• I have signed the Microsoft CLA

Attribution & Prior Art

• This contribution does not contain code copied or derived from other projects without attribution
• Any external projects that inspired this design are credited in code comments or documentation
• If this PR implements functionality similar to an existing open-source project, I have listed it below

Prior art / related projects (if any):

• Event schema follows CloudEvents spec v1.0 (Apache-2.0)
• OTLP payload format follows OpenTelemetry Protocol (Apache-2.0)
• Sink SPI shape mirrors the existing SandboxProvider pattern in this repo

AI Assistance

• I can explain every meaningful change in this PR: what it does, why, and what tradeoffs were considered
• I have run tests and verification appropriate for this change
• No part of this PR was autonomously submitted by an AI agent without my review
• I have not used AI to generate review comments on others' PRs

IP, Patents, and Licensing

• This contribution does not implement patent-pending or patent-encumbered techniques
• This contribution does not require an NDA or licensing agreement to understand or use
• Any AI tools used have terms compatible with the MIT License

Related Issues

[github-actions]

PR Review Summary

Check	Status	Details
🔍 Code Review	⏳ Pending	Awaiting results
🛡️ Security Scan	⏳ Pending	Awaiting results
🔄 Breaking Changes	⏳ Pending	Awaiting results
📝 Docs Sync	⏳ Pending	Awaiting results
🧪 Test Coverage	⏳ Pending	Awaiting results

Verdict: ⏳ Still running

[github-actions]

This PR is quite large. Consider breaking it into smaller PRs for easier review.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[Ricky-G]

Proposal submitted for this, want to get Elton's view on this as well and then we can re-purpose this PR with the full implementation.

#2240