> lethaltrifecta
MCP_HACK//26 · Submissions open

lethaltrifecta

One control plane.
Every agent.
Governed.

Software is evolving from systems that answer to systems that act. These four projects explore the infrastructure layer that makes that shift durable, governable, and real.

View submissions Architecture

4

tracks entered

5

repos built

1

merged OSS PR

4k+

lines contributed

MCP_HACK//26 · Four Tracks

Four bets on the layer
after the model.

Governance, continuity, identity, and credentials. Different entry points into the same shift: software that can act.

01 · Secure & Govern MCP

CMDR

submitted

Agent Behavior Governance + freeze-mcp

Same model. Same tools. Different instructions. CMDR caught it. Captures agent runs via OpenTelemetry, detects behavioral drift against approved baselines, and gates deployments by replaying scenarios with frozen tool responses through freeze-mcp. Deployed. Medium article published.

track

Secure & Govern

partner

freeze-mcp

article

published ↗

CMDR repo freeze-mcp Medium

02 · Building Cool Agents

BEN

building

Conversational OS for kagent

BEN binds Slack threads to persistent kagent sessions with Human-In-The-Loop approval gates. Start an incident response in Slack — the agent's context never gets lost. Rich Block Kit dashboards, cross-restart checkpoint persistence, A2A routing.

runtime

kagent

platform

Slack

BEN repo

03 · Open Source Contributions

OIDC Browser Auth

merged

agentgateway PR #1233

agentgateway for all traffic, not just AI. Built-in OIDC authorization code + PKCE flow with no oauth2-proxy sidecar required. Route-owned policy, provider discovery, encrypted browser sessions. +4,053 lines — merged.

lines

+4,053

status

merged

PR #1233

04 · MCP & AI Agents Starter

agentbroker

building

AI Provider Credential Lifecycle via agentgateway ExtAuthz

Multi-tenant credential broker for AI providers — Anthropic, OpenAI, Gemini, Copilot. Plugs into agentgateway's ExtAuthz gRPC interface to inject provider tokens at request time. Envelope-sealed secrets, weighted selection with cooldown, lease hashing, memory + postgres backends.

providers

4

interface

ExtAuthz gRPC

backends

memory · postgres

agentbroker repo

Shared Substrate

What sits underneath.

Different projects. Same underlying shift: once software can act, the hard part moves into identity, policy, state, and control.

OIDC Browser Auth

PR #1233 · merged

+4,053 lines

agentbroker

ExtAuthz gRPC

AI credential lifecycle

Shared Infrastructure

Control Plane

the layer beneath software that can act

RoutingIdentityPolicyStateTrust

CMDR

Governance + Replay

+ freeze-mcp

BEN

Conversational OS

Slack → kagent

The Thesis

The model is the spark. The system is the engine.

The next generation of software will be judged less by what it can say than by what it can safely do.