Evidra – Fail closed kill-switch for AI agents running kubectl/terraform

Source: Dev.to

Overview

I recently asked an AI agent to delete an unused folder—just files. That got me thinking about pre‑execution guardrails for AI agents working with infrastructure. To address this, I built Evidra, an MCP server that evaluates operations against deterministic OPA policies before execution. If an operation looks dangerous (e.g., protected namespaces, mass deletions, public S3 buckets, wildcard IAM permissions), it blocks it. There’s no LLM in the evaluation loop.

Features

• Deterministic policy evaluation using OPA.
• Focus on high‑impact disaster scenarios (protected namespaces, mass deletions, public S3, wildcard IAM, etc.).
• Lightweight design to keep the system fast and easy to adopt.
• Acts as a pre‑execution guardrail when automation is in the loop (not a replacement for admission controllers).
• Can be used in CI pipelines to guard Terraform plans or rendered manifests, blocking catastrophic changes before execution—whether triggered by a human or an agent.
• Every decision (allow or deny) is logged in a SHA‑256 hash‑chained evidence log for auditability.

Security Model

Details of the security model are documented here:
SECURITY_MODEL.md

Resources

• GitHub repository:
• Project website:

Feedback, especially from teams experimenting with AI‑assisted infrastructure workflows, is welcome.