Authors: 

@Gegi Thomas - Senior Technical Staff Member

1. Overview

As Generative AI shifts from simple chat interfaces to autonomous workflows, enterprises face a critical barrier: Governance at Scale. While agents reduce manual work, the risks of data egress and non-deterministic behavior in regulated industries remain a hard barrier to adoption.

Agent provisioning workflow

2. Out-of-the-Box Agents

We've introduced four specialized agent templates designed for rapid deployment without sacrificing domain-specific logic.

Execution

Agents run in transient, isolated containers within the tenant's workspace.

Control

Policies define what the agent can decide, when it must escalate, and what it must never do — expressed in plain language that compliance teams can read and sign off on, not just engineers.

Connectivity

Uses MCP (Model Context Protocol) and OpenAPI for secure tool integration.

Agent Harness

A thin orchestration wrapper that bootstraps agent context, injects guardrails, and wires tools before any reasoning begins — ensuring every run starts from a trusted, policy-compliant baseline.

Observability

Distributed traces for every agent run are emitted to Grafana Tempo — an open-source, cost-effective tracing backend. Each reasoning step, tool call, and retrieval event becomes a queryable span, giving operators full end-to-end visibility without data leaving the cluster.

4. Built to Be Configured, Not Customized Around

Most agent platforms lock you into their model choice and their defaults. CUGA inverts this — the platform has no opinion on your domain, your model, your tools, or your data sources. Model selection is a first-class configuration: point the agent at any model-as-a-service endpoint you've approved, or on Sovereign Core, run open-source models entirely under your own infrastructure. The model you choose directly shapes the agent's reasoning quality, latency, and cost — so that decision belongs to you, not the platform. Policies, tools, and knowledge follow the same pattern, each independently configurable with no dependency between them.

Each dimension is independently configurable — change your tools without touching your policies, or swap your knowledge base without redeploying.

5. CUGA — Open Source Agent Runtime

Open Source — github.com/cuga-project/cuga-agent

The execution layer powering these agentic capabilities is built on CUGA (Configurable Agent-Harness for the Enterprise) — an open-source framework that runs every agent in Sovereign Core. Because CUGA is open source, enterprises can inspect every line of reasoning logic, audit the graph execution, and extend the framework to meet their specific compliance requirements.

This is not incidental: open source is a sovereignty guarantee. When an agent's runtime is a black box, sovereignty is a promise. When it's open code, sovereignty is verifiable. CUGA's LangGraph-based execution graph gives regulated industries the auditability they need — every reasoning step and tool call is traceable and tied to an open, inspectable execution trace.

For general-purpose CUGA deployments, the default backbone is gpt-oss-120b — a high-capacity open-source model that handles complex, multi-step reasoning while remaining fully air-gapped within your infrastructure. Because CUGA is model-agnostic by design, the model layer is swappable: teams already running gpt-oss-20b on Model as a Service can reuse the same configuration, and additional open-source models are coming soon.

The observability stack is equally open: CUGA emits OpenTelemetry traces for every reasoning step directly into Grafana Tempo, an open-source distributed tracing backend. Operators get per-run flame graphs, tool-call latencies, and retrieval timings — all stored and queried inside the tenant's own infrastructure, with no telemetry phoning home.

Runtime highlights: LangGraph execution; MCP tool integration; policy-driven reasoning; gpt-oss-120b (default); gpt-oss-20b (MaaS); more models coming soon; Grafana Tempo (OpenTelemetry tracing).

Video demo: Provisioning to Deployment

6. Sovereignty & Value

Sovereignty has practical consequences beyond compliance. Because agents are defined by portable JSON manifests, a team can export an agent's full configuration — policies, tools, knowledge references — and redeploy it to a different sovereign node without rebuilding from scratch.

7. Key Takeaways

• Sovereignty by Design: Data never leaves the workspace, and reasoning is strictly guided by policies.
• Auditable by default: Every configuration change and agent interaction is captured in a full audit history you can export for review.
• Faster deployment: Pre-built agent templates give teams a working, governed starting point rather than a blank slate — reducing the time from design to production.
• Open Source = Verifiable Sovereignty: The underlying CUGA runtime is open source. Customers can inspect, audit, and extend the execution graph — turning sovereignty from a vendor promise into a technical fact.
• Open-Source Models, Zero Data Egress: General CUGA deployments run on gpt-oss-120b by default, while specialized agents use gpt-oss-20b via Model as a Service. More open-source models are on the roadmap — the platform is model-agnostic by design.
• Open-Source Observability with Grafana Tempo: Every agent run emits OpenTelemetry traces into Grafana Tempo, giving operators full visibility into reasoning steps, tool calls, and retrieval latencies — all inside the tenant's own infrastructure.

8. What's Next

The capabilities shipped today are the foundation. The roadmap extends the agent framework across four areas — making agents more context-aware, more capable, and more deeply integrated with enterprise event systems.