I build Bounded Systems — infrastructure for letting AI agents do real engineering work without handing them unbounded authority. The bet: draw the boundary at the door — a scope-bounded set of capabilities an agent acts through — not the process, not the container.
Start here → robertdelanghe.dev — the thesis, and how it's built.
- 🚪 guest-room — the capability model in one library: rooms & doors, specs that run as tests.
- 🤖 prx — the agent-run work-unit CLI + the
@bounded-systems/*capability libraries. - 🌐 bounded.tools — what Bounded Systems is, in one page.
Recurse Center alum in Brooklyn, NY — happiest pairing on a hard problem. Came up through dev containers, state machines (xstate), and design tokens.
All public repositories — grouped by topic · auto-updated 2026-06-22
- ocap-provenance — Capability-use provenance — a schema + SLSA mapping binding each privileged effect to a signed owner and an auditable chain.
TypeScript - door-kit — In-box door-client SDK for claude-box's capability doors (keeper/scout/concierge/spawn), over the guest-room protocol
TypeScript - lone — Semantic blessing engine for DOM subtrees — untrusted element trees become typed Blessed / Finding[] across a stable contract boundary.
TypeScript - door-peercred — SO_PEERCRED helper for launcherd (Rust) — extracted from claude-box; a launcherd helper, not a door
Rust - door-concierge — concierged — the capability-introducer door, as a pinned OCI image (extracted from claude-box)
TypeScript - door-scout — scoutd — the external-read capability door, as a pinned OCI image (extracted from claude-box)
TypeScript - door-net — netd — the allowlist-egress capability door, as a pinned OCI image (extracted from claude-box)
TypeScript - door-keeper — keeperd — the git-signing capability door, as a pinned OCI image (extracted from claude-box)
TypeScript - dev-registry — Local-first, OCI-compatible container registry + devcontainer build system, with Git/MCP integration and build traceability.
Shell
- prx — The agent-run work-unit CLI: capability-scoped agents whose every privileged effect is verified against its signed owner, driving a work unit through one signed pipeline to a merged PR.
TypeScript - guest-room — Guest-agnostic room+door capability runtime — the core library claude-box is built on.
TypeScript - gh-project-room — Front Desk projection + sync room for bounded-systems (org project #2)
TypeScript - claude-box — A capability-secured box for agent sessions — its authority is the door references it holds (keeper/scout/concierge/net), parent-agnostic.
TypeScript
- claude-token-tools — Claude Code token-saving toolkit — model-usage auditor + home-manager module
JavaScript - bdelanghe-claude-skills — Claude Code skills and plugins for AI-assisted engineering workflows
- first-pass — A CLI tool that enhances your resume creation, aligns skills with job descriptions, and guides in building evidence-backed points 🚀📝
TypeScript - mcp-conversations-sqlite — SQLite store for MCP (Model Context Protocol) conversation history
- synoptic-github — A dynamic template that auto-updates your README to showcase all your GitHub projects, offering a concise overview of your coding journey 🌟✨
TypeScript - dev-contracts-spec — Zod schemas and types for dev-contracts
TypeScript - git-ast — Language-aware Git: AST-based diffs and merges instead of line-based — cleaner history, fewer conflicts.
Rust - frond — JS/TS round-trip validation with Deno + SWC: parse to an AST and regenerate source to check fidelity.
TypeScript
- ssh-doctor — A Bash script that diagnoses SSH setup issues and provides streamlined troubleshooting 🩺🔧
Shell - git-tidy — Flags local branches merged via PR but diverged from their merged state — keeps your repo tidy.
Go
- facilities — Nix facilities for bounded-systems — shared flakes, devshells, and build substrate.
Nix
- site — robertdelanghe.dev — software-engineering portfolio (synoptic v2)
JavaScript - site — The bounded.tools website — static, built on @bounded-systems/brand
HTML - brand — Bounded Systems brand — W3C design tokens, self-hosted fonts, the mark, and ready-to-link CSS.
JavaScript
- imdb-kaggle — TMDB keyword sentiment pipeline (SCL lexicon to per-movie valence), run monthly via GitHub Actions and published to Kaggle.
Jupyter Notebook
- flask-mysql-ngrok — Bare-bones Flask + MySQL todo app with ngrok, set up with devenv.
HTML - fold-engine — Linked-data engine for an Obsidian vault — JSON-LD / schema.org structure over notes.
HTML - unfold-obsidian-vault — An Obsidian vault published as structured, schema.org-annotated content.
- lean-to — tiny vite project
TypeScript
- verbspec — Spec-driven CLI core: author a verb once as a typed VerbSpec, project it to CLI, MCP, OpenAPI, and Anthropic tool surfaces
TypeScript - surface-sync — Type ontology for work-unit change-detection across GH/branch/worktree/tmux/beads
TypeScript - slack — Policy-gated, provenance-tracked Slack read surface: bounded read ops behind a swappable transport port, with keymaker-minted scoped credentials
TypeScript - scout — Content-addressed surface reads (file/grep/files) with anchored-chain provenance
TypeScript - repo-root — Repo-root resolution capability: lazy git-based runtime root plus the eager .git-marker walk for build/codegen, the one sanctioned root-resolution point
TypeScript - proc — The one allowed subprocess spawn point, routing external-tool invocations through a capability
TypeScript - policy — Tool-policy engine enforcing subcommand allowlists by tool, state, and role
TypeScript - machine-schema — Brands, handoff envelope, and state/phase/invariant primitives for work-unit machines
TypeScript - host — The one sanctioned reader of host/OS ambient state (home dir, temp dir, hostname), routing ambient authority through capability imports
TypeScript - github-budget — Rate-limit-aware gh wrapper with bucket classification, pre-call gating, and audit trail
TypeScript - git — Git CLI wrapper with policy enforcement and stale-lock recovery
TypeScript - gh — GitHub CLI wrapper with policy enforcement, rate-limit gating, and budget audit logging
TypeScript - fs — Filesystem capability seam; the one allowed filesystem-access point with an injectable FileSystem
TypeScript - env — The one sanctioned reader of process.env, routing ambient config through capability imports
TypeScript - disposition — Pure classifier mapping work-unit surface state to a disposition (ok/prune/repair/review)
TypeScript - cas — Content-addressable storage substrate: bytes addressed by their SHA-256 digest, with a storage-agnostic blob-store port
TypeScript - bd — Typed interface to the beads CLI with policy enforcement and short-ID guards
TypeScript - auth — Service-credential resolver (GitHub, Notion) through a single sanctioned access point
TypeScript - audit-context — Ambient runtime context for gh-call audit attribution (verb, actor, truth reason)
TypeScript - anchored-chain-sqlite — SQLite/Drizzle-backed implementation of the anchored-chain stores
TypeScript - anchored-chain — Derivation chain with contract validation, signing, lineage tracking, and invalidation
TypeScript - bounded.tools — GitHub App receiver + setup endpoint for prx (bounded-systems-prx)
TypeScript
Let's build something bounded. 🤝