Agent OS
/A self-hosted "AWS for AI agents"
↑ ↓ to navigateRustPython / FastAPINext.jsvLLMDocker ComposeTimescaleDBpgvectorQdrantNeo4jRedisPrometheus / Grafana
L1
Govrix Scout
OpenAI-compatible reverse proxy that enforces per-agent policy on every LLM call.
Why it exists
Governance only works if it's on the critical path, not bolted on later. By running every request through one Rust proxy, budgets, PII scans, threat detection, cost attribution and a tamper-evident Merkle audit trail all work with zero changes to agent code — just point the agent at port 4000. It's also the integration bus that makes the rest of AgentOS opt-in.
Key decision
Governance on the critical path was a deliberate trade-off: bolting it on later meant optional adoption. Mandatory proxy = 100% coverage with zero agent-side changes.
Built on
Govrix ScoutConnects
← from
L0 DashboardAgent
→ to
L2 Capability Layer
Beneath
- 10-crate Rust workspace (hyper + tokio)
- Proxy :4000 · mgmt API :4001
- SHA-256 Merkle tree audit log w/ inclusion proofs
- Redis-backed budget enforcer · PII/prompt-injection guardrails
- Model router · circuit breaker · dual event sinks (Redis + ScyllaDB)
Stack
RusthypertokioTimescaleDB