IT-RAT agent governance/the stack Stack Proof Consulting Enterprisesoon
IT-RAT · cloud security · IAM · FinOps

Run AI agents like a workforce, not a wildfire.

A new hire gets a contract, a budget, a badge and a manager. An AI agent usually gets an admin key and a prayer. We build the open-source stack that closes that gap: seven services that meter, police, remember, identify, audit and rehearse your agents at runtime, proven on real infrastructure before anyone saw a slide about it.

Enter the stack
0
real Claude calls in one governed validation run
0
of would-be overspend intercepted before it happened
0
leader re-election across four machines, mid-crash
0
double-spends under 500 concurrent agents
the stack

Ten doors, one corridor.

Every service has its own room: what it does, how it behaves over a live time window, and where it sits in the wiring. Walk the corridor with the arrows on each page, scroll this rail sideways, or hit ⌘K and type two letters.

scroll sideways, or drag
how it wires

One passport, one event bus, four planes of control.

Every request carries an Agent Passport. Money and policy sit in the request path; memory, identity, crypto, quality and rehearsal watch the same NDJSON event stream off-path. Nothing here is a dashboard after the fact: the gateway enforces in-line, in seconds.

agent carries a passport TokenFuse budgets · breaker · router 402 when the money stops Wardryx allow · deny · hold model provider Anthropic · OpenAI · local agent-event bus · NDJSON · taipanbox.dev/agent-event /v1/decide Engram Idryx Qryx Verdryx Mockryx
money
Per-run budgets, loop detection, burn forecast, a breaker that answers 402 in seconds.
policy
Deterministic allow, deny or hold-for-a-human. No model in the decision path.
knowledge
Memory with provenance: what the agent knew, when it knew it, and why.
trust
Identity, crypto posture, quality drift and pre-prod drills over the same events.
proof, not promises

Validated on real infrastructure. Then torn down.

Before this site existed, the stack ran on disposable boxes across Hetzner, AWS and GCP with a real Anthropic key: four physical machines holding one budget over a real network, a partition with no split-brain, and a kill switch cutting real spend. Live testing found real bugs; every one was fixed and re-verified before launch. The bug ledger is public in each repo's VALIDATION.md.

0/8000
requests served under 100-500 concurrent agents, none dropped
0
real Linux binaries scanned by Qryx, zero crashes
0
concurrent agents filtered exactly right: 6 served, 10 blocked, 6 denied
0
semantic facts distilled from live model output, with provenance
0
measured cost of one correctly resolved case
0
guardrail gaps in Mockryx fire drills, three hostile scenarios
“Your AI agents are employees. You just forgot to onboard them.” Tania Fedirko, FinOps expert, on why this stack exists
the consultancy behind it

Boutique by choice. Senior by default.

IT-RAT is a small cloud practice: Zero Trust and IAM architecture, FinOps that survives an auditor, and AI adoption that doesn't end up on the front page for the wrong reason. The stack on this site is how we work in the open; if we ever take an engagement together, this is roughly what it looks like.

  • Cloud security & IAM. Identity-first architecture on AWS and GCP: least privilege that people can actually live with.
  • FinOps for AI. Budgets, showback and unit economics for LLM workloads, wired into the tooling your finance team already reads.
  • Agent governance. Deploying this stack, or the ideas behind it, inside your perimeter: runtime enforcement, not another dashboard.
engagement, roughly
Week 0A short, honest call. If we're not the right fit, we say so and point you somewhere better.
Weeks 1-2Assessment on your real estate: identities, spend paths, agent surfaces. No slideware.
Weeks 3+Architecture and hands-on build with your team. We leave runbooks, not lock-in.
AlwaysEverything reproducible, everything explainable to an auditor.
the people

Two of us, plus the agents.

IT-RAT is built and run by two people who spend their working lives in exactly the two rooms this stack lives in: cloud security and cloud money.

Yurii Kostiuk
co-founder · cloud security & IAM

Yurii Kostiuk

Lead Security Architect · ex AWS Community Builder

IAM solutions architect and cloud security consultant: Zero Trust, identity, DevSecOps and platform resilience across AWS and GCP. The stack's view that an agent deserves a badge, a budget and a boundary comes straight from this desk.

IAMZero TrustCloud SecurityData SecurityCryptographyAWS / GCPKubernetesGo
CISSP · CCSP · TOGAF 9 · CKA / CKS · AWS SA Professional · Google Professional Cloud Architect
inConnect on LinkedIn
Tania Fedirko
co-founder · finops & cost governance

Tania Fedirko

Principal FinOps Architect · AWS Community Builder

FinOps expert in cloud financial governance, cost optimization and multi-cloud strategy. Tania aligns engineering, finance and business, and applies FinOps practice to LLM APIs and token-based usage: the reason this stack meters money before it meters anything else.

FinOpsFinOps for AICost governanceMulti-cloudGreenOps
FinOps Certified Professional · FinOps Certified Practitioner
inConnect on LinkedIn
Status, honestly: IT-RAT is not a commercial organization today. This site exists to explain the stack and the thinking behind it. Right now our energy goes into open-source agent governance and helping people adopt it, not into commercial engagements. For now.