{"id":47594815,"url":"https://github.com/t4cceptor/centian","last_synced_at":"2026-06-01T00:01:16.839Z","repository":{"id":335870038,"uuid":"1056252957","full_name":"T4cceptor/centian","owner":"T4cceptor","description":"Give your AI agents structure, guardrails, and full observability — the Agent control plane built on MCP.","archived":false,"fork":false,"pushed_at":"2026-05-30T12:45:12.000Z","size":11455,"stargazers_count":10,"open_issues_count":31,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-05-30T14:07:01.392Z","etag":null,"topics":["agent-framework","ai","ai-agent","ai-agents","ai-governance","control-plane","devtools","llm","llm-ops","llmops","mcp","mcp-server","model-context-protocol","observability"],"latest_commit_sha":null,"homepage":"https://centian.ai","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/T4cceptor.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-09-13T17:41:52.000Z","updated_at":"2026-05-15T06:36:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/T4cceptor/centian","commit_stats":null,"previous_names":["t4cceptor/centian"],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/T4cceptor/centian","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/T4cceptor%2Fcentian","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/T4cceptor%2Fcentian/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/T4cceptor%2Fcentian/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/T4cceptor%2Fcentian/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/T4cceptor","download_url":"https://codeload.github.com/T4cceptor/centian/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/T4cceptor%2Fcentian/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33753925,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-framework","ai","ai-agent","ai-agents","ai-governance","control-plane","devtools","llm","llm-ops","llmops","mcp","mcp-server","model-context-protocol","observability"],"created_at":"2026-04-01T17:58:47.045Z","updated_at":"2026-06-01T00:01:16.834Z","avatar_url":"https://github.com/T4cceptor.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eCentian\u003c/h1\u003e\n\u003cdiv align=\"center\"\u003e\n\n[![Release](https://img.shields.io/github/v/release/T4cceptor/centian)](https://github.com/T4cceptor/centian/releases)\n[![CI](https://img.shields.io/github/actions/workflow/status/T4cceptor/centian/ci.yml?branch=main)](https://github.com/T4cceptor/centian/actions/workflows/ci.yml)\n[![License](https://img.shields.io/github/license/T4cceptor/centian)](./LICENSE)\n\n\u003c/div\u003e\n\n\u003cdiv style=\"font-size: 12pt\"\u003e\n\n**Trust your AI Agents**: See what your AI agents do. Control what they're allowed to do. Verify they did what you approved — before, during, and after every task.\n\n\u003c/div\u003e\n\nKeep your systems safe from what your agents might do. Keep your agents safe from what the world throws at them. Built for the engineers who put agents into production and answer for what they do.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"./docs/images/centian_simple_diag3.png\" width=\"100%\" /\u003e\n\u003c/p\u003e\n\n## Why Centian exists\nYour AI Agents touch the filesystem, your APIs, your databases. They make decisions you can't always predict and take actions you can't always undo. And any new agent adds another thing to worry about at 2 am.\n\nYou're probably in the right place if any of these thoughts sound familiar:\n- \"I want to deploy agents in production but I can't justify the risk yet.\"\n- \"I have agents running and I'm not sure I'd notice if one of them did something wrong.\"\n- \"Compliance asked how we audit AI decisions and I don't have a clean answer.\"\n- \"Our automation already deleted a production database once. I'm not letting an agent near it without something in the way.\"\n\nCentian is the layer that sits between your agents and the systems they touch — capturing every action, enforcing what they're allowed to do, and verifying they did what they committed to do.\n\n## How Centian helps you\nCentian gives you four things out of the box:\n\n### 🔍 Audit trail \u0026 observability\nUnderstand what your agents did — and why.\nEvery tool call, every parameter, every result is captured and correlated to the task that produced it. Inspect any session, replay any decision, answer \"what happened?\" without guessing.\n\n### 🛡️ Realtime context \u0026 action guard\nSecure both your agents and the systems they access.\nCentian governs **what enters** the agent's context (untrusted inputs, prompt injection vectors) and **what leaves** it (destructive calls, sensitive data, unapproved tools) - **bidirectional, at runtime**.\n\n### ✅ Verified execution\nConfirm your agents are doing what you actually approved.\nYou define the workflow upfront. The agent commits to it as a frozen execution contract. Centian verifies each step against that contract — and handles deviations in real time.\n\n### 💥 Blast radius management\nExclude catastrophic scenarios by design.\nPer-phase tool allowlists, irreversible-action gating, and approval-wait phases mean dangerous tools are simply unavailable when they're not needed — not just \"we hope the agent won't call them.\"\n\nCentian gives you the runtime visibility and enforcement you need to catch failures fast, prove what happened, and constrain what's possible.\n\n\n## Getting started\n\n### Install\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/T4cceptor/centian/main/scripts/install.sh | bash\n```\n\nFor all install methods see [Installation Options](#installation-options).\n\n### Demo\n```bash\ncentian demo\n```\n\nThis starts a local Centian server, loads the bundled IT Ops incident demo into\nthe event database immediately, and opens the task run list at `/ui/tasks`.\n\nUse the demo for post-hoc analysis of a completed governed run:\n\n✔ Prompt injection evidence is detected and redacted\n✔ A disallowed operational tool call is blocked by process policy\n✔ A failed quality gate is saved as a governance event\n✔ The final run remains inspectable through the task detail UI\n\nFor more information about demos, including deprecated custom replay and\nagent-based runs, see [`demo/README.md`](demo/README.md).\n\n---\n\n### Using `init` for basic proxy setup (without process verification)\n\n```bash\n# 1. Initialize with a starter MCP server\ncentian init -q\n# Optional: check created config at ~/.centian/config.json\n\n# 2. Add your own MCP servers\ncentian server add --name \"filesystem\" --command \"npx\" --args \"-y,@modelcontextprotocol/server-filesystem,/path/to/project\"\ncentian server add --name \"deepwiki\" --url \"https://mcp.deepwiki.com/mcp\"\n\n# 3. Start the proxy\ncentian start\n\n# 4. Point your MCP client at Centian (use the config shown during init)\n```\n\n### With process verification\n\nAdd capabilities to your config at `~/.centian/config.json`. In the flat layout, capabilities go under `proxy`; in the project-based layout, they go on each project:\n\n```json\n{\n  \"proxy\": {\n    \"capabilities\": {\n      \"taskVerification\": {\n        \"enabled\": true,\n        \"templatesPath\": \"/path/to/task-templates\"\n      },\n      \"eventStorage\": {\n        \"enabled\": true,\n        \"driver\": \"sqlite\"\n      },\n      \"ui\": {\n        \"enabled\": true\n      }\n    }\n  }\n}\n```\n\nNote: by default task-templates/integrated are automatically integrated in centian, but can/will be overwritten by templates using the same task.id\n\nStart Centian and open the UI:\n\n```bash\ncentian start\n# UI available at http://localhost:9666/ui/tasks\n```\n\n## Documentation\n\nThe deep documentation lives under [`docs/`](docs/README.md).\n\n- [Getting Started](docs/getting_started.md)\n- [Configuration Reference](docs/configuration_reference.md)\n- [Processor Development](docs/processor_development_guide.md)\n- [Task Template Authoring](docs/task-template-authoring.md)\n- [Taskverification Runtime](docs/TASKVERIFICATION.md)\n- [MCP Proxy Best Practices](docs/mcp_proxy_best_practices.md)\n\n## Installation Options\n\n| Method | Platform | Full UI | Command |\n|--------|----------|---------|---------|\n| Shell script | Linux, macOS | ✓ | `curl -fsSL .../install.sh \\| bash` |\n| Release binary | Linux, macOS, Windows | ✓ | Download from [releases](https://github.com/T4cceptor/centian/releases) |\n| `go install` | Any | ✗ | `go install github.com/T4cceptor/centian@latest` |\n| Docker | Linux, macOS, Windows | ✓ | `docker run t4ce/centian:latest` |\n| Homebrew | — | — | Planned |\n\n### Shell script (recommended)\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/T4cceptor/centian/main/scripts/install.sh | bash\n```\n\nSupports `--version` and `--install-dir` flags. Installs to `~/.local/bin` by default.\n\n### Release binaries\n\nDownload the appropriate archive from the [latest release](https://github.com/T4cceptor/centian/releases/latest), extract it, and place `centian` on your `PATH`.\n\n### `go install`\n\n```bash\ngo install github.com/T4cceptor/centian@latest\n```\n\nRequires Go 1.25+. Builds without the embedded web UI — use a release binary or Docker for the full UI.\n\n### Docker\n\n```bash\n# Full image (Linux, macOS, Windows)\ndocker run --rm -p 9666:9666 t4ce/centian:latest\n\n# Alpine image\ndocker run --rm -p 9666:9666 t4ce/centian:latest-alpine\n```\n\n### Homebrew\n\nHomebrew support is planned.\n\n---\n\n## Current Status\n\nCentian is usable and actively developed, but it's pre-1.0 with deliberate gaps. We're transparent about what works and what doesn't yet.\n\n**Working today:**\n- MCP proxy with gateway aggregation and tool namespacing\n- Project-based isolation: per-project databases, route prefixes, capabilities, and auth (multi-tenancy preparation)\n- Programmable processor chain (CLI and webhook)\n- Process verification with template-based workflows, frozen execution contracts, and per-phase tool governance\n- SQLite event persistence with task/action correlation\n- Embedded read-only UI for task run inspection\n- Structured JSONL request logging\n- Auto-discovery of existing MCP configs (`centian init -p \u003cpath\u003e`)\n- API key authentication with per-gateway and per-project scoping\n\n**Known limitations:**\n- Task run state is in-memory only (not restorable after restart)\n- Governance is tool-level, not semantic (no read vs. write distinction within a tool)\n- SQLite is the only storage backend (Postgres planned)\n- OAuth support or downstream MCP servers is limited, not all flows are supported yet\n- The UI is read-only (no task control actions from the UI yet)\n- Approval-wait phases block tools but have no dedicated approve/resume mechanism yet\n\nAPIs and data structures may change before v1.0, particularly the processor interface and event schemas.\n\n---\n\n## Development\n\n```bash\nmake build          # Build to build/centian\nmake install        # Install to ~/.local/bin/centian\nmake test-all       # Run unit + integration tests\nmake test-coverage  # Test coverage report\nmake lint           # Run linting\nmake dev            # Clean, fmt, vet, test, build\n```\n\n---\n\n## License\n\nApache-2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ft4cceptor%2Fcentian","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ft4cceptor%2Fcentian","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ft4cceptor%2Fcentian/lists"}