Research & contributions

Things I've had to work out to ship.

Open source, whitepapers, and writing on problems I think the industry is getting wrong. The rule for anything published here: I had to solve it myself to make something I was building work. No second-hand takes, no re-treads.

Whitepaper Open Source MCP · Security April 2026

Agent Vault

Human-in-the-loop secret access for AI coding agents.

AI coding agents are increasingly capable — they run migrations, hit APIs, deploy services. But the way we currently give them credentials is alarming: pre-loaded sandboxes, copy-pasted secrets in chat, service accounts with blanket vault access. Each approach violates security principles the industry spent decades establishing.

Agent Vault is an MCP server that sits between the agent and your password manager. When the agent needs a secret, a unique approval link appears on your phone — tap approve and the agent gets the value, deny and it doesn't. The agent blocks until you answer. Works with 1Password, env files, and any MCP-compatible client (Claude Code, Cursor, Windsurf).

The security whitepaper covers the full threat model and architecture — including a known-broken case (co-located agent self-approval) and the path to closing it. It's a proof of concept, openly documented, with the gaps spelled out rather than hidden.

Why it matters: the industry has robust tools for storing secrets and controlling which systems can access them. It has no standard mechanism for controlling when and why an AI agent accesses a secret, with human oversight at the point of access. Agent Vault is one answer.

View on GitHub → Read the whitepaper →

More pieces in progress.

Follow along on GitHub, or get in touch if there's a problem you want me to look at.