VS CODE 1.115 PREVIEWS MULTI-REPO AGENTS APP; MICROSOFT OPEN-SOURCES AGENT GOVERNANCE TOOLKIT FOR OWASP RISKS
Microsoft previewed a VS Code Agents app in VS Code 1.115 and released an open-source Agent Governance Toolkit aligned to OWASP to secure agent workflows. The ...
Microsoft previewed a VS Code Agents app in VS Code 1.115 and released an open-source Agent Governance Toolkit aligned to OWASP to secure agent workflows.
The VS Code Agents companion app lets you run multiple agent sessions across repos, track progress, review diffs, leave feedback, and raise PRs in one place. It supports custom instructions, prompt files, custom agents, MCP servers, hooks, plugins, and your existing themes. VS Code 1.115 also adds agent-friendly terminal upgrades: a new send_to_terminal tool to interact with background terminals and an experimental background notification setting to signal completion or input needs InfoWorld.
Microsoft also introduced an open-source Agent Governance Toolkit that maps directly to OWASP’s top 10 agentic AI risks. It packages components such as Agent OS (policy enforcement), Agent Mesh (identity and secure comms), Agent Runtime (execution control), plus SRE, Compliance, and RL oversight pieces, with SDKs in Python, TypeScript, Rust, Go, and .NET InfoWorld. Public chatter about Microsoft’s AI terms framing outputs as entertainment underscores why runtime controls and auditability will matter in production WebProNews.
Agent-native workflows are moving from demos to practical tooling that can coordinate changes across repos.
Stronger runtime governance reduces risk when agents gain tool and network access alongside your CI/CD and data systems.
-
terminal
Use the VS Code Agents app to run a multi-repo refactor; exercise send_to_terminal and background notifications with long SSH or build tasks, then compare PR quality and cycle time.
-
terminal
Spin up a sandbox agent that can run shell and call services; integrate the Agent Governance Toolkit to enforce tool and network policies, then simulate prompt injection and goal hijacking.
Legacy codebase integration strategies...
- 01.
Pilot the Agents app on non-prod repos and shared bastions; watch for unintended terminal automation in long-lived SSH sessions.
- 02.
Map the Toolkit’s controls to your existing OPA, API gateways, and secrets regimes; measure overhead and false positive rates before wider rollout.
Fresh architecture paradigms...
- 01.
Design agent workflows around MCP, explicit tool contracts, and runtime policy from day one to simplify scaling and audits.
- 02.
Standardize agent identity and communication patterns early with mesh-like components to avoid later refactors.