# Sovereign AgentOps – Self-hosted constitutional AI governance for MCP agents

> Source: <https://github.com/geludobre/sovereign-agentops>
> Published: 2026-07-11 19:52:10+00:00

**Runtime-agnostic governed agent execution — demo and evaluation edition**

```
# PyPI (standalone CLI + MCP server)
pip install sovereign-agentops-community

# Docker
docker pull geludobre/sovereign-agentops-community

# From source
git clone https://github.com/geludobre/sovereign-agentops.git
cd community && pip install -e .

# Full documentation
# → https://geludobre.github.io/sovereign-agentops/
```

A **self-hosted** **MCP** governance server for **AI agents** — the Community Edition
demonstrates **constitutional governance**, **Ed25519-signed audit trail**, and
**EU AI Act**-aligned compliance tooling. It provides 7 MCP tools that showcase
policy enforcement, Ed25519-signed execution receipts, workspace path jailing,
and local model routing — with **real cryptography**, not simulations. Deploy
fully offline, air-gapped, or behind your own firewall with zero external
dependencies.

The full **Enterprise platform** (91 MCP tools, 486 endpoints, 88 web UI tabs,
constitutional governance, service catalogue, compliance automation, fleet
command, agent-owned assets, digital twin simulation, and autonomous incident
resolution) is available under a commercial license.

```
# 1. Install dependencies
pip install cryptography>=41.0.0

# 2. Run the MCP governance server (JSON-RPC over stdio)
python3 tools/mcp_server.py
```

In another terminal, send it commands:

```
# List available tools
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | python3 tools/mcp_server.py

# Check if a command is allowed by policy
echo '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"demo_policy_check","arguments":{"command":"git push origin main","path":"/workspace/repo"}}}' | python3 tools/mcp_server.py

# Sign an execution receipt with real Ed25519
echo '{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"demo_receipt_sign","arguments":{"action":"deploy","target":"web-app"}}}' | python3 tools/mcp_server.py
docker compose up --build
```

The server runs in stdio mode inside the container. Send commands via stdin:

```
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
  | docker exec -i agentops-demo python3 tools/mcp_server.py
```

| Tool | Description |
|---|---|
`demo_policy_check` |
Evaluate whether a command + path is allowed/blocked by policy |
`demo_receipt_sign` |
Create an Ed25519-signed execution receipt |
`demo_receipt_verify` |
Verify a receipt's Ed25519 signature |
`demo_model_route` |
Show which local LLM endpoint would handle a prompt |
`demo_workspace_jail` |
Check whether a path is confined within a workspace root |
`demo_audit_log` |
Return recent entries from the in-memory signed audit log |
`demo_server_info` |
Server metadata: version, public key, crypto backend |

Every signed receipt includes the server's Ed25519 public key. Use the included CLI tool to verify:

```
# The server prints its public key on startup (stderr) and in every signed receipt
python3 cli/receipt-verify.py --verify path/to/receipt.json
```

The server generates a fresh Ed25519 keypair on first run, stored at
`~/.config/agentops/ed25519_private.key`

(permissions `0o400`

).

Teams adopting AI coding agents in regulated environments need to control what commands agents can run, audit every action with cryptographic proof, and operate entirely offline. This community edition demonstrates the concept with real crypto and real policy enforcement — the Enterprise platform delivers the full production stack.

| Feature | Community | Enterprise |
|---|---|---|
| Policy enforcement (allow/block/detect) | 7 demo tools | Full production stack |
| Ed25519-signed execution receipts | Yes | Yes |
| Receipt verification CLI | Yes | Yes |
| Workspace path jail | Demo | Full enforcement |
| Model routing heuristic | Demo | 15+ provider routing |
| Signed audit log | In-memory | SQLite hash-chain |
MCP tools |
7 demo tools | 91 tools (91 static + 0 plugins) |
Constitutional governance |
No | 6-layer (Cortex, Policy, Autonomy, Memory, Federation) |
Web UI |
No | 91+ tabs (Flask + SocketIO) |
PostgreSQL / Redis persistence |
No | Yes |
Agent orchestration |
No | Capability registry, message bus, DAG |
Service catalogue |
No | Auto-discovery, health, SLA |
Observability hub |
No | LLM tracing, SLOs, cost analytics |
Compliance automation (SOC2/HIPAA/PCI) |
No | Weighted scoring, PDF reports, SoD |
Fleet command |
No | Multi-instance, heartbeat, treaty-gated |
Agent-owned assets |
No | Token/data/compute/artifact/credential |
Digital twin simulator |
No | What-if analysis, scenario sim |
Autonomous incident resolution |
No | ML diagnosis, auto-resolve, pattern learning |
Self-negotiating treaties |
No | 6 treaty types, dual-signed |
| SSO (SAML/OIDC) | No | Yes |
| RBAC custom roles | No | Yes |
| High-availability cluster | No | Yes |
| Commercial license | Apache 2.0 | Enterprise EULA |

[Architecture Overview](/geludobre/sovereign-agentops/blob/main/docs/architecture.md)— governance layer design[Security Model](/geludobre/sovereign-agentops/blob/main/docs/security-model.md)— defense-in-depth architecture[Contributing Guide](/geludobre/sovereign-agentops/blob/main/CONTRIBUTING.md)— how to contribute[Changelog](/geludobre/sovereign-agentops/blob/main/CHANGELOG.md)— release history

Community Edition is open source under Apache 2.0 with an Enterprise Edition
exclusion clause. See [LICENSE.community](/geludobre/sovereign-agentops/blob/main/LICENSE.community) for details.

Enterprise Edition features require a commercial license from FinBridge.

Built on the MCP protocol. Governance, not lock-in.

**🐛 Report bugs**—[GitHub Issues](https://github.com/geludobre/sovereign-agentops/issues)**📖 Read the docs**—[geludobre.github.io/sovereign-agentops/](https://geludobre.github.io/sovereign-agentops/)**💬 Enterprise inquiries**—[Enterprise Edition](https://github.com/geludobre/sovereign-agentops-enterprise)**📦 PyPI**—`pip install sovereign-agentops-community`

**🐳 Docker Hub**—`docker pull geludobre/sovereign-agentops-community`
