Projects

Things I've built, mostly related to AI security and infrastructure tooling. Some are production systems, some are research tools.

MCP OAuth Framework

production
PythonOAuth 2.0Model Context ProtocolPKCEStarlettePostgreSQL

An OAuth 2.0 framework for protecting MCP servers. Ships as three pip-installable packages: auth server, resource server, and a runnable example.

  • Authorization server with PKCE, dynamic client registration, and RFC 6749 errors
  • Resource server with RFC 7662 introspection and SSRF protection
  • Sliding-window rate limiting at the token endpoint, friction control on tool calls
  • Runnable example with Claude Code, Claude Desktop, and Cursor configs
Learn more → GitHub →

TaskManager

production
AstroNode.jsPostgreSQLOAuth 2.0PythonMCP

A task manager built around a real OAuth 2.0 auth server. Includes a Python SDK and MCP server, so my AI agents can manage tasks too.

  • Full OAuth 2.0 authorization server with PKCE support
  • Security testing suite with Vitest
  • Python SDK with complete API coverage
  • MCP server for integration with LLM frontends
Learn more → GitHub →

SMS Communications Suite

production
GoPythonGSMSerial CommunicationTyperThreading

Send and receive SMS through GSM modems. Includes CLI tools and libraries in both Go and Python.

  • Cross-platform GSM modem interface (Go + Python)
  • Interactive CLI chat interface
  • Integrates with TaskManager for out-of-band alerts
  • Solid error handling and connection management
Learn more → GitHub →

ReMarkable Research Toolkit

production
PythonGormapiAnthropic ClaudearXiv APIPDF Processing

Tools for managing research papers on reMarkable tablets. Uses AI to classify and sort them automatically.

  • AI-powered research paper classification
  • Zero-config rmapi binary management
  • Integrates with TaskManager for research workflows
  • PDF processing pipeline with content validation
Learn more → GitHub →

Prompt Injection Defense Benchmark

completed
PythonAnthropic ClaudeOpenAI GPT-4oGoogle GeminiDeepSeekLlamaLLM-as-judge

Empirical benchmark across 8 LLMs, 6 defenses, and 7 attack types — 10,080 tests measuring whether the phrasing of system-prompt defenses actually changes injection rates.

  • 10,080 tests across 8 models × 6 defenses × 7 attacks (30 runs per combo)
  • Found a 5x phrasing effect: 'log and ignore' beats 'simply ignore' on weak models
  • Combined defense (sandwich + XML + log-and-ignore) hits 1.0% injection rate
  • Identified few-shot poisoning as the only attack that bypasses strong defenses (29.5%)
Learn more → GitHub →