Kubernetes Operator based on the open-source container vulnerability scanner Trivy.

A hands-on lab toolkit for container security, from CIS-benchmark fundamentals to architectural trust governance. 12 production-grade labs covering image hardening, signing, supply chain attestation, admission control, and runtime debugging. Built from real Fortune 500 cluster experience.

A focused async bulkhead for Java that limits in-flight work and makes overload visible.

SimpleTicketing is a lightweight digital ticketing system for non-profit organizations.

Agent Gate Incident Replay is a browser-runnable blackbox replay runtime for Agent incidents. It restores a real VM state in the browser with [v86](https://github.com/copy/v86), mounts an incident module, and replays the agent's actions against real runtime boundaries and real Agent Gate verdicts.

面向生产的 OpenResty 流量网关模板，支持热点活动流量保护、等待室准入、关键链路保护与可复用策 略控制。

Fail-fast admission control for async systems. Reject overload early instead of hiding it behind queues.

Interactive simulator for understanding how systems behave under load. Compare fail-fast vs bounded queue admission control and see why queues hide overload instead of solving it.

Admission Control of Network Slice Requests in 5G

🔐 Zero-trust Kubernetes manifests | ArgoCD | Kyverno Policy Enforcement | NetworkPolicies | GitOps Best Practices

Execution boundary for GitHub pull requests that interprets repository mutations before CI enforcement.

External admission gate for GitHub Actions.

Local admission control for AI agent memory writes

Express middleware for route-level bulkheads and fail-fast overload protection.

Platform-owned autoscaling control plane for Kubernetes, managed via GitOps. Defines safe, opinionated autoscaling contracts using native HPA and KEDA, enforced at admission time with clear ownership boundaries and guardrails. Designed for stability, auditability, and production-aligned behavior in long-lived platforms.

Fair Atomic Governance (Paper 3) — Fairness in admission-controlled multi-agent systems. Proves Sybil amplification, allocation necessity, and strategy-proofness impossibility under per-agent bounded enforcement. Closes the Atomic Governance quartet.

AI Admissibility Action: external controlled negotiation protocol (CNP) for automated and AI-driven actions. This gate decides whether execution may continue.

Fail-fast concurrency and token budget enforcement for LLM workloads.

Protect expensive or fragile HTTP dependencies by limiting how many calls are allowed in flight at once.