initial commit
This commit is contained in:
75
07-Porównania/Sympozium vs frameworki in-process.md
Normal file
75
07-Porównania/Sympozium vs frameworki in-process.md
Normal file
@@ -0,0 +1,75 @@
|
||||
# Sympozium vs frameworki in-process
|
||||
|
||||
#sympozium #porównanie #langchain #crewai
|
||||
|
||||
## Kontekst
|
||||
|
||||
Frameworki in-process (LangChain, CrewAI, AutoGen, LlamaIndex) uruchamiają agentów w jednym procesie. Sympozium reprezentuje podejście "infrastructure-native".
|
||||
|
||||
## Porównanie architektoniczne
|
||||
|
||||
| Aspekt | In-process frameworks | Sympozium (K8s-native) |
|
||||
|--------|----------------------|------------------------|
|
||||
| **Wykonanie agenta** | Shared memory, single process | Ephemeral **Pod** per invocation |
|
||||
| **Orkiestracja** | In-process registry + queue | **CRD-based** + controller reconciliation |
|
||||
| **Sandbox** | Docker sidecar (long-lived) | Pod **SecurityContext** + Agent Sandbox |
|
||||
| **IPC** | In-process EventEmitter | Filesystem sidecar + **NATS JetStream** |
|
||||
| **Tool gating** | In-process pipeline | **Admission webhooks** + SympoziumPolicy |
|
||||
| **Persistent memory** | Files on disk | **SQLite + FTS5** na PVC |
|
||||
| **Scheduled tasks** | Cron jobs / external | **SympoziumSchedule CRD** |
|
||||
| **State** | SQLite + flat files | **etcd** + PostgreSQL |
|
||||
| **Multi-tenancy** | Single-instance file lock | **Namespaced CRDs** + RBAC |
|
||||
| **Scaling** | Vertical only | **Horizontal** - stateless control plane |
|
||||
| **Channels** | In-process per channel | Dedicated **Deployment** per channel |
|
||||
| **External tools** | Plugin SDKs | **MCPServer CRD** + auto-discovery |
|
||||
| **Observability** | Application logs | kubectl, OTel, TUI, Web UI |
|
||||
|
||||
## Dlaczego "infrastructure-native"?
|
||||
|
||||
Sympozium nie implementuje orkiestracji w kodzie aplikacji. Zamiast tego **mapuje koncepty agentowe na prymitywy Kubernetes**:
|
||||
|
||||
```
|
||||
LangChain concept → Sympozium concept → K8s primitive
|
||||
─────────────────────────────────────────────────────────────
|
||||
Agent → AgentRun → Job/Pod
|
||||
Tool → SkillPack sidecar → Container + RBAC
|
||||
Memory → Memory server → Deployment + PVC
|
||||
Chain → Sub-agents → Parent-child Jobs
|
||||
Guard rail → SympoziumPolicy → Admission Webhook
|
||||
Scheduler → SympoziumSchedule → CRD + Controller
|
||||
Callback handler → NATS events → JetStream pub/sub
|
||||
Vector store → SQLite FTS5 → PVC-backed DB
|
||||
```
|
||||
|
||||
## Analiza trade-offs
|
||||
|
||||
### Complexity
|
||||
- **In-process:** Prosty pip install, kilka linii Pythona
|
||||
- **Sympozium:** K8s cluster, Helm install, CRDs, controllers
|
||||
|
||||
### Flexibility
|
||||
- **In-process:** Dowolny Python code, łatwe prototyping
|
||||
- **Sympozium:** Deklaratywny YAML, ograniczony do tego co CRDs oferują
|
||||
|
||||
### Production readiness
|
||||
- **In-process:** Trzeba samemu zbudować izolację, scaling, monitoring
|
||||
- **Sympozium:** Built-in isolation, scaling, monitoring, multi-tenancy
|
||||
|
||||
### Debugging
|
||||
- **In-process:** Standard Python debugger, print statements
|
||||
- **Sympozium:** kubectl logs, OTel traces, TUI, CRD status
|
||||
|
||||
## Kiedy co?
|
||||
|
||||
| Scenariusz | In-process | Sympozium |
|
||||
|-----------|------------|-----------|
|
||||
| Prototyping | Idealne | Overkill |
|
||||
| Single developer | Idealne | Za dużo overhead |
|
||||
| Production multi-tenant | Trudne | Idealne |
|
||||
| Cluster operations | Niebezpieczne | Bezpieczne |
|
||||
| Scheduled automation | Wymaga dodatkowej infra | Built-in |
|
||||
| Compliance/audit | Wymaga budowy | Native |
|
||||
|
||||
---
|
||||
|
||||
Powiązane: [[Sympozium vs kagent]] | [[Kluczowe decyzje projektowe]] | [[Model efemerycznych agentów]]
|
||||
84
07-Porównania/Sympozium vs kagent.md
Normal file
84
07-Porównania/Sympozium vs kagent.md
Normal file
@@ -0,0 +1,84 @@
|
||||
# Sympozium vs kagent
|
||||
|
||||
#sympozium #porównanie #kagent
|
||||
|
||||
## Fundamentalna różnica
|
||||
|
||||
| | Sympozium | kagent |
|
||||
|---|-----------|--------|
|
||||
| **Model wykonania** | Ephemeral Pod (Job) per run | Persistent engine process |
|
||||
| **Optymalizuje dla** | Izolacja, bezpieczeństwo, auditability | Niska latencja, konwersacja |
|
||||
|
||||
## Szczegółowe porównanie
|
||||
|
||||
| Wymiar | Sympozium | kagent |
|
||||
|--------|-----------|--------|
|
||||
| **Agent runtime** | Ephemeral Pod (K8s Job) | Long-running engine (Python/Go ADK) |
|
||||
| **Tool isolation** | Sidecar per skill + ephemeral RBAC | In-process (MCP client w engine) |
|
||||
| **Kernel sandbox** | gVisor/Kata via agent-sandbox + warm pools | Brak |
|
||||
| **Multi-tenancy** | Namespace-per-tenant, per-instance RBAC, webhooks | Namespace-scoped CRDs |
|
||||
| **Agent packaging** | PersonaPacks (bundle personas+skills+schedules+memory) | Individual Agent CRDs |
|
||||
| **Persistent memory** | SQLite + FTS5 na PVC | Vector-backed (in-engine) |
|
||||
| **Channels** | Telegram, Slack, Discord, WhatsApp (dedykowane Deployments + NATS) | Slack, Discord (in-engine) |
|
||||
| **Scheduled runs** | SympoziumSchedule CRD + concurrency policies | Brak |
|
||||
| **MCP** | MCPServer CRD + auto-discovery + tool filtering + managed deploy | MCP tools as CRDs |
|
||||
| **Human-in-the-loop** | SympoziumPolicy CRD (admission-time) | Tool-level approve/reject w UI |
|
||||
|
||||
## Analiza: Tool Isolation
|
||||
|
||||
**To najważniejsza różnica z perspektywy bezpieczeństwa.**
|
||||
|
||||
### kagent (in-process):
|
||||
```
|
||||
Engine process (z credentials)
|
||||
↓
|
||||
Tool call: kubectl get pods
|
||||
↓
|
||||
Wykonanie w tym samym procesie z tymi samymi credentials
|
||||
```
|
||||
|
||||
Jeśli LLM "przekona" engine do złośliwego tool call → pełne uprawnienia engine'a.
|
||||
|
||||
### Sympozium (sidecar):
|
||||
```
|
||||
Agent container (BEZ credentials K8s)
|
||||
↓
|
||||
Tool call: kubectl get pods
|
||||
↓
|
||||
/ipc/tools/cmd.json → IPC Bridge → NATS → Skill Sidecar
|
||||
↓
|
||||
Sidecar (z scoped, ephemeral RBAC: ONLY get pods)
|
||||
```
|
||||
|
||||
Agent nigdy nie ma bezpośrednich credentials. Sidecar ma minimum wymaganych uprawnień.
|
||||
|
||||
## Kiedy który?
|
||||
|
||||
### Wybierz Sympozium gdy:
|
||||
- Agenty wykonują cluster-admin operations (kubectl, helm, scaling)
|
||||
- Multi-tenant environment (wiele zespołów, jeden klaster)
|
||||
- Scheduled, unattended runs (nocne sweepy, triage alertów)
|
||||
- Kanały poza Slack/Discord (Telegram, WhatsApp)
|
||||
- Kernel-level sandboxing (untrusted agent code)
|
||||
- Auditability i compliance requirements
|
||||
|
||||
### Wybierz kagent gdy:
|
||||
- Low-latency conversational agents (brak cold-start)
|
||||
- Google ADK, CrewAI, LangGraph integration
|
||||
- Single-tenant experimentation
|
||||
- A2A (Agent-to-Agent) protocol support
|
||||
- Lżejszy setup
|
||||
|
||||
## Trade-off spectrum
|
||||
|
||||
```
|
||||
Szybkość odpowiedzi ←─────────────────────────→ Izolacja/Bezpieczeństwo
|
||||
kagent Sympozium
|
||||
(persistent engine, (ephemeral pods,
|
||||
fast responses, strong isolation,
|
||||
shared process) per-run RBAC)
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Powiązane: [[Model efemerycznych agentów]] | [[Skill Sidecars i auto-RBAC]] | [[Agent Sandbox - gVisor i Kata]]
|
||||
Reference in New Issue
Block a user