RiskKernel — self-hosted guardrails + kill switch for AI agents (your keys, no telemetry, Apache-2.0, single Go binary)
If you self-host anything touching LLMs, the scary failure mode is an agent that loops and quietly burns money (or fires a side-effecting tool) with no ceiling and no kill switch.
RiskKernel is a single ~20MB static Go binary you run yourself that enforces hard per-run budgets — cost, loop count, wall-clock — plus a kill switch, crash-resume, and human approval gates on side-effecting tools. Everything is deterministic Go; an LLM is never in the enforcement path.
Self-hosted ethos, end to end: BYO provider key (never stored in state, never logged), no telemetry/phone-home (verifiable — outbound is only to your provider, your OTLP endpoint, and your approval webhook; see SECURITY.md), and your state is a SQLite file you own. Adoption is one env var in front of an existing OpenAI-compatible app.
Honest limits: single instance + SQLite (no HA yet), one API token (front it with oauth2-proxy/Authelia for auth), no streaming yet. Native providers are Anthropic + OpenAI today.
Apache-2.0, docker run quickstart + demo GIF in the README — feedback welcome.
https://github.com/prashar32/riskkernel
opensource
selfhosted
aiagents
llmops
opentelemetry
observability
golang