Envpod - Governance for AI agents

About

AI agents run with full system access and zero accountability. Docker isolates but doesn't govern. envpod wraps every agent in a copy-on-write overlay - your host is never touched until you review and commit. Encrypted credential vault, per-pod DNS filtering, action queue for dangerous ops, append-only audit trail. Single 13MB static binary. No daemon, no dependencies. 32ms warm start. Tested on 9 Linux distros. 41 agent configs included. Open source.