Analysis updated 2026-05-18
Block an AI agent from making unauthorized outbound network requests.
Get a tamper-evident audit log of every allowed and denied request.
Prove compliance with OWASP ASI02/ASI03 controls for AI systems in Kubernetes.
| aegrail/aegrail-engine | anas727189/message-broker-system | anfernee/k8s-ipam-webhook | |
|---|---|---|---|
| Stars | 1 | 1 | 1 |
| Language | Go | Go | Go |
| Last pushed | — | — | 2019-04-11 |
| Maintenance | — | — | Dormant |
| Setup difficulty | hard | moderate | hard |
| Complexity | 5/5 | 3/5 | 4/5 |
| Audience | ops devops | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires a Kubernetes cluster and Helm, the project is pre-release.
aegrail-engine is a security enforcement layer for AI agents running in Kubernetes, the container orchestration platform used to manage software at scale in the cloud. It is a Go sidecar, meaning a small companion process that runs in the same pod (the smallest deployable unit in Kubernetes) as your AI agent, intercepting all outbound network traffic before it leaves. The problem it solves: an AI agent might try to make web requests to unauthorized services, and you want to stop that at the network level regardless of what programming language the agent is written in. The aegrail Python library can enforce rules inside a Python agent's own code, but that doesn't protect against agents written in other languages, or Python code that bypasses the library entirely by opening raw network connections. The engine closes that gap by sitting between the agent container and the outside world, enforcing an allowlist of approved destinations at the HTTP proxy level. Every request the agent makes gets checked against the per-agent allowlist. Approved requests pass through, denied requests are blocked and recorded as egress_denied events in an audit log. The log uses SHA-256 hashing to make records tamper-evident, meaning you can detect after the fact if anyone altered the logs. The engine is deployed using a Helm chart (a standard Kubernetes packaging format) and maps to OWASP ASI02/ASI03 control categories for AI system security. You would use this if you run AI agents in Kubernetes and need verifiable, language-agnostic proof that those agents only communicated with approved services. The project is pre-release as of the README date.
A Go sidecar that enforces which network destinations an AI agent running in Kubernetes is allowed to reach, regardless of what language the agent is written in.
Mainly Go. The stack also includes Go, Kubernetes, Helm.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.