Things I’ve built.

A structured way to evaluate a cloud provider's security posture across five signals - Visibility, Identity Granularity, Supply Chain, Org Maturity, and Transparency - plus two cross-cutting lenses: networking, and the agentic amplifier (what changes when an agent, not a human, is holding the credentials).

Packaged as a Claude skill, it compresses a week-long manual audit into roughly a 40-minute pass and emits per-signal CSV deep-dives, a cross-platform comparison matrix, and a written report. The thesis: neocloud problems are cloud problems - name the gaps, build the bridges, hold the line.

Claude Code's auto mode puts a classifier between the agent and its tools. Overseer-in-the-loop is an attempt to build that pattern - and the layers underneath it - entirely on an open-source stack: NVIDIA's NeMo Agent Toolkit as the runtime, NeMo Guardrails as the action classifier, and OpenShell for sandbox policy.

The design is defense-in-depth: the agent's own judgment, a classifier that reasons over conversation context, tool-level guards, and a kernel-enforced sandbox each own an independent failure domain. It survived a red-team pass clean - zero of fourteen escape attempts succeeded.

I'm building it in the open, one layer at a time - start with The Permission Problem.