governed interfaces

agent-infrastructure open-source-governance agent-memory

governed interfaces

self.md radar — 2026-04-27

The control layer moved today: MCP got an enterprise security architecture, MinIO’s open repo went read-only and was forked within hours, and a new agent memory project argues recall improves when you forget on purpose.

preview deck: one security architecture for agents, one open-source rupture in storage, one memory system that treats decay as a feature.

1. Cloudflare turns MCP into something security teams can actually own

sources:

what happened: On 2026-04-14 Cloudflare published a reference architecture for enterprise MCP, stitching remote MCP servers, Cloudflare Access, MCP server portals, and AI Gateway into one stack. The same post introduces Shadow MCP detection in Cloudflare Gateway to flag unauthorized remote MCP servers running inside an org. A companion post launches Code Mode on top of MCP server portals: instead of exposing the Cloudflare API’s 2,500 endpoints as tools, it collapses access into search() and execute() with about 1,000 tokens of context. Cloudflare claims this cuts input-token use by 99.9% versus a naive MCP server, which would burn roughly 1.17 million more tokens for the same surface.

why this matters: Enterprise AI teams have been running MCP as a personal productivity hack; this is the first credible attempt to give CISOs a governed, observable, token-budgeted version of it. If this pattern sticks, MCP stops being a developer toy and becomes audited infrastructure with a per-employee policy plane.

2. MinIO’s repo is dead; the fork starts immediately

sources:

what happened: GitHub shows minio/minio was archived by the owner on 2026-04-25 and is now read-only, with the README declaring THIS REPOSITORY IS NO LONGER MAINTAINED. and pointing users to AIStor Free and AIStor Enterprise. Linuxiac reports community developers launched an independent fork under Pigsty within days to keep the open version alive. The fork’s README explicitly states it is a community-maintained continuation of minio/minio and not affiliated with MinIO, Inc.

why this matters: A widely deployed S3-compatible layer just slid from shared commons to vendor-only relic, and a lot of self-hosted AI and data pipelines quietly depend on it. The fork preserves continuity, but anyone building on “boring” storage should now treat their MinIO dependency as a fork-pinning decision, not a default.

3. memory systems are starting to forget on purpose

sources:

what happened: YourMemory positions itself as agentic AI memory built around an Ebbinghaus forgetting curve, and claims +16pp better recall than Mem0 on LoCoMo. The README’s argument is that most memory systems fail because they treat memory as a static filing cabinet rather than something that should decay. It exposes category-based decay windows: strategy memories persist longer, environment-specific failures fade fast.

why this matters: Recall improving when you throw context away is a real inversion of the “store everything forever” reflex most agent memory libraries inherited from RAG. If the LoCoMo numbers hold, decay tuning becomes a first-class knob in agent design alongside retrieval and embedding choice.

left on the table