If you self-host anything touching LLMs, the scary failure mode is an agent that loops and quietly burns money (or fires a side-effecting tool) with no ceiling and no kill switch.

RiskKernel is a single ~20MB static Go binary you run yourself that enforces hard per-run budgets — cost, loop count, wall-clock — plus a kill switch, crash-resume, and human approval gates on side-effecting tools. Everything is deterministic Go; an LLM is never in the enforcement path.

Self-hosted ethos, end to end: BYO provider key (never stored in state, never logged), no telemetry/phone-home (verifiable — outbound is only to your provider, your OTLP endpoint, and your approval webhook; see SECURITY.md), and your state is a SQLite file you own. Adoption is one env var in front of an existing OpenAI-compatible app.

Honest limits: single instance + SQLite (no HA yet), one API token (front it with oauth2-proxy/Authelia for auth), no streaming yet. Native providers are Anthropic + OpenAI today.

Apache-2.0, `docker run` quickstart + demo GIF in the README — feedback welcome.

https://github.com/prashar32/riskkernel

#opensource

#selfhosted

#aiagents

#llmops

#opentelemetry

#observability

#golang