security research, agent memory, cognition runtimes, origin servers, evidence rooms, native Mac apps, and tools that usually start as "this should exist"
I build security tools, memory and cognition infrastructure for agents, origin-server software, and Mac apps. A lot of it comes from getting annoyed at existing tooling and deciding to make the version I wanted.
|
|
| project | what it is | status |
|---|---|---|
| Layerline | Zig origin web server for static sites, PHP/FastCGI, reverse proxying, TLS, request tracing, structured logs, admin controls, HTTP/2, and in-tree HTTP/3 work. | serves layerline.dev |
| Verge Report | Evidence workspace and dossier site with canonical subdomains for document families, court records, releases, source intake, review lanes, claims, networks, timelines, and public data contracts. | live |
| Verge | Shared chamber and public evidence workspace. The Port Pirie surface is a source-bound network index with claim threads, receipts, source registers, map context, and an audit trail. | live at verge.raya.ac |
| Memorylayer | Hosted service layer for Engram: workspaces, API keys, ingestion, usage logs, starter skills, and a dashboard. | live at memorylayer.run |
| Engram | Memory system for agents. Hybrid retrieval, MCP tooling, graph context, docs, and benchmarks. | active |
| Mythic | Persistent cognition runtime layer for Engram: planner-aware activation, cognitive cycles, reflection records, events, plugins, reinforcement hooks, and session snapshots. | active |
| Kiln | Native macOS app for agent CLIs like Claude Code and Codex. Local files, chat, approvals, sessions, model controls, and release tooling. | active |
| SecPulse | Responsible disclosure platform and secret triage stack. This is where Keyleak work lands now. | live |
| Warden | Remote control stack over Tailscale, with agent, CLI, web UI, and Mac app pieces. | active |
| payphone-territory | Messaging and communications infrastructure. Twilio-shaped, but getting broader. | active |
| sigint | Monitoring and situational-awareness tooling, plus a few jokes that probably went too far. | active |
| eero-mac | Native macOS app for managing eero WiFi networks. | active |
| ember-cpu | 32-bit CPU from scratch with assembler, C compiler, JIT, and DOOM. | systems project |
| Dawnline OS | Arch-based OS scaffold with archiso package groups, rootfs targets, containerized builder flow, and x86_64 / aarch64 / Asahi target planning. | local active |
| Proton / wine | macOS ARM64 port spike around Proton 11 and Wine, with ARM64 container builds, Darwin runtime bring-up notes, and default branch cleanup. | port spike |
visible repos counted 46
owned non-fork repos 40
source lines 777,925 non-fork
source lines 8,633,770 including forks
largest own repo raya-monitor
large forks wine, Proton
The fork-inclusive number is mostly upstream Wine and Proton. The non-fork number is the one I would use when talking about my own projects.
languages python html/css typescript javascript swift go zig rust c/c++ bash
apple swiftui appkit app sandbox xpc metal xcode
security burp nuclei custom scanners disclosure workflows source registers
agents mcp retrieval embeddings memory systems cognition runtimes local models
infra postgres docker cloudflare tailscale vps layerline nginx/caddy
accepted Apple Security Research reports
Spring 2026-tagged Apple reports
26 total reports across Apple SRDP, HackerOne, Bugcrowd, and direct disclosure
targets include Apple, Netflix, Coinbase, Stripe, Monzo, Twilio, Grab, and Atlassian
tools built along the way: SecPulse, Keyleak, ashforge, secprobe, bountytoolkit
- I like native apps when they make sense. Web wrappers usually annoy me.
- I care about tools feeling fast, direct, and a little overbuilt in the right places.
- Security research keeps pulling me into infrastructure. Agent work keeps pulling me back into memory and retrieval.
- Evidence work keeps teaching me that the boring part matters: source boundaries, repeatable builds, and public data that can be checked.
- I prefer shipping something real, then sanding down the rough edges in public.
- Making Layerline good enough to keep replacing the boring parts of my edge stack.
- Expanding Verge Report without letting it become a pile of screenshots and claims nobody can audit.
- Making Memorylayer feel like a real hosted memory service for agents.
- Keeping Engram useful locally and hosted, without turning it into a fake SaaS abstraction.
- Building Mythic as the runtime layer above memory: activation, cycles, reflection, events, and session state.
- Turning Kiln into the Mac app I want for Claude, Codex, and whatever agent CLI comes next.
- Building SecPulse into a cleaner disclosure workflow with useful security tooling around it.
- Continuing Dawnline OS as an Arch-based agent/workstation image instead of a generic distro experiment.
- Continuing Apple security research as accepted reports move through seasonal tagging.
site · layerline · verge report · memorylayer · engram · mythic · secpulse · kiln
Ask me about macOS internals, sandboxing, agent memory, or why I keep starting infrastructure projects at 2am.