Envpod - Governance for AI agents

About

AI agents, given complete system privileges, operate without built-in oversight. While Docker provides isolation, it lacks control. Envpod addresses this by encapsulating each agent within a copy-on-write layer, ensuring your host system remains unmodified until you explicitly approve and apply changes. Features include an encrypted vault for credentials, DNS filtering specific to each pod, a queue to manage risky operations, and an immutable audit log. Delivered as a single, dependency-free 13MB static binary, it requires no background process and starts in just 32ms. The system has been validated across 9 Linux distributions, includes 41 preconfigured agent setups, and is open source.