
Self-hosted K8s operator that proves your AI agents never phoned home (open source)
Been running AI agents on my own cluster and kept hitting the same problem: once a run finishes, how do you actually prove, later, that the agent stayed inside the network boundary you set? Logs can be tampered with, and most agent frameworks just trust you configured things right.
Built a small operator that applies default-deny egress per agent workload, seals the run at the network boundary, and emits a signed, hash-chained attestation artifact you can verify offline, even months later, even air-gapped. Apache 2.0 core, gVisor isolation, kagent-compatible if you already run that.
Repo: github.com/Clawdlinux/agentic-operator-core
Curious if this is a real problem for anyone else running agents at home or on-prem, or if I'm solving something nobody else worries about.