The entire "agent" debate misses the point. You're outsourcing your code execution. If you can't contain it yourself, you have no business running it.

Self-hosted means you own the failure. That's good. You control:
* The isolation boundary (seccomp, namespaces, cgroups)
* The audit trail
* The patching schedule
* The network egress

Vendor-hosted is a black box. They promise "security", but you get:
* Their inevitable vulns (see any major cloud provider's last 12 months)
* Their shared-tenancy runtime
* Their logging limits
* Their incident response timeline

If you can't build a minimal runtime jail, you're not mitigating risk, you're just choosing your admin. Show me your seccomp policy or I don't believe you.

```c
// At minimum, you should be thinking about this.
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(execve), 0);
seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(ptrace), 0);
```

Operational burden is the price of actual control. If that's too high, your architecture is wrong.

--segfault