Control What Your AI Agents Can Do: Archestra + Ollama Hands-On

Control What Your AI Agents Can Do: Archestra + Ollama Hands-On

More

Descriptions:

Fahd Mirza walks through Orchestra (stylized as Archestra), an open-source platform built for running AI agents safely in production, created by the team behind Grafana OnCall. The core problem it solves: when an agent connects to MCP (Model Context Protocol) servers and begins calling tools autonomously, operators have no visibility into which servers are being touched or how to halt runaway behavior. Orchestra inserts itself as a proxy between the agent and MCP servers, enforcing per-tool access policies in real time.

The entire demo runs on local hardware — a Qwen 3.6 27B model via Ollama on an Nvidia H100, though the presenter notes any GPU supporting tool use will work. Setup requires a single Docker command that bootstraps a full stack: an embedded Kubernetes cluster using kind, a Dagger sandboxed code execution engine, a PostgreSQL database with automatic migrations, and pre-configured LLM proxy routes for Anthropic, OpenAI, AWS Bedrock, Ollama, and vLLM.

The key differentiator highlighted in the video is Orchestra’s tool-level guardrail system. Each MCP server runs as an isolated Kubernetes pod, and individual tools can be set to allow, require human approval, or block entirely. The platform automatically classifies discovered tools — tagging them as read-only, idempotent, or sensitive — and flags tool outputs accordingly. For enterprise deployments, Orchestra ships with SSO, RBAC, a Terraform provider, and a Kubernetes operator, making it one of the more complete open-source options for teams that need production-grade MCP infrastructure without building it from scratch.


📺 Source: Fahd Mirza · Published June 30, 2026
🏷️ Format: Hands On Build

1 Item

Channels