Skip to content
View bdelanghe's full-sized avatar

Highlights

  • Pro

Block or report bdelanghe

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
bdelanghe/README.md
Robert DeLanghe — Bounded authority for AI agents

I make it safe to let AI agents write and ship real code.

I build Bounded Systems — infrastructure for letting AI agents do real engineering work without handing them unbounded authority. The bet: draw the boundary at the door — a scope-bounded set of capabilities an agent acts through — not the process, not the container.

Start here → robertdelanghe.dev — the thesis, and how it's built.

  • 🚪 guest-room — the capability model in one library: rooms & doors, specs that run as tests.
  • 🤖 prx — the agent-run work-unit CLI + the @bounded-systems/* capability libraries.
  • 🌐 bounded.tools — what Bounded Systems is, in one page.

Recurse Center alum in Brooklyn, NY — happiest pairing on a hard problem. Came up through dev containers, state machines (xstate), and design tokens.

More work

Featured

  • ssh-doctor — A Bash script that diagnoses SSH setup issues and provides streamlined troubleshooting 🩺🔧 Shell
  • first-pass — A CLI tool that enhances your resume creation, aligns skills with job descriptions, and guides in building evidence-backed points 🚀📝 TypeScript
  • git-tidy — Flags local branches merged via PR but diverged from their merged state — keeps your repo tidy. Go
  • synoptic-github — A dynamic template that auto-updates your README to showcase all your GitHub projects, offering a concise overview of your coding journey 🌟✨ TypeScript
All public repositories — grouped by topic · auto-updated 2026-07-03

capability-security

  • installer — Spec-driven provisioning: install/doctor as VerbSpec verbs, effects delegated to capability seams TypeScript
  • cf-oidc-token-broker JavaScript
  • seam-check — Declare and prove a package's seam claim — allowed imports + zero ambient authority — with a coverage meta-check. The extractability harness, productized. TypeScript
  • trust — Bounded Systems Trust Center — a public, grep-verifiable claims ledger (verifiable, not attested). HTML
  • dev-registry — Local-first, OCI-compatible container registry + devcontainer build system, with Git/MCP integration and build traceability. Shell

agent-infra

  • prx — The agent-run work-unit CLI: capability-scoped agents whose every privileged effect is verified against its signed owner, driving a work unit through one signed pipeline to a merged PR. TypeScript
  • claude-box — A capability-secured box for agent sessions — its authority is the door references it holds (keeper/scout/concierge/net), parent-agnostic. TypeScript
  • guest-room — Guest-agnostic room+door capability runtime — the core library claude-box is built on. TypeScript
  • gh-project-room — Front Desk projection + sync room for bounded-systems (org project #2) TypeScript

ai

  • mcp-conversations-sqlite — SQLite store for MCP (Model Context Protocol) conversation history TypeScript
  • string-audit — Cost-aware, grounded content auditor — typed string symbols, type-scoped audits, CAS-memoized LLM calls. JavaScript
  • claude-token-tools — Claude Code token-saving toolkit — model-usage auditor + home-manager module JavaScript
  • bdelanghe-claude-skills — Claude Code skills and plugins for AI-assisted engineering workflows

developer-tools

infrastructure

  • facilities — Nix facilities for bounded-systems — shared flakes, devshells, and build substrate. Nix

design-tokens

  • site — robertdelanghe.dev — software-engineering portfolio (synoptic v2) JavaScript
  • site — The bounded.tools website — static, built on @bounded-systems/brand JavaScript
  • brand — Bounded Systems brand — W3C design tokens, self-hosted fonts, the mark, and ready-to-link CSS. JavaScript

experiment

  • fold-engine — Linked-data engine for an Obsidian vault — JSON-LD / schema.org structure over notes. HTML
  • flask-mysql-ngrok — Bare-bones Flask + MySQL todo app with ngrok, set up with devenv. HTML
  • lean-to — tiny vite project TypeScript

agents

  • lone — Semantic blessing engine for DOM subtrees — untrusted element trees become typed Blessed / Finding[] across a stable contract boundary. TypeScript
  • door-peercred — SO_PEERCRED helper for launcherd (Rust) — extracted from claude-box; a launcherd helper, not a door Rust
  • door-concierge — concierged — the capability-introducer door, as a pinned OCI image (extracted from claude-box) TypeScript
  • door-scout — scoutd — the external-read capability door, as a pinned OCI image (extracted from claude-box) TypeScript
  • door-keeper — keeperd — the git-signing capability door, as a pinned OCI image (extracted from claude-box) TypeScript
  • door-net — netd — the allowlist-egress capability door, as a pinned OCI image (extracted from claude-box) TypeScript
  • door-kit — In-box door-client SDK for claude-box's capability doors (keeper/scout/concierge/spawn), over the guest-room protocol TypeScript
  • ocap-provenance — Capability-use provenance — a schema + SLSA mapping binding each privileged effect to a signed owner and an auditable chain. TypeScript

other

  • fleet — Auto-generated fleet status board for bounded-systems (synoptic Layer 2 — live CI/PR/issue board)
  • gh-action-brand-checks — Brand token, meta, a11y, and content-token gate against the @bounded-systems/brand system
  • gh-action-node-uniqueness — Node.js identity-key uniqueness gate — no identity key may repeat in any data cut
  • gh-action-contracts — Deno pull-shape contract gate — validates page-data cuts against typed Zod contracts
  • cas — Content-addressable storage substrate: bytes addressed by their SHA-256 digest, with a storage-agnostic blob-store port TypeScript
  • conformance — Org/repo conformance as code — the default-branch standard (rulesets-as-JSON) + an audit that scores every repo. Complements conformance-kit (site content) and fleet (live status). JavaScript
  • conformance-kit — Standalone web-conformance toolkit — integrity (provenance/manifest/verify) + conformance gates (SBOM, SHACL runner, SEO/readability/HTTP, lone semantic) + generators (static API/OpenAPI, did:web/VC, IPFS CID). Site-agnostic; vendored hash-pinned by consuming sites. JavaScript
  • mint — Deterministic versioning — intent files in, signed release out. A seam over semver. JavaScript
  • deploy — bounded.tools DNS-as-code (reviewer-gated, OIDC-brokered) JavaScript
  • env — The one sanctioned reader of process.env, routing ambient config through capability imports TypeScript
  • anchored-chain-sqlite — SQLite/Drizzle-backed implementation of the anchored-chain stores TypeScript
  • anchored-chain — Derivation chain with contract validation, signing, lineage tracking, and invalidation TypeScript
  • audit-context — Ambient runtime context for gh-call audit attribution (verb, actor, truth reason) TypeScript
  • fs — Filesystem capability seam; the one allowed filesystem-access point with an injectable FileSystem TypeScript
  • gh — GitHub CLI wrapper with policy enforcement, rate-limit gating, and budget audit logging TypeScript
  • auth — Service-credential resolver (GitHub, Notion) through a single sanctioned access point TypeScript
  • git — Git CLI wrapper with policy enforcement and stale-lock recovery TypeScript
  • bd — Typed interface to the beads CLI with policy enforcement and short-ID guards TypeScript
  • github-budget — Rate-limit-aware gh wrapper with bucket classification, pre-call gating, and audit trail TypeScript
  • machine-schema — Brands, handoff envelope, and state/phase/invariant primitives for work-unit machines TypeScript
  • policy — Tool-policy engine enforcing subcommand allowlists by tool, state, and role TypeScript
  • proc — The one allowed subprocess spawn point, routing external-tool invocations through a capability TypeScript
  • repo-root — Repo-root resolution capability: lazy git-based runtime root plus the eager .git-marker walk for build/codegen, the one sanctioned root-resolution point TypeScript
  • disposition — Pure classifier mapping work-unit surface state to a disposition (ok/prune/repair/review) TypeScript
  • host — The one sanctioned reader of host/OS ambient state (home dir, temp dir, hostname), routing ambient authority through capability imports TypeScript
  • schema-gen — Project zod schemas to explicit, fast-types-clean TypeScript (zod → JSON Schema → .d.ts) TypeScript
  • scout — Content-addressed surface reads (file/grep/files) with anchored-chain provenance TypeScript
  • slack — Policy-gated, provenance-tracked Slack read surface: bounded read ops behind a swappable transport port, with keymaker-minted scoped credentials TypeScript
  • surface-sync — Type ontology for work-unit change-detection across GH/branch/worktree/tmux/beads TypeScript
  • verbspec — Spec-driven CLI core: author a verb once as a typed VerbSpec, project it to CLI, MCP, OpenAPI, and Anthropic tool surfaces TypeScript
  • static-mcp — @bounded-systems/static-mcp — serve VerbSpec verbs as a Sigstore-verified static-response MCP server. TypeScript
  • site-mcp — MCP server over robertdelanghe.dev's signed static API — read-only, verifies responses against the site's content-addressed manifest. TypeScript
  • bounded-tools-mcp — MCP server over bounded.tools' signed static API — a static-mcp implementation TypeScript
  • baobab — Configurable design-system structure — no defaults. brand is its exact pinning (the token set); components are a11y-specced by lone. TypeScript
  • bounded.tools — GitHub App receiver + setup endpoint for prx (bounded-systems-prx) TypeScript
  • verify — @bounded-systems/verify — standalone zero-dep offline Sigstore-bundle verifier. Published to JSR keyless via OIDC. JavaScript
  • deploy — robertdelanghe.dev DNS-as-code (reviewer-gated, OIDC-brokered) JavaScript
  • brand — Robert DeLanghe — personal brand. A pinning of bounded-systems/baobab: the token set (colors, type, space) the structure renders. JavaScript
  • less-software-flake — Nix flakes for georgemandis' less.software suite — Zig CLIs over native macOS APIs (one mkZigMacTool helper) Nix
  • git-ai-flake — Nix flake packaging git-ai (local-first AI authorship tracking for git) Nix
  • tezcatl-flake — Nix flake packaging tezcatl (headless macOS WebKit renderer CLI) Nix
  • content-catalog — Org-wide content token catalog — aggregated from opted-in repos, gated and attested by string-audit JavaScript
  • lobby — Offline Obsidian vault (Copilot+Ollama) — drafts become robertdelanghe.dev posts JavaScript

Let's build something bounded. 🤝

Pinned Loading

  1. bounded-systems/git-ast bounded-systems/git-ast Public

    Language-aware Git: a clean/smudge design for AST-based diffs & merges. Design stage — spec + compiling skeleton, not yet a working tool.

    Rust

  2. bounded-systems/prx bounded-systems/prx Public

    The agent-run work-unit CLI: capability-scoped agents whose every privileged effect is verified against its signed owner, driving a work unit through one signed pipeline to a merged PR.

    TypeScript 1

  3. bounded-systems/door-kit bounded-systems/door-kit Public

    In-box door-client SDK for claude-box's capability doors (keeper/scout/concierge/spawn), over the guest-room protocol

    TypeScript

  4. bounded-systems/guest-room bounded-systems/guest-room Public

    Guest-agnostic room+door capability runtime — the core library claude-box is built on.

    TypeScript