Safe, Untrusted, "Proof-Carrying" AI Agents: toward the agentic lakehouse

The project represents a high-level architectural proposal and paper (arXiv:2510.09567v1) rather than a production-ready tool. It scores a 3 for defensibility because, while the conceptual approach—applying the 'Write-Audit-Publish' (WAP) pattern and data branching to agent sandboxing—is technically sound and solves a real enterprise pain point (agent trust), the implementation is currently tied to a specific case study (Bauplan) and lacks a broader community (0 stars, 2 forks). The primary value is the 'agentic lakehouse' design pattern. The project faces high platform domination risk: enterprise data giants like Databricks (via Unity Catalog) and Snowflake (via Horizon) are the natural owners of this 'governance layer' for AI. As agents move from chat-based to tool-using, these platforms will likely integrate similar branching/governance features natively. The displacement horizon is 1-2 years, as this is the timeframe in which enterprise agentic frameworks will mature. The novelty lies in the specific combination of 'proof-carrying code' concepts with modern data lakehouse versioning primitives.