Open source agentic infrastructure

Build your own OpenAI Frontier or Claude Platform on the same technology they are using with full control over the deployment, governance, and security. Deploy across different clouds or on premise.

Star on GitHub Get in touch

Why Nightshift?

Agent Agnostic

Run any agent SDK (Claude, OpenAI, LangGraph, or your own) on the same runtime without lock-in.

Kubernetes-Aware

Leverages Tetragon and Cilium to recognize workload identities like pods and namespaces, so policies map directly to your cluster.

Kernel-level Enforcement

Nightshift blocks malicious activity at the kernel level using Tetragon and sandboxed runtimes like Kata.

Real-time Policy Engine

Define network and runtime policies with CiliumNetworkPolicy and TracingPolicy, enforced synchronously in the kernel.

Namespace Coverage

Agents and the work products they produce are automatically covered by security policies scoped to their namespace.

Centralized Secrets

Native support for HashiCorp Vault and OpenBao. Inject secrets into agents without ever writing them to disk.

How it works

Nightshift architecture — data stores, kernel, workers, and telemetry flow. — Data stores (Memory, Artifacts, Runs, IAM, Storage, Usage Billing) are written by nightshift-api, which schedules agent pods into Kubernetes. The Observer watches every pod through Tetragon and Cilium; secrets and connectors plug in from the right; Metrics, Events, Logs, and Traces flow out to the operator's telemetry stack.

Defense in depth

Nightshift leverages Cilium and Tetragon for kernel-level enforcement. Agent pods run inside Kata micro-VMs with their own guest kernel, Cilium filters every packet leaving the pod via eBPF, and Tetragon hooks syscalls for runtime policy enforcement.

Cilium

First line of defense. eBPF network policies block agents from reaching anything you haven't explicitly allowed, enforced inline in the kernel before a single packet leaves the pod.

eBPFCiliumNetworkPolicyIdentity-aware

Tetragon

If traffic gets past the network layer, Tetragon hooks syscalls at the kernel level via kprobes. Malicious behavior is blocked before it ever touches userspace.

kprobesTracingPolicyReal-time

Kata Containers

Last resort. Even if every other defense is bypassed, the agent is trapped inside a hardware-isolated micro-VM with its own guest kernel. A kernel exploit can't escape to the host.

HypervisorGuest kernelVM boundary

Tetragon

If traffic gets past the network layer, Tetragon hooks syscalls at the kernel level via kprobes. Malicious behavior is blocked before it ever touches userspace.

kprobesTracingPolicyReal-time

nightshift-api · REST

Operators query any running agent on demand.

Running Agents

each pod exposes metrics + logs at the kernel

Tetragon / Cilium

kernel-level event and metric pipeline

Prometheus

metrics time-series

Loki

log aggregation

Grafana

operator dashboards · alerts · OpenTelemetry

Full visibility into every agent

Query logs, metrics, and processes from any running agent via REST API. Nightshift leverages Tetragon and Cilium to capture kernel-level events and ships everything to Grafana, Prometheus, and Loki for your operator team.

Deploy anywhere

One Helm chart. Any Kubernetes cluster. Cloud, on-premise, or air-gapped. Full control over your deployment, governance, and security.

# Add the Nightshift Helm repo
helm repo add nightshift
  https://charts.nightshift.sh

# Install into your cluster
helm install nightshift nightshift/nightshift
  --namespace nightshift
  --create-namespace

# Verify the deployment
kubectl get pods -n nightshift
NAME                          READY   STATUS
nightshift-d-0                1/1     Running
nightshift-d-1                1/1     Running