Making autonomous agents accountable before they touch your repo.
I'm kaymyg. I build runtime security and risk-scoring tools for AI coding agents — sandboxing, telemetry, and threshold-based governance — so that Claude Code, Cursor, and Aider sessions stay contained even when something goes wrong.
Governance infrastructure for agents that write code unsupervised.
Two connected projects: one contains an agent's blast radius at runtime, the other scores its behavior across a session.
lean-agent-governance
active · v8.0A drop-in governance layer for AI coding agents. Sandboxes execution in a read-only host / read-write tmpfs split, caps patch size before anything reaches git apply, enforces session timeouts, and normalizes prompt-injection detection against zero-width and bidi-override smuggling.
View on Hugging Facemulti-agent-mcl
active · demoA three-stage risk pipeline that turns numeric telemetry — drift, divergence, exploitation, collusion, concealment — into a single Joint Risk Index, with a full calculation trace so every score is explainable rather than a black box.
Try the live demoSide-project thinking, kept separate from production work.
Not everything here is meant to ship. Some of it is just me following a big question as far as it goes.
CIMF — Cosmological Information Management Framework
speculative · theoreticalA hobby framework asking a deliberately huge question: what's the most principled way to design a system for preserving meaning and information across cosmological timescales? It's a seven-layer thought experiment spanning hardware fault-tolerance up to epistemic grounding — written and shared as theoretical exploration, not as a validated physical model.
Read the frameworkSelf-taught. In public. One repo at a time.
Learn by shipping
Every project here started as "can I get this to actually run" — the governance layer exists because I wanted to trust my own agent sessions.
Publish the failures too
Changelogs stay visible, including the bugs that got fixed along the way. A v8.0 with an honest history is worth more than a v1.0 that hides its mistakes.
Keep speculation labeled
Production tools and open-ended thought experiments live side by side here — clearly marked, so you know which is which.