Scored against Microsoft's published guidance · AgentAz™ companion
Paste an agent's system prompt or its agentaz.json
and scan it against Microsoft's published agent-governance guidance, with the AgentAz™ companion mapping that shows how each control is met at the prompt layer. Pass/fail gates, failure scenarios, a risk radar, and a copy-paste fix block. Deterministic, and your prompt is processed to produce the result, then discarded — never stored or sent to a model.
Scored against Microsoft's published agent-governance guidance, with the AgentAz™ companion mapping. Deterministic — same input, same result. Your prompt is processed on our edge to produce the result and is never stored, logged, or sent to any model.
What it scores against #
The scanner maps your agent to the design-layer controls in Microsoft's published guidance for AI agents — the Cloud Adoption Framework's governance and security recommendations, the Responsible AI principles, and the agentic maturity model. Each Microsoft control is shown with its AgentAz™ companion: the spec field that satisfies it at the prompt layer.
What it can't see (on purpose) #
A system-prompt scan only assesses the design layer. Microsoft's platform-enforced controls — Entra ID identity, Purview data-loss prevention, runtime threat detection — are marked platform, out of scope rather than guessed at. This complements those controls; it doesn't replace them.
Why deterministic, not an LLM #
A governance check you can't reproduce isn't a check. The default scan uses fixed rules and the same risky-tool vocabulary the runnable run.py
demos enforce, so the same input always produces the same verdict. It never auto-executes or contacts a model.