We built an open-source, sidecarless service mesh to govern autonomous AI agents on Kubernetes.
The Problem: Standard meshes (Istio/Cilium) operate at L4/L7. They see connections, but they don't see intent. If an autonomous agent gets stuck in a loop and burns $1,000 in OpenAI tokens, or decides to run DROP TABLE to "optimize storage," a standard mesh sees a valid HTTP 200 OK.
The Solution: SemaMesh uses eBPF (sock_ops) to transparently intercept outbound traffic from AI pods and route it through a local semantic proxy (Go) that enforces "Layer 8" policies.
Features: . eBPF-based: No sidecar injection required. . Semantic Blocking: Parses JSON prompts to block high-risk intent (e.g., "delete database") before it leaves the node. . Stateful Pause: Integrates with CRIU to freeze/checkpoint a rogue agent's process state for forensics instead of just killing the pod. . Token Quotas: Rate limit by $$ cost, not just requests per second.
Tech Stack: . Datapath: C (eBPF) . Proxy/Control Plane: Go . Orchestration: Kubernetes (DaemonSet/Operator)
We just released v0.4.0 with a "Smoke Test" script that spins up a local Kind cluster and simulates a "Rogue Agent" attack so you can see the blocking logic in action.
Repo: https://github.com/semamesh/SemaMesh
Would love feedback on the eBPF interception logic or the CRIU integration approach.