Runtime-agnostic governed agent execution — demo and evaluation edition
pip install sovereign-agentops-community
docker pull geludobre/sovereign-agentops-community
git clone https://github.com/geludobre/sovereign-agentops.git
cd community && pip install -e .
A self-hosted MCP governance server for AI agents — the Community Edition demonstrates constitutional governance, Ed25519-signed audit trail, and EU AI Act-aligned compliance tooling. It provides 7 MCP tools that showcase policy enforcement, Ed25519-signed execution receipts, workspace path jailing, and local model routing — with real cryptography, not simulations. Deploy fully offline, air-gapped, or behind your own firewall with zero external dependencies.
The full Enterprise platform (91 MCP tools, 486 endpoints, 88 web UI tabs, constitutional governance, service catalogue, compliance automation, fleet command, agent-owned assets, digital twin simulation, and autonomous incident resolution) is available under a commercial license.
pip install cryptography>=41.0.0
python3 tools/mcp_server.py
In another terminal, send it commands:
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | python3 tools/mcp_server.py
echo '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"demo_policy_check","arguments":{"command":"git push origin main","path":"/workspace/repo"}}}' | python3 tools/mcp_server.py
echo '{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"demo_receipt_sign","arguments":{"action":"deploy","target":"web-app"}}}' | python3 tools/mcp_server.py
docker compose up --build
The server runs in stdio mode inside the container. Send commands via stdin:
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
| docker exec -i agentops-demo python3 tools/mcp_server.py
| Tool | Description |
|---|---|
demo_policy_check |
|
| Evaluate whether a command + path is allowed/blocked by policy | |
demo_receipt_sign |
|
| Create an Ed25519-signed execution receipt | |
demo_receipt_verify |
|
| Verify a receipt's Ed25519 signature | |
demo_model_route |
|
| Show which local LLM endpoint would handle a prompt | |
demo_workspace_jail |
|
| Check whether a path is confined within a workspace root | |
demo_audit_log |
|
| Return recent entries from the in-memory signed audit log | |
demo_server_info |
|
| Server metadata: version, public key, crypto backend |
Every signed receipt includes the server's Ed25519 public key. Use the included CLI tool to verify:
python3 cli/receipt-verify.py --verify path/to/receipt.json
The server generates a fresh Ed25519 keypair on first run, stored at
~/.config/agentops/ed25519_private.key
(permissions 0o400
).
Teams adopting AI coding agents in regulated environments need to control what commands agents can run, audit every action with cryptographic proof, and operate entirely offline. This community edition demonstrates the concept with real crypto and real policy enforcement — the Enterprise platform delivers the full production stack.
| Feature | Community | Enterprise |
|---|---|---|
| Policy enforcement (allow/block/detect) | 7 demo tools | Full production stack |
| Ed25519-signed execution receipts | Yes | Yes |
| Receipt verification CLI | Yes | Yes |
| Workspace path jail | Demo | Full enforcement |
| Model routing heuristic | Demo | 15+ provider routing |
| Signed audit log | In-memory | SQLite hash-chain |
| MCP tools | ||
| 7 demo tools | 91 tools (91 static + 0 plugins) | |
| Constitutional governance | ||
| No | 6-layer (Cortex, Policy, Autonomy, Memory, Federation) | |
| Web UI | ||
| No | 91+ tabs (Flask + SocketIO) | |
| PostgreSQL / Redis persistence | ||
| No | Yes | |
| Agent orchestration | ||
| No | Capability registry, message bus, DAG | |
| Service catalogue | ||
| No | Auto-discovery, health, SLA | |
| Observability hub | ||
| No | LLM tracing, SLOs, cost analytics | |
| Compliance automation (SOC2/HIPAA/PCI) | ||
| No | Weighted scoring, PDF reports, SoD | |
| Fleet command | ||
| No | Multi-instance, heartbeat, treaty-gated | |
| Agent-owned assets | ||
| No | Token/data/compute/artifact/credential | |
| Digital twin simulator | ||
| No | What-if analysis, scenario sim | |
| Autonomous incident resolution | ||
| No | ML diagnosis, auto-resolve, pattern learning | |
| Self-negotiating treaties | ||
| No | 6 treaty types, dual-signed | |
| SSO (SAML/OIDC) | No | Yes |
| RBAC custom roles | No | Yes |
| High-availability cluster | No | Yes |
| Commercial license | Apache 2.0 | Enterprise EULA |
Architecture Overview— governance layer designSecurity Model— defense-in-depth architectureContributing Guide— how to contributeChangelog— release history
Community Edition is open source under Apache 2.0 with an Enterprise Edition exclusion clause. See LICENSE.community for details.
Enterprise Edition features require a commercial license from FinBridge.
Built on the MCP protocol. Governance, not lock-in.
🐛 Report bugs—GitHub Issues📖 Read the docs—geludobre.github.io/sovereign-agentops/💬 Enterprise inquiries—Enterprise Edition📦 PyPI—pip install sovereign-agentops-community
🐳 Docker Hub—docker pull geludobre/sovereign-agentops-community