{"slug": "sovereign-agentops-self-hosted-constitutional-ai-governance-for-mcp-agents", "title": "Sovereign AgentOps – Self-hosted constitutional AI governance for MCP agents", "summary": "Geludobre released Sovereign AgentOps Community Edition, a self-hosted MCP governance server for AI agents that enforces constitutional policies, generates Ed25519-signed audit trails, and provides EU AI Act-aligned compliance tooling. The open-source tool allows fully offline deployment and demonstrates real cryptography for agent action auditing, with an Enterprise version offering a full production stack.", "body_md": "**Runtime-agnostic governed agent execution — demo and evaluation edition**\n\n```\n# PyPI (standalone CLI + MCP server)\npip install sovereign-agentops-community\n\n# Docker\ndocker pull geludobre/sovereign-agentops-community\n\n# From source\ngit clone https://github.com/geludobre/sovereign-agentops.git\ncd community && pip install -e .\n\n# Full documentation\n# → https://geludobre.github.io/sovereign-agentops/\n```\n\nA **self-hosted** **MCP** governance server for **AI agents** — the Community Edition\ndemonstrates **constitutional governance**, **Ed25519-signed audit trail**, and\n**EU AI Act**-aligned compliance tooling. It provides 7 MCP tools that showcase\npolicy enforcement, Ed25519-signed execution receipts, workspace path jailing,\nand local model routing — with **real cryptography**, not simulations. Deploy\nfully offline, air-gapped, or behind your own firewall with zero external\ndependencies.\n\nThe full **Enterprise platform** (91 MCP tools, 486 endpoints, 88 web UI tabs,\nconstitutional governance, service catalogue, compliance automation, fleet\ncommand, agent-owned assets, digital twin simulation, and autonomous incident\nresolution) is available under a commercial license.\n\n```\n# 1. Install dependencies\npip install cryptography>=41.0.0\n\n# 2. Run the MCP governance server (JSON-RPC over stdio)\npython3 tools/mcp_server.py\n```\n\nIn another terminal, send it commands:\n\n```\n# List available tools\necho '{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"tools/list\",\"params\":{}}' | python3 tools/mcp_server.py\n\n# Check if a command is allowed by policy\necho '{\"jsonrpc\":\"2.0\",\"id\":2,\"method\":\"tools/call\",\"params\":{\"name\":\"demo_policy_check\",\"arguments\":{\"command\":\"git push origin main\",\"path\":\"/workspace/repo\"}}}' | python3 tools/mcp_server.py\n\n# Sign an execution receipt with real Ed25519\necho '{\"jsonrpc\":\"2.0\",\"id\":3,\"method\":\"tools/call\",\"params\":{\"name\":\"demo_receipt_sign\",\"arguments\":{\"action\":\"deploy\",\"target\":\"web-app\"}}}' | python3 tools/mcp_server.py\ndocker compose up --build\n```\n\nThe server runs in stdio mode inside the container. Send commands via stdin:\n\n```\necho '{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"tools/list\",\"params\":{}}' \\\n  | docker exec -i agentops-demo python3 tools/mcp_server.py\n```\n\n| Tool | Description |\n|---|---|\n`demo_policy_check` |\nEvaluate whether a command + path is allowed/blocked by policy |\n`demo_receipt_sign` |\nCreate an Ed25519-signed execution receipt |\n`demo_receipt_verify` |\nVerify a receipt's Ed25519 signature |\n`demo_model_route` |\nShow which local LLM endpoint would handle a prompt |\n`demo_workspace_jail` |\nCheck whether a path is confined within a workspace root |\n`demo_audit_log` |\nReturn recent entries from the in-memory signed audit log |\n`demo_server_info` |\nServer metadata: version, public key, crypto backend |\n\nEvery signed receipt includes the server's Ed25519 public key. Use the included CLI tool to verify:\n\n```\n# The server prints its public key on startup (stderr) and in every signed receipt\npython3 cli/receipt-verify.py --verify path/to/receipt.json\n```\n\nThe server generates a fresh Ed25519 keypair on first run, stored at\n`~/.config/agentops/ed25519_private.key`\n\n(permissions `0o400`\n\n).\n\nTeams adopting AI coding agents in regulated environments need to control what commands agents can run, audit every action with cryptographic proof, and operate entirely offline. This community edition demonstrates the concept with real crypto and real policy enforcement — the Enterprise platform delivers the full production stack.\n\n| Feature | Community | Enterprise |\n|---|---|---|\n| Policy enforcement (allow/block/detect) | 7 demo tools | Full production stack |\n| Ed25519-signed execution receipts | Yes | Yes |\n| Receipt verification CLI | Yes | Yes |\n| Workspace path jail | Demo | Full enforcement |\n| Model routing heuristic | Demo | 15+ provider routing |\n| Signed audit log | In-memory | SQLite hash-chain |\nMCP tools |\n7 demo tools | 91 tools (91 static + 0 plugins) |\nConstitutional governance |\nNo | 6-layer (Cortex, Policy, Autonomy, Memory, Federation) |\nWeb UI |\nNo | 91+ tabs (Flask + SocketIO) |\nPostgreSQL / Redis persistence |\nNo | Yes |\nAgent orchestration |\nNo | Capability registry, message bus, DAG |\nService catalogue |\nNo | Auto-discovery, health, SLA |\nObservability hub |\nNo | LLM tracing, SLOs, cost analytics |\nCompliance automation (SOC2/HIPAA/PCI) |\nNo | Weighted scoring, PDF reports, SoD |\nFleet command |\nNo | Multi-instance, heartbeat, treaty-gated |\nAgent-owned assets |\nNo | Token/data/compute/artifact/credential |\nDigital twin simulator |\nNo | What-if analysis, scenario sim |\nAutonomous incident resolution |\nNo | ML diagnosis, auto-resolve, pattern learning |\nSelf-negotiating treaties |\nNo | 6 treaty types, dual-signed |\n| SSO (SAML/OIDC) | No | Yes |\n| RBAC custom roles | No | Yes |\n| High-availability cluster | No | Yes |\n| Commercial license | Apache 2.0 | Enterprise EULA |\n\n[Architecture Overview](/geludobre/sovereign-agentops/blob/main/docs/architecture.md)— governance layer design[Security Model](/geludobre/sovereign-agentops/blob/main/docs/security-model.md)— defense-in-depth architecture[Contributing Guide](/geludobre/sovereign-agentops/blob/main/CONTRIBUTING.md)— how to contribute[Changelog](/geludobre/sovereign-agentops/blob/main/CHANGELOG.md)— release history\n\nCommunity Edition is open source under Apache 2.0 with an Enterprise Edition\nexclusion clause. See [LICENSE.community](/geludobre/sovereign-agentops/blob/main/LICENSE.community) for details.\n\nEnterprise Edition features require a commercial license from FinBridge.\n\nBuilt on the MCP protocol. Governance, not lock-in.\n\n**🐛 Report bugs**—[GitHub Issues](https://github.com/geludobre/sovereign-agentops/issues)**📖 Read the docs**—[geludobre.github.io/sovereign-agentops/](https://geludobre.github.io/sovereign-agentops/)**💬 Enterprise inquiries**—[Enterprise Edition](https://github.com/geludobre/sovereign-agentops-enterprise)**📦 PyPI**—`pip install sovereign-agentops-community`\n\n**🐳 Docker Hub**—`docker pull geludobre/sovereign-agentops-community`", "url": "https://wpnews.pro/news/sovereign-agentops-self-hosted-constitutional-ai-governance-for-mcp-agents", "canonical_source": "https://github.com/geludobre/sovereign-agentops", "published_at": "2026-07-11 19:52:10+00:00", "updated_at": "2026-07-11 20:05:02.649806+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-policy", "developer-tools"], "entities": ["Geludobre", "Sovereign AgentOps", "MCP", "Ed25519", "EU AI Act"], "alternates": {"html": "https://wpnews.pro/news/sovereign-agentops-self-hosted-constitutional-ai-governance-for-mcp-agents", "markdown": "https://wpnews.pro/news/sovereign-agentops-self-hosted-constitutional-ai-governance-for-mcp-agents.md", "text": "https://wpnews.pro/news/sovereign-agentops-self-hosted-constitutional-ai-governance-for-mcp-agents.txt", "jsonld": "https://wpnews.pro/news/sovereign-agentops-self-hosted-constitutional-ai-governance-for-mcp-agents.jsonld"}}