DevOps Guardrail
A concrete EC2 termination scenario showing policy rejection before execution.
Scenario
An AI operations agent observes low CPU and low request volume on an EC2 instance. It infers the instance is unused and proposes termination to reduce cost.
What direct API execution would do
Without governance, the agent can call the termination API immediately:
terminateInstance("i-0ab1cdef23456789");
That mutation assumes the agent's inference is correct. It does not require dependency analysis, policy review, or a bounded execution contract.
What OpenKedge does instead
The agent submits an intent proposal:
{
actor: "agent.ops.autoscaler",
target: "aws:ec2:i-0ab1cdef23456789",
intent: "terminate_instance",
desiredOutcome: "remove_unused_capacity"
}
OpenKedge expands context and finds:
- the instance still drains an internal queue worker
- the autoscaling group has no approved replacement instance
- production continuity policy forbids termination during the active traffic window
The policy engine rejects the mutation. No execution contract is created. No task identity is issued. No EC2 termination call occurs.
Why this is better
The agent can remain imperfect while the system remains safe. That is the key architectural shift:
- agent reasoning can be probabilistic
- mutation governance must be deterministic
The rejected mutation still produces decision evidence, so operators can audit exactly why the system refused to act.