● self-taught · building in public

Making autonomous agents accountable before they touch your repo.

I'm kaymyg. I build runtime security and risk-scoring tools for AI coding agents — sandboxing, telemetry, and threshold-based governance — so that Claude Code, Cursor, and Aider sessions stay contained even when something goes wrong.

SESSION MONITOR — live demo
agent claude-code · session #0417
sandbox tmpfs · git-tracked only
status scanning
0warn 35quarantine 65100

Governance infrastructure for agents that write code unsupervised.

Two connected projects: one contains an agent's blast radius at runtime, the other scores its behavior across a session.

lean-agent-governance

active · v8.0

A drop-in governance layer for AI coding agents. Sandboxes execution in a read-only host / read-write tmpfs split, caps patch size before anything reaches git apply, enforces session timeouts, and normalizes prompt-injection detection against zero-width and bidi-override smuggling.

Claude Code Cursor Aider MIT
View on Hugging Face

multi-agent-mcl

active · demo

A three-stage risk pipeline that turns numeric telemetry — drift, divergence, exploitation, collusion, concealment — into a single Joint Risk Index, with a full calculation trace so every score is explainable rather than a black box.

Risk scoring Telemetry Live Space
Try the live demo

Side-project thinking, kept separate from production work.

Not everything here is meant to ship. Some of it is just me following a big question as far as it goes.

CIMF — Cosmological Information Management Framework

speculative · theoretical

A hobby framework asking a deliberately huge question: what's the most principled way to design a system for preserving meaning and information across cosmological timescales? It's a seven-layer thought experiment spanning hardware fault-tolerance up to epistemic grounding — written and shared as theoretical exploration, not as a validated physical model.

Thought experiment Information theory Status: theoretical
Read the framework

Self-taught. In public. One repo at a time.

01

Learn by shipping

Every project here started as "can I get this to actually run" — the governance layer exists because I wanted to trust my own agent sessions.

02

Publish the failures too

Changelogs stay visible, including the bugs that got fixed along the way. A v8.0 with an honest history is worth more than a v1.0 that hides its mistakes.

03

Keep speculation labeled

Production tools and open-ended thought experiments live side by side here — clearly marked, so you know which is which.