Two banners fly here. Own Your Agent Security — govern what your agents are allowed to do. Own Your Stack — own the AI infrastructure they run on instead of renting it by the token. Related, but not the same question — and each gets its own answer.
Don't trust agents by default. A firewall for every agent tool call, a supply-chain gate for every skill, leases instead of raw keys, a governed browser between the agent and the open web — one layered defense, running in production here.
| redstamp | own your agent security — a firewall for every agent tool call: blocks RCE, secret-exfil, SSRF, and prompt-injection / poisoned MCP tools, with a tamper-evident audit | |
| truecopy | own your agent skills — vet, sign & pin every skill & MCP server before it runs; drift detection catches a poisoned or silently-updated tool before it ever loads | |
| strongroom | own your agent secrets — an encrypted vault that hands agents scoped, short-lived, single-use leases instead of raw keys; the key never enters the agent's context, and every access is audited | |
| fieldpass | own your agent browser — a governed browser for agents: an indirect-prompt-injection firewall, an action gate, and an LLM judge between the agent and the open web, so a hostile page can't hijack the session |
redstamp · truecopy · strongroom compose into one layered defense → agent-security-stack — vet the tool, contain the call, give it a key it never holds.
One subscription. Your box. Your terms. You were sold a meter — intelligence rented by the token, your data through someone else's pipes, your tools on someone else's roadmap and someone else's pricing meeting. I'm building the opposite: a stack you actually own. The open tools are the door; a real autonomous studio running in production is the proof — the unfinished parts included.
| dario | own your routing — your Claude subscription in any tool (Cursor, Cline, Aider, the Agent SDK), at subscription pricing, not per-token bills | |
| hybrid | own your inference — local-first LLM routing: answer the easy majority on a small local model, escalate only the genuinely hard queries to the frontier; nothing paid or sent off your machine for the rest | |
| deepdive | own your research — a local agent that plans, searches, reads, and synthesizes a cited answer, through your own router | |
| hands | own your computer-use — your LLM on your own mouse, keyboard, and screen, with an audit log of everything it does | |
| cordon | own your prompts — a PII-redacting gateway that fails closed: strip or reversibly tokenize names, emails, and secrets before a prompt ever reaches a model, so your sensitive data never leaves your perimeter | |
| browser-bridge | own your browser — stealth headless Chromium in a container, CDP on your own endpoint | |
| amnesia | own your search — privacy-first metasearch, 155 engines at once, zero tracking, no AI, VPN-tunneled | |
| askalf | own your operation — the AI operation that runs Sprayberry Labs on this exact stack: an orchestrator and twenty-plus specialist agents, one human approving what matters. Not a product — the register (the roster, the rules, the live minutes) is public | the register → |
More of the stack → ownyourstack.sprayberrylabs.com
Sprayberry Labs is the software studio with one human on staff — and a lab in the literal sense: every claim above traces to a merged PR, a release, or a measured incident. Some of the write-ups:
- We scanned the marketplace that started the poisoned-skills panic — all 66,541 ClawHub skills poison-scanned with truecopy: zero confirmed malicious, 813 deterministic alarms, every one checked and mapped
- The leaderboard I refused to build — why an agent-firewall leaderboard would be a category error; a threat-model map instead, with redstamp's own benchmark numbers shown, misses included
- Auditing the skills supply chain — truecopy run across 2,019 published Claude skills: what a real marketplace audit finds, and doesn't
- Zero raw credentials — migrating a live agent fleet from 132 inherited environment keys to strongroom leases, one seam at a time
- An injection firewall for the agentic browser — why the lethal trifecta is structural, and how fieldpass gates it
- A self-healing release pipeline — how dario ships, health-gates, and rolls itself back
- Redstamp governing third-party frameworks — CrewAI · LangGraph · OpenAI Agents SDK · AutoGen, each with a runnable public example in askalf/redstamp
Full engineering log → sprayberrylabs.com/blog
It's hard, and it's not finished — that's the point. The value isn't a demo; it's the scars from running agents in production for real. I write down what actually happens.
I'm Thomas Sprayberry — 20 years of engineering, from solo founders to Fortune 500. I run Sprayberry Labs, the software studio with one human on staff: askalf — the AI operation built from the tools above — ships the code, reviews the pull requests, verifies the findings, and watches production. I architect, review, and sign everything that leaves the shop.
Portfolio → thomas.sprayberrylabs.com
Own Your Stack · Own Your Agent Security · the operation · sprayberrylabs.com · @ask_alf · hello@sprayberrylabs.com





