SIDJUA V1.0: Self-Hosted Governance Platform for AI Agents

SIDJUA V1.0 is a self-hosted governance platform for AI agents that runs on Docker containers, including on Raspberry Pi hardware. The tool is AGPL-3.0 licensed and has no cloud dependencies.

Quick Start

For Mac and Linux: docker pull ghcr.io/goetzkohlberg/sidjua

For Windows with Docker Desktop and WSL2: There's a known issue where the security profile file isn't found correctly. To work around this, open docker-compose.yml and comment out the two lines under security_opt:

security_opt:
# - "seccomp=seccomp-profile.json"
# - "no-new-privileges:true"

Then run docker compose up -d. This disables some container hardening but is acceptable for home use. A proper fix is scheduled for V1.0.1 on March 31.

Key Features

• Mandatory governance checkpoints: Every agent task must pass rules before execution
• Encrypted API keys and secrets: AES-256-GCM with argon2-hashing, per-agent encryption
• Network isolation: Outbound validator blocks access to private IP ranges
• Default-deny security: Agent modules without sandboxes get denied, not warned
• State backup and restore: Single API call, rate-limited and auto-pruned
• Server-side LLM credential injection: OpenAI, Anthropic, etc. credentials never touch browser/client
• Granular budget limits: Per-agent and per-division cost controls
• Division isolation: Unknown or unauthorized divisions get rejected at system entry
• Runtime reorganization: Reassign roles and move agents between divisions without restart

Version Roadmap

• V1.0.1 (March 31): Fixes Windows Docker issue and adds 25 security hardening tasks from triple audit
• V1.0.2 (April 10): Adds random master key generation, inter-process authentication, and module secrets migration from plaintext to encrypted store

All fixes in V1.0.1 were cross-validated by three independent AI code auditors: xAI Grok, OpenAI GPT-5.4, and DeepSeek.