ZitPit: Consumer-Side Admission Control for Agentic Software Intake

TL;DR

ZitPit is an open-source Rust system that enforces stricter consumer-side control over external artifacts in AI development environments by making their admission a durable policy event.

Contribution

It introduces an architectural framework unifying artifact admission, execution control, and policy recording at the consumer boundary for agentic workflows.

Findings

Approved artifacts can be faster than unmanaged fetches.

Implemented protected-session and governed-egress proof families.

Narrow, explicit evidence from Git smart-HTTP intake measurements.

Abstract

AI IDEs and coding agents compress discovery, fetch, workspace open, installation, and execution into one low-observability loop. Existing defenses such as provenance frameworks, package and repository firewalls, runtime protection, and tool-approval prompts each cover part of that path, but they often leave the final consumer-side execution decision implicit. ZitPit is a 100% open-source Rust system that argues for a stricter boundary: first-seen external artifacts should become durable policy events before they gain execution rights on protected developer or CI hosts. The current public evidence is intentionally narrow and explicit. It includes repeated Git smart-HTTP intake measurements showing that approved artifacts can remain faster than unmanaged public fetch, plus implemented protected-session and governed-egress proof families. The broader contribution is architectural rather than universal-coverage-by-assertion: ZitPit unifies artifact admission, repo-open state, capability-scoped execution, and durable policy records at the consumer execution boundary for agentic workflows.