Sovereign AgentOps – Self-hosted constitutional AI governance for MCP agents Geludobre released Sovereign AgentOps Community Edition, a self-hosted MCP governance server for AI agents that enforces constitutional policies, generates Ed25519-signed audit trails, and provides EU AI Act-aligned compliance tooling. The open-source tool allows fully offline deployment and demonstrates real cryptography for agent action auditing, with an Enterprise version offering a full production stack. Runtime-agnostic governed agent execution — demo and evaluation edition PyPI standalone CLI + MCP server pip install sovereign-agentops-community Docker docker pull geludobre/sovereign-agentops-community From source git clone https://github.com/geludobre/sovereign-agentops.git cd community && pip install -e . Full documentation → https://geludobre.github.io/sovereign-agentops/ A self-hosted MCP governance server for AI agents — the Community Edition demonstrates constitutional governance , Ed25519-signed audit trail , and EU AI Act -aligned compliance tooling. It provides 7 MCP tools that showcase policy enforcement, Ed25519-signed execution receipts, workspace path jailing, and local model routing — with real cryptography , not simulations. Deploy fully offline, air-gapped, or behind your own firewall with zero external dependencies. The full Enterprise platform 91 MCP tools, 486 endpoints, 88 web UI tabs, constitutional governance, service catalogue, compliance automation, fleet command, agent-owned assets, digital twin simulation, and autonomous incident resolution is available under a commercial license. 1. Install dependencies pip install cryptography =41.0.0 2. Run the MCP governance server JSON-RPC over stdio python3 tools/mcp server.py In another terminal, send it commands: List available tools echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | python3 tools/mcp server.py Check if a command is allowed by policy echo '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"demo policy check","arguments":{"command":"git push origin main","path":"/workspace/repo"}}}' | python3 tools/mcp server.py Sign an execution receipt with real Ed25519 echo '{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"demo receipt sign","arguments":{"action":"deploy","target":"web-app"}}}' | python3 tools/mcp server.py docker compose up --build The server runs in stdio mode inside the container. Send commands via stdin: echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \ | docker exec -i agentops-demo python3 tools/mcp server.py | Tool | Description | |---|---| demo policy check | Evaluate whether a command + path is allowed/blocked by policy | demo receipt sign | Create an Ed25519-signed execution receipt | demo receipt verify | Verify a receipt's Ed25519 signature | demo model route | Show which local LLM endpoint would handle a prompt | demo workspace jail | Check whether a path is confined within a workspace root | demo audit log | Return recent entries from the in-memory signed audit log | demo server info | Server metadata: version, public key, crypto backend | Every signed receipt includes the server's Ed25519 public key. Use the included CLI tool to verify: The server prints its public key on startup stderr and in every signed receipt python3 cli/receipt-verify.py --verify path/to/receipt.json The server generates a fresh Ed25519 keypair on first run, stored at ~/.config/agentops/ed25519 private.key permissions 0o400 . Teams adopting AI coding agents in regulated environments need to control what commands agents can run, audit every action with cryptographic proof, and operate entirely offline. This community edition demonstrates the concept with real crypto and real policy enforcement — the Enterprise platform delivers the full production stack. | Feature | Community | Enterprise | |---|---|---| | Policy enforcement allow/block/detect | 7 demo tools | Full production stack | | Ed25519-signed execution receipts | Yes | Yes | | Receipt verification CLI | Yes | Yes | | Workspace path jail | Demo | Full enforcement | | Model routing heuristic | Demo | 15+ provider routing | | Signed audit log | In-memory | SQLite hash-chain | MCP tools | 7 demo tools | 91 tools 91 static + 0 plugins | Constitutional governance | No | 6-layer Cortex, Policy, Autonomy, Memory, Federation | Web UI | No | 91+ tabs Flask + SocketIO | PostgreSQL / Redis persistence | No | Yes | Agent orchestration | No | Capability registry, message bus, DAG | Service catalogue | No | Auto-discovery, health, SLA | Observability hub | No | LLM tracing, SLOs, cost analytics | Compliance automation SOC2/HIPAA/PCI | No | Weighted scoring, PDF reports, SoD | Fleet command | No | Multi-instance, heartbeat, treaty-gated | Agent-owned assets | No | Token/data/compute/artifact/credential | Digital twin simulator | No | What-if analysis, scenario sim | Autonomous incident resolution | No | ML diagnosis, auto-resolve, pattern learning | Self-negotiating treaties | No | 6 treaty types, dual-signed | | SSO SAML/OIDC | No | Yes | | RBAC custom roles | No | Yes | | High-availability cluster | No | Yes | | Commercial license | Apache 2.0 | Enterprise EULA | Architecture Overview /geludobre/sovereign-agentops/blob/main/docs/architecture.md — governance layer design Security Model /geludobre/sovereign-agentops/blob/main/docs/security-model.md — defense-in-depth architecture Contributing Guide /geludobre/sovereign-agentops/blob/main/CONTRIBUTING.md — how to contribute Changelog /geludobre/sovereign-agentops/blob/main/CHANGELOG.md — release history Community Edition is open source under Apache 2.0 with an Enterprise Edition exclusion clause. See LICENSE.community /geludobre/sovereign-agentops/blob/main/LICENSE.community for details. Enterprise Edition features require a commercial license from FinBridge. Built on the MCP protocol. Governance, not lock-in. 🐛 Report bugs — GitHub Issues https://github.com/geludobre/sovereign-agentops/issues 📖 Read the docs — geludobre.github.io/sovereign-agentops/ https://geludobre.github.io/sovereign-agentops/ 💬 Enterprise inquiries — Enterprise Edition https://github.com/geludobre/sovereign-agentops-enterprise 📦 PyPI — pip install sovereign-agentops-community 🐳 Docker Hub — docker pull geludobre/sovereign-agentops-community