docker · vitas · Mar 3, 2026
@@ -0,0 +1,31 @@
+# Evidra
+
+Designed for AI agents operating your infrastructure.
+Fail-closed policy guardrails for AI agents running kubectl, terraform, helm, argocd, and oc.
+
+## Overview
+
+Evidra is a kill-switch for AI agents managing infrastructure. Experimenting with AI in staging? Add a kill-switch first. Blocks dangerous ops. Allows safe ones. Every decision logged.
+
+## What it catches
+
+- Protected namespace deletions (e.g. kube-system, default)
+- Mass resource removal
+- Public S3 bucket creation
+- Wildcard IAM policies
+- Dangerous ArgoCD sync operations
+- Other high-impact infrastructure mistakes
+
+## Key features
+
+- **Zero-config**: embedded OPA policy bundle, works out of the box
+- **Fail-closed**: if policy evaluation fails, the operation is blocked
+- **Deterministic**: pure OPA/Rego rules, no LLM in the decision loop
+- **Evidence trail**: every allow/deny decision logged with cryptographic signatures
+- **Lightweight**: focused on catastrophic scenarios, not a full compliance engine
+
+## Links
+
+- [GitHub Repository](https://github.com/vitas/evidra)
+- [Security Model](https://github.com/vitas/evidra/blob/main/docs/SECURITY_MODEL.md)
+- [Landing Page](https://evidra.samebits.com)
@@ -0,0 +1,23 @@
+name: evidra
+image: mcp/evidra
+type: server
+meta:
+  category: devops
+  tags:
+    - kubernetes
+    - terraform
+    - security
+    - policy
+    - opa
+    - ai-agents
+    - infrastructure
+about:
+  title: Evidra
+  description: Fail-closed policy guardrails for AI agents running kubectl, terraform, helm, argocd, and oc. Evaluates OPA policy before destructive operations, returns allow/deny with cryptographic evidence trail.
+  icon: https://www.samebits.com/evidra-icon.png
+source:
+  project: https://github.com/vitas/evidra
+  commit: 4a70ed3fa6d29a6e1c50039a8230923ff0e3d040
+run:
+  env:
+    EVIDRA_DENY_CACHE: "true"
@@ -0,0 +1,49 @@
+[
+  {
+    "name": "validate",
+    "description": "Evaluate OPA policy against a proposed infrastructure operation. Call BEFORE executing destructive commands (kubectl apply, terraform apply, helm install, argocd sync, oc apply). Returns allow/deny decision with risk level, reasons, and a cryptographically signed evidence record. If allow=false, the operation MUST be blocked.",
+    "arguments": [
+      {
+        "name": "actor",
+        "type": "object",
+        "desc": "Invocation initiator identity. Required fields: type (human|agent|ci), id (actor identifier), origin (mcp|cli|api)."
+      },
+      {
+        "name": "tool",
+        "type": "string",
+        "desc": "Execution tool name: kubectl, terraform, helm, argocd, or oc. Use the tool that performs the mutation, not the manifest generator."
+      },
+      {
+        "name": "operation",
+        "type": "string",
+        "desc": "Operation being performed (e.g. apply, delete, plan, sync)."
+      },
+      {
+        "name": "environment",
+        "type": "string",
+        "desc": "Target environment label for environment-specific policy (e.g. production, staging). Optional; defaults to server default."
+      },
+      {
+        "name": "params",
+        "type": "object",
+        "desc": "Operation parameters including payload. The payload can be a native Kubernetes manifest or a flat internal shape; Evidra canonicalizes it before policy evaluation."
+      },
+      {
+        "name": "context",
+        "type": "object",
+        "desc": "Optional free-form context metadata about the request origin."
+      }
+    ]
+  },
+  {
+    "name": "get_event",
+    "description": "Retrieve a previously recorded evidence event by its identifier. Returns the full evidence record including decision, risk level, reasons, and signature.",
+    "arguments": [
+      {
+        "name": "event_id",
+        "type": "string",
+        "desc": "Evidence event identifier (ULID format)."
+      }
+    ]
+  }
+]