Self-hosted K8s operator that proves your AI agents never phoned home (open source)
▲ 2 r/OpenSourceAI+3 crossposts

Self-hosted K8s operator that proves your AI agents never phoned home (open source)

Been running AI agents on my own cluster and kept hitting the same problem: once a run finishes, how do you actually prove, later, that the agent stayed inside the network boundary you set? Logs can be tampered with, and most agent frameworks just trust you configured things right.

Built a small operator that applies default-deny egress per agent workload, seals the run at the network boundary, and emits a signed, hash-chained attestation artifact you can verify offline, even months later, even air-gapped. Apache 2.0 core, gVisor isolation, kagent-compatible if you already run that.

Repo: github.com/Clawdlinux/agentic-operator-core

Curious if this is a real problem for anyone else running agents at home or on-prem, or if I'm solving something nobody else worries about.

u/Useful_Journalist — 2 days ago
▲ 14 r/Agent_AI+3 crossposts

Is MCP still scalable in terms of swarms of autonomous agents without contracts ?

If you’re building agents that touch real systems, how are you handling execution governance?

Tool discovery is getting better. MCP exists. Claude Code has Tool Search. But I still don’t see a common answer for identity, audit, revocation, approvals, and bounded blast radius.

Are you using MCP server-level controls, API gateways, OPA, custom proxies, audit logs, or just keeping agents away from production?

I’m testing a small signed execution-contract primitive over existing MCP/OpenAPI tools. I want to know if this is a real pain or just architecture brain.

reddit.com
u/Useful_Journalist — 1 month ago