Kubernetes workload awareness. What is running, where, who owns it. The starting point for every operational question.
One tool per system. Same pattern: check health, report structured status, hand off findings. The Pulse family covers databases (pgpulse, clickpulse, mysqlpulse, mongopulse, and growing). kubenow covers Kubernetes nodes.
PostgreSQL — replication lag, connection saturation, query performance, bloat detection.
Kubernetes — node diagnostics, pod failures, resource pressure.
See catalog.json for the full tool inventory.
The Spectre family: one scanner per system, same spectre/v1 output envelope, bounded niche. SpectreHub aggregates all findings without knowing scanner internals. The spectre/v1 envelope predates ANCC — a proto-convention that emerged organically and proved the pattern works.
Security scan aggregator. Collects spectre/v1 envelopes from all scanners, deduplicates, prioritizes.
HashiCorp Vault — secrets audit, policy drift, orphaned tokens.
14+ scanners covering AWS, GCP, S3, IAM, Kafka, PostgreSQL, Elasticsearch, DNS, CI/CD, ClickHouse, Snowflake, Redis, MongoDB, and AI/LLM spend. See catalog.json for the full list.
AI agent execution gates. Policy evaluation, approval workflows, audit logging. Gates all agent execution.
Secret redaction for agent-visible files. Export gates preventing credential leakage.
Infrastructure observer. Creates structured WOs from findings. The starting point for the meta-cognition loop.
Topology → Diagnostics: deployscope identifies a degraded deployment → database-specific pulse tool runs detailed health check → structured findings route to WO. One tool per engine (pgpulse, clickpulse, mysqlpulse, mongopulse). Same pattern, same contract, different system.
Topology → Security → Aggregation: deployscope identifies Kafka clusters → kafkaspectre scans each → spectrehub aggregates all findings into prioritized report.
Aggregation → Investigation → Remediation: spectrehub finding → nullbot creates WO → orchestrator dispatches → chainwatch gates execution → human approves PR.
Defense-in-depth composition: Four layers, four trust boundaries. Each layer constrains a different surface. No layer trusts another.
agent action
→ pastewatch (data boundary — redact secrets, alert in-band)
→ chainwatch (execution boundary — evaluate policy, gate or block)
→ seccomp (kernel boundary — deny dangerous syscalls at OS level)
→ eBPF (ground truth — observe actual syscalls, audit trail)Security is not detection. It is constrained composition across trust boundaries. An ANCC system is secure not because it detects bad behavior, but because it makes bad behavior structurally difficult to perform.
First-order: Fix infrastructure. deployscope → pulse tool → WO → PR → merge. See example.
Second-order: Improve observers. Inspector detects pattern → improvement WO → observer template updated.
Third-order: Governance. ancc validate across ecosystem → binding directive → agent resolves → human arbitrates.
A fourth axis cuts across all three: resource governance — what agents are allowed to spend on reasoning, and whether the thinking was worth it.
Agents running on cheap models at scale hit genuine ambiguity — the extend-vs-new rubric scores 2-3 out of 5, and the agent cannot break the tie. ANCC defines the escalation chain (try locally → conservative default → structured appeal → human) but does not prescribe a specific reasoning service.
Our solution: VectorCourt — adversarial reasoning where multiple models spar under branch pressure and produce a structured verdict with confidence scores. Agents POST their decision context and get back a verdict they can act on. It serves as a court of appeal for genuine ties, not a default path for routine decisions.
Your mileage may vary. Any structured reasoning service works at this layer — the contract is simple: send context, get verdict. The important thing is that agents have some appeal route when local heuristics fail, rather than guessing or stalling.