Skip to content
View raya-ac's full-sized avatar
☺️
engram is live
☺️
engram is live
5 followers · 2 following

Achievements

Achievement: Pull Shark

Achievements

Achievement: Pull Shark

Highlights

Block or report raya-ac

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
raya-ac/README.md

raya

security research, agent memory, origin servers, evidence rooms, native Mac apps, and tools that usually start as "this should exist"

site layerline verge report memorylayer engram secpulse kiln

security research agent memory native macOS origin servers source-bound research

I build security tools, memory infrastructure for agents, origin-server software, and Mac apps. A lot of it comes from getting annoyed at existing tooling and deciding to make the version I wanted.

Now

Shipping

  • Layerline - a Zig origin web server with static serving, PHP/FastCGI, reverse proxying, TLS, HTTP/2, admin controls, and in-tree HTTP/3 work. It serves layerline.dev.

  • Verge Report - source-bound evidence workspace with subdomain surfaces for documents, courts, releases, intake, privacy, media handling, claims, networks, timelines, sources, and review.

  • Memorylayer - hosted Engram workspaces, GitHub login, API keys, ingestion, usage tracking, and a small MCP-style bridge.

  • Engram - persistent memory for agents, with retrieval, graph context, MCP tools, and PyPI releases.

  • Kiln - a native macOS front-end for agent CLIs, now with Claude and Codex support.

  • SecPulse - responsible disclosure and secret triage tooling. SecPulse and Keyleak are the same line of work now.

Security Research

  • Apple Security Research reports accepted.

  • Apple work tagged for Spring 2026.

  • 26 reports across Apple SRDP, HackerOne, Bugcrowd, and direct disclosure.

  • Usual rabbit holes: CORS, authz, sandboxing, client-side bugs, exposed secrets, and weird platform behavior.

  • Source-bound public research surfaces are becoming their own lane now: more receipts, fewer vibes.

Projects

project what it is status
Layerline Zig origin web server for static sites, PHP/FastCGI, reverse proxying, TLS, admin controls, HTTP/2, and in-tree HTTP/3 work. serves layerline.dev
Verge Report Evidence workspace and dossier site with canonical subdomains for document families, court records, releases, source intake, review lanes, claims, networks, timelines, and public data contracts. live
Verge Shared chamber and public evidence workspace. The Port Pirie surface is a source-bound network index with claim threads, receipts, source registers, map context, and an audit trail. live at verge.raya.ac
Memorylayer Hosted service layer for Engram: workspaces, API keys, ingestion, usage logs, starter skills, and a dashboard. live at memorylayer.run
Engram Memory system for agents. Hybrid retrieval, MCP tooling, graph context, docs, and benchmarks. active
Kiln Native macOS app for agent CLIs like Claude Code and Codex. Local files, chat, approvals, sessions, model controls, and release tooling. active
SecPulse Responsible disclosure platform and secret triage stack. This is where Keyleak work lands now. live
Warden Remote control stack over Tailscale, with agent, CLI, web UI, and Mac app pieces. active
payphone-territory Messaging and communications infrastructure. Twilio-shaped, but getting broader. active
sigint Monitoring and situational-awareness tooling, plus a few jokes that probably went too far. active
eero-mac Native macOS app for managing eero WiFi networks. active
ember-cpu 32-bit CPU from scratch with assembler, C compiler, JIT, and DOOM. systems project

GitHub Snapshot

visible repos counted  45
owned non-fork repos   39
source lines           773,425  non-fork
source lines           8,629,270 including forks
largest own repo       raya-monitor
large forks            wine, Proton

The fork-inclusive number is mostly upstream Wine and Proton. The non-fork number is the one I would use when talking about my own projects.

What I Work With

languages      python  html/css  typescript  javascript  swift  go  zig  rust  bash
apple          swiftui  appkit  app sandbox  xpc  metal  xcode
security       burp  nuclei  custom scanners  disclosure workflows  source registers
agents         mcp  retrieval  embeddings  memory systems  local models
infra          postgres  docker  cloudflare  tailscale  vps  layerline  nginx/caddy

Security Work

accepted Apple Security Research reports
Spring 2026-tagged Apple reports
26 total reports across Apple SRDP, HackerOne, Bugcrowd, and direct disclosure
targets include Apple, Netflix, Coinbase, Stripe, Monzo, Twilio, Grab, and Atlassian
tools built along the way: SecPulse, Keyleak, ashforge, secprobe, bountytoolkit

Working Style

  • I like native apps when they make sense. Web wrappers usually annoy me.
  • I care about tools feeling fast, direct, and a little overbuilt in the right places.
  • Security research keeps pulling me into infrastructure. Agent work keeps pulling me back into memory and retrieval.
  • Evidence work keeps teaching me that the boring part matters: source boundaries, repeatable builds, and public data that can be checked.
  • I prefer shipping something real, then sanding down the rough edges in public.

Current Focus

  • Making Layerline good enough to keep replacing the boring parts of my edge stack.
  • Expanding Verge Report without letting it become a pile of screenshots and claims nobody can audit.
  • Making Memorylayer feel like a real hosted memory service for agents.
  • Keeping Engram useful locally and hosted, without turning it into a fake SaaS abstraction.
  • Turning Kiln into the Mac app I want for Claude, Codex, and whatever agent CLI comes next.
  • Building SecPulse into a cleaner disclosure workflow with useful security tooling around it.
  • Continuing Apple security research as accepted reports move through seasonal tagging.

site · layerline · verge report · memorylayer · engram · secpulse · kiln

Ask me about macOS internals, sandboxing, agent memory, or why I keep starting infrastructure projects at 2am.

Pinned Loading

  1. engram engram Public

    Memory system for AI agents with hybrid retrieval, MCP tooling, and LongMemEval-leading performance.

    Python 1

  2. neuro-memory neuro-memory Public

    4-Layer Cognitive Memory System for AI Agents

    Python

  3. kiln kiln Public

    A native macOS app for agent CLIs like Claude Code and Codex. SwiftUI, Swift 6, Apple Silicon + Intel.

    Swift 1

  4. Layerline Layerline Public

    Origin-surface Zig web server with virtual hosts, PHP/FastCGI, reverse proxying, TLS, admin controls, HTTP/2, and in-tree HTTP/3 work.

    Zig 1