# Implementing LiabilityLedger with SlashingEngine for Agent Accountability in the Agent Governance Toolkit > Implement LiabilityLedger with SlashingEngine in the Agent Governance Toolkit for robust agent accountability. Discover cryptographically verifiable evidence and automated slashing. - Repository: [Microsoft/agent-governance-toolkit](https://github.com/microsoft/agent-governance-toolkit) - Tags: how-to-guide - Published: 2026-05-29 --- **The Microsoft Agent Governance Toolkit provides a modular framework that combines an immutable audit ledger with an automated slashing engine to enforce agent accountability through cryptographically verifiable evidence trails and configurable penalty mechanisms.** Implementing **LiabilityLedger with SlashingEngine for agent accountability** requires a coordinated architecture that tracks every decision while automatically applying sanctions when policies are violated. The `microsoft/agent-governance-toolkit` repository provides these capabilities through the `agentmesh` Go package, which chains together policy evaluation, tamper-evident logging, and trust-score manipulation to create a complete governance loop. ## Core Architecture of the Liability Ledger and Slashing System The toolkit separates concerns into distinct layers that work together to create an accountable agent runtime. Each layer corresponds to specific source files in the `agent-governance-golang/packages/agentmesh` directory. ### Policy Definition and Evaluation The governance pipeline begins with declarative policy rules. In [`policy.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/policy.go), the toolkit defines core data structures for policy representation, while [`policy_backends.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/policy_backends.go) implements multiple evaluation engines including OPA (Open Policy Agent), Cedar, and YAML-based rules. When a request arrives, the `Evaluate` method interprets these policies and produces a decision: `allow`, `deny`, or `modify`. ### The Audit Ledger: Immutable Event Storage Every policy decision and agent interaction flows through the **audit subsystem** defined in [`audit.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/audit.go). This component creates an append-only, cryptographically signed chain of events that constitutes the **LiabilityLedger**. Each entry records the agent identity, request context, policy outcome, and timestamp. Entries are signed using credentials from [`credential_vault.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/credential_vault.go), ensuring the ledger serves as non-repudiable evidence for compliance audits or dispute resolution. ### Trust Scoring and the Slashing Engine The **SlashingEngine** operates on top of the audit ledger within [`kill_switch.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/kill_switch.go). This engine consumes new audit entries and evaluates them against configurable **penalty rules**. When a rule matches—such as three `deny` decisions within one hour—the engine applies sanctions via the `ApplyPenalty` function. Sanctions can reduce the numeric trust score (calculated in [`trust.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/trust.go)) or trigger immediate termination. ### Lifecycle Management and Kill Switches The [`lifecycle.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/lifecycle.go) file implements a state machine that manages agent transitions between states: `Active`, `Quarantined`, and `Revoked`. The `TransitionIfNeeded` function monitors trust scores after slashing events and automatically moves agents into restricted states when trust falls below configured thresholds. This creates a direct feedback loop where ledger violations result in runtime enforcement actions. ## End-to-End Implementation Flow The runtime integration follows a strict sequence that ensures every request creates accountability evidence before the agent logic executes: 1. **Request Interception**: HTTP/GRPC middleware defined in [`middleware.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/middleware.go) captures incoming requests before they reach the agent handler. 2. **Policy Evaluation**: The middleware calls `policy.Evaluate` against the configured backend, producing a decision that is immediately logged. 3. **Ledger Recording**: The audit subsystem creates a signed entry in the LiabilityLedger, establishing immutable evidence of the decision context. 4. **Slashing Evaluation**: The new ledger entry is passed to `kill_switch.ApplyPenalty`, which evaluates penalty rules and mutates the agent's trust score if violations are detected. 5. **Lifecycle Transition**: `lifecycle.TransitionIfNeeded` checks the updated trust score and transitions the agent state if necessary, potentially quarantining or revoking the agent. This flow ensures that the **LiabilityLedger** remains append-only and verifiable, while the **SlashingEngine** provides real-time enforcement without manual intervention. ## Practical Implementation: Go Code Examples The following example demonstrates how to wire these components into a runnable agent service. This code initializes the policy engine, audit ledger, slashing engine, and lifecycle manager, then wraps an HTTP handler with governance middleware. ```go package main import ( "log" "net/http" agentmesh "github.com/microsoft/agent-governance-toolkit/agent-governance-golang/packages/agentmesh" ) func main() { // 1️⃣ Initialise core services policyEngine, err := agentmesh.NewPolicyEngineFromFile("policy.yaml") if err != nil { log.Fatal(err) } auditLedger := agentmesh.NewAuditLedger() slashing := agentmesh.NewSlashingEngine(auditLedger, agentmesh.DefaultPenaltyRules) lifecycle := agentmesh.NewLifecycleManager() // 2️⃣ Build HTTP middleware that ties everything together middleware := agentmesh.NewMiddleware( agentmesh.WithPolicyEngine(policyEngine), agentmesh.WithAuditLedger(auditLedger), agentmesh.WithSlashingEngine(slashing), agentmesh.WithLifecycle(lifecycle), ) // 3️⃣ Simple handler – the actual agent logic lives here handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Agent‑specific processing… w.Write([]byte("hello, regulated world")) }) // 4️⃣ Wrap handler with the governance middleware http.Handle("/", middleware.Wrap(handler)) log.Println("Agent service listening on :8080") log.Fatal(http.ListenAndServe(":8080", nil)) } ``` In this implementation, the user-defined handler operates **after** all governance checks complete. The middleware automatically records every request to the LiabilityLedger, evaluates slashing rules, and may transition the agent to a quarantined state without additional application code. ## Configuring Custom Penalty Rules You can extend the SlashingEngine by implementing the `PenaltyRule` interface. This allows domain-specific penalties based on audit entry content, such as financial cost thresholds or sensitivity classifications. The following example creates a custom rule that applies heavy penalties for high-cost request denials: ```go type HighValueDenialRule struct{} func (r HighValueDenialRule) Match(entry agentmesh.AuditEntry) bool { return entry.Decision == agentmesh.Deny && entry.RequestCost > 1000 } func (r HighValueDenialRule) Apply(state *agentmesh.AgentState) { state.TrustScore -= 30 // heavy penalty for costly denials } ``` Register the custom rule when constructing the SlashingEngine: ```go customRules := []agentmesh.PenaltyRule{HighValueDenialRule{}} slashing := agentmesh.NewSlashingEngine(auditLedger, customRules) ``` Now any `deny` decision on requests costing over 1000 units immediately reduces trust by 30 points. According to the logic in [`lifecycle.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/lifecycle.go), if this reduction drops the score below the configured minimum, the lifecycle manager automatically quarantines the agent. ## Summary - The **LiabilityLedger** in [`audit.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/audit.go) creates an immutable, signed chain of evidence for every agent decision, providing non-repudiable audit trails for compliance and dispute resolution. - The **SlashingEngine** in [`kill_switch.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/kill_switch.go) evaluates penalty rules against ledger entries and automatically adjusts trust scores or triggers termination, enforcing accountability without human intervention. - **Policy evaluation** ([`policy_backends.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/policy_backends.go)) and **lifecycle management** ([`lifecycle.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/lifecycle.go)) bridge the gap between rule definition and runtime enforcement, quarantining agents when trust thresholds are breached. - The [`middleware.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/middleware.go) package provides HTTP/GRPC interceptors that integrate the entire governance pipeline into existing services with minimal code changes. - Custom **PenaltyRule** implementations allow teams to tailor slashing logic to specific regulatory requirements, financial constraints, or risk models. ## Frequently Asked Questions ### How does the LiabilityLedger ensure tamper-evident audit trails? The LiabilityLedger uses the [`credential_vault.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/credential_vault.go) signing infrastructure to cryptographically sign each audit entry with agent-specific credentials. Once written to the ledger in [`audit.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/audit.go), entries cannot be altered without invalidating the signature chain, creating an append-only log suitable for regulatory evidence and forensic analysis. ### What triggers the SlashingEngine to penalize an agent? The [`kill_switch.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/kill_switch.go) component evaluates every new audit entry against the configured penalty rules—either default rules or custom implementations of the `PenaltyRule` interface. Common triggers include policy denials, high-cost request failures, or pattern-based violations (such as three denials within one hour), which result in trust score reductions via `ApplyPenalty`. ### Can agents recover from a quarantined state? Yes. The lifecycle manager in [`lifecycle.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/lifecycle.go) implements bidirectional state transitions between `Active`, `Quarantined`, and `Revoked` states based on trust score trends. If an agent in quarantine demonstrates compliant behavior over time, the trust score recovery logic in [`trust.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/trust.go) can elevate the score above the threshold, triggering `TransitionIfNeeded` to reactivate the agent. ### How do I integrate the governance middleware into existing microservices? The [`middleware.go`](https://github.com/microsoft/agent-governance-toolkit/blob/main/middleware.go) package provides `NewMiddleware` with functional options like `WithPolicyEngine`, `WithAuditLedger`, and `WithSlashingEngine`. You wrap existing HTTP handlers using `middleware.Wrap(handler)`, which automatically injects policy evaluation, ledger recording, and slashing logic before your business logic executes, requiring no changes to the underlying service code.