Kubernetes Operator based on the open-source container vulnerability scanner Trivy.

A hands-on lab toolkit for container security, from CIS-benchmark fundamentals to architectural trust governance. 12 production-grade labs covering image hardening, signing, supply chain attestation, admission control, and runtime debugging. Built from real Fortune 500 cluster experience.

A focused async bulkhead for Java that limits in-flight work and makes overload visible.

SimpleTicketing is a lightweight digital ticketing system for non-profit organizations.

Agent Gate Incident Replay is a browser-runnable blackbox replay runtime for Agent incidents. It restores a real VM state in the browser with [v86](https://github.com/copy/v86), mounts an incident module, and replays the agent's actions against real runtime boundaries and real Agent Gate verdicts.

面向生产的 OpenResty 流量网关模板，支持热点活动流量保护、等待室准入、关键链路保护与可复用策 略控制。

Typed, zero-dependency bulkhead and bounded-concurrency library for Python asyncio, with FIFO queues, deadlines, metrics, and weighted capacity.

Chaosify is a Kubernetes security testing CLI that proves your admission controls, RBAC policies, network segmentation, and runtime detection actually work by running targeted tests against a live cluster and producing structured evidence.

Interactive simulator for understanding how systems behave under load. Compare fail-fast vs bounded queue admission control and see why queues hide overload instead of solving it.

🔐 Zero-trust Kubernetes manifests | ArgoCD | Kyverno Policy Enforcement | NetworkPolicies | GitOps Best Practices

Fail-fast admission control for async systems. Reject overload early instead of hiding it behind queues.

Admission Control of Network Slice Requests in 5G

External admission gate for GitHub Actions.

Execution boundary for GitHub pull requests that interprets repository mutations before CI enforcement.

Local admission control for AI agent memory writes

AI Admissibility Action: external controlled negotiation protocol (CNP) for automated and AI-driven actions. This gate decides whether execution may continue.

Protect expensive or fragile HTTP dependencies by limiting how many calls are allowed in flight at once.

Fail-fast concurrency and token budget enforcement for LLM workloads.

AI Admissibility Boundary reference surface for the external admit authority model and its proof meaning.