I build narrow open-source proofs for AI agent accountability and governance. The work is organized around specific seams where agent systems fail: instruction intake, pre-execution policy, governed execution, delegated authority, bonded human judgment, substrate, and adversarial pressure. Each repo makes a deliberately small claim and stays local-first when possible.

If you're new, use this order:

1. agentgate-governed-writefile-demo — the fastest outsider-readable proof path through governed write_file
2. agentgate-mcp-firewall — the verification layer that checks whether governed filesystem calls produced the effects they claimed
3. agentgate — the deeper accountability substrate underneath that path

• governed-repo-intake — local deterministic intake gate for instruction-bearing repo surfaces; explicit human acknowledgment is required before approval, and approval is not a safety verdict

• ActionProof — deterministic allow/deny gate for one credentialed tool request before execution; asks whether a call should happen at all
• SecretBoundary — deterministic gate for one outbound webhook-style payload crossing explicit secret boundaries before execution

• agentgate-governed-writefile-demo — smallest outsider-readable proof path through governed write_file: intended call, real on-disk effect, and inspectable audit artifacts
• agentgate-mcp-firewall — thin governance proxy; on its current shipped proof surfaces it independently verifies two narrow filesystem effects (write_file and delete_file) instead of trusting upstream success claims

• agentgate-delegation-proof — bounded delegated authority with a checkpointed execution path and a local append-only transparency log; not tamper-evident anchoring

• agentgate-bonded-email-rewriter — bonded rewriting where a human approve/reject judgment settles the outcome
• agent-007-bonded-email-triage — bonded inbox triage where exact-category human correction settles the outcome

• agentgate — collateralized execution engine and accountability substrate underneath much of the ecosystem

• agentgate-red-team-simulator — adversarial pressure against AgentGate from the outside
• agentgate-recursive-verifier — recursive proof-oriented verifier; its strongest public path right now is pre-build API spec auditing
• agentgate-incentive-wargame — stress-tests incentive systems under adversarial adaptive strategies
• agentgate-epistemic-poisoning — poisoning simulation around decision integrity under bond
• restarules — machine-readable venue conduct rules for agents

AgentGate is the substrate. Some repos govern what instruction-bearing material gets admitted before work starts. Some ask whether a tool call should happen at all. MCP Firewall then handles a narrower and different question: whether a governed filesystem call produced the effect it claimed after execution on its current proof surfaces. Other repos explore bounded delegation, bonded human judgment, or adversarial pressure. The point is layered narrow proofs, not one giant framework.

For the fastest concrete entry point, start with agentgate-governed-writefile-demo. If you want the current filesystem verification layer behind that demo, read agentgate-mcp-firewall next. If you want the deeper engine underneath both, read agentgate after that. It is the substrate, not the first repo most cold visitors should begin with.

• agentgate-bonded-file-transform — early deterministic verification proof on the same substrate
• agentgate-bonded-file-guardian — command-based file verification with rollback on failure