feat(langchain): implement native GovernanceMiddleware via AgentMiddleware (microsoft#1585)

Replaces fragile proxy-based wrapping with LangChain's native
AgentMiddleware system (wrap_tool_call / wrap_model_call).

Changes:
- Add GovernanceMiddleware class implementing wrap_tool_call and
  wrap_model_call lifecycle hooks for native governance gating
- Add as_middleware() factory on LangChainKernel for clean integration
- Implement blocked-pattern checks on both tool and model outputs
- Support pre_execute/post_execute Cedar/OPA gates on tool calls
- Support content filtering on model inputs and outputs
- Deprecate LangChainKernel.wrap() and module-level wrap() with
  clear migration path to as_middleware()
- Add comprehensive test suite (39 tests) covering:
  * Tool allowlist/blocklist enforcement
  * Blocked pattern detection in args, tool names, and outputs
  * Model input/output content filtering
  * Cedar evaluator passthrough
  * Shared kernel state across middleware instances
  * Deprecation warning verification
  * Full backward compatibility with existing wrap() API

Resolves microsoft#1584

Co-authored-by: Nishar <you@example.com>

Author: 2 people

agent-governance-python/agent-os/src/agent_os/integrations/__init__.py

@@ -71,7 +71,10 @@
     PolicyConfig as ADKPolicyConfig,
 )
 from agent_os.integrations.guardrails_adapter import GuardrailsKernel
-from agent_os.integrations.langchain_adapter import LangChainKernel
+from agent_os.integrations.langchain_adapter import (
+    GovernanceMiddleware as LangChainGovernanceMiddleware,
+    LangChainKernel,
+)
 try:
     from agent_os.integrations.maf_adapter import (
         AuditTrailMiddleware as MAFAuditTrailMiddleware,