GVM-light weight governance runtime for AI Agents:Rust proxy, Linux kernel features(seccomp-bpf, namespace, overlayfs)

Source Code : skwuwu / Analemma-GVM A governance runtime for AI agents, built on Linux kernel security primitives. Analemma-GVM I wanted to run multiple autonomous AI agents (such as OpenClaw) for my personal affairs. But every time I let agents do everything they want, there was always a little anxiety. What if it does something it shouldn't? What if it leaks personal information or deletes important data? Existing answers (such as NemoClaw, OPA+Envoy) required Docker, an embedded Kubernetes cluster, NVIDIA GPUs, or Envoy sidecars. I wanted a lightweight alternative that doesn't need infrastructure setup and strictly enforces what agents do. So I built GVM (Governance Virtual Machine) — a lightweight security runtime for AI agents. Two small Rust binaries (CLI + proxy, ~22MB total), no Kubernetes, no service mesh, no GPU. It sits between your agent and its actions, and assumes the agent can't be fully trusted. Demo — Watch, Suggest, Enforce in 3 commands 33-second GIF, rendered from d