Thomas Sprayberry

AI Infrastructure · Agent Systems · Platform

Thomas Sprayberry

I build and run an entire software studio on a self-hosted, autonomous AI agent fleet — and I ship the hard infrastructure underneath it: LLM proxying, agent security, and the reliability work that keeps autonomous systems honest.

Everything below links to a real repository or a real post. No slideware.

GitHub ↗ Writing ↓ Email ↗

Selected work

What I've built, in the open.

  1. askalf — a self-hosted AI workforce platform

    An autonomous agent fleet that runs a whole software studio end to end: intake → tickets → specialist agents → pull requests, with its own nervous system, shared memory, and guardrails. I designed it and I operate it daily.

    github.com/askalf ↗ sprayberrylabs.com ↗

  2. dario — your Claude subscription, as an API

    An OAuth LLM proxy that replays Claude Code's wire shape, so any tool — Cursor, Cline, Aider, the Agent SDK — runs on your subscription pool instead of per-token bills. One local endpoint; your traffic stays in the pool.

    github.com/askalf/dario ↗ 289★

  3. Own Your Stack — the agent-security trilogy

    Three composable controls for letting an agent touch real systems without handing it the keys. Vet the tool, contain the call, give it a credential it never holds.

    • warden — a deterministic, offline action firewall that decides what a tool call may do before it runs: green/yellow/red/black risk tiers, secret-exfil and prompt-injection blocking, tamper-evident audit. /warden ↗
    • canon — the supply-chain gate: vet, sign, and pin every skill and MCP server before it loads. /canon ↗
    • keeper — an agent secrets vault that hands out scoped, short-lived, single-use leases instead of raw keys, and audits every access. /keeper ↗

    composed as agent-security-stack ↗

  4. deepdive — a research agent you can trust by construction

    One command, one cited answer: plan → search → headless fetch → extract → synthesize, every call through your own router. Built on deterministic trust signals, because citation-verification alone scores content farms a perfect 1.00.

    github.com/askalf/deepdive ↗ why citation-checking isn't enough ↗

More open source  —  picket (a prompt-injection firewall for any CDP browser), cordon (a PII-redacting LLM gateway), hands (a cross-platform computer-use agent), claude-sync (portable Claude Code sessions), hybrid (a local-first LLM router), amnesia (self-hosted private search). All repositories ↗

Writing — receipts, not think-pieces

Every post is a system I built and broke.

An engineering blog at sprayberrylabs.com/blog — 15+ posts, each grounded in real infrastructure rather than opinion.

Read all posts ↗

About

I work at the layer where AI meets real infrastructure.

Rather than write about agents, I run a fleet of them in production — and I build the proxying, security, and reliability primitives that make that safe to do. The repositories and posts above are the work itself, not a portfolio of it.

I'm drawn to the unglamorous parts: the firewall that has to be deterministic and offline, the proxy that has to stay honest when a provider pulls a model overnight, the audit trail that has to be tamper-evident. If autonomous systems are going to touch anything that matters, that's the work that has to exist first.

Contact

Open to senior AI-infrastructure, platform, and agent-systems roles.

GitHub
github.com/askalf ↗
Email
hello@sprayberrylabs.com
Studio
sprayberrylabs.com ↗
Résumé
PDF — or by email