Skip to content
View sambegui's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report sambegui

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
sambegui/README.md

hey, i'm sam 👋

Platform & infrastructure engineer — I care most about the messy, manual, hard-to-hand-off work that quietly breaks operations, across CI/CD, identity, endpoints, APIs, and AI-agent systems.

Four years building internal tooling and automation in IT/operations; now focused on platform, infrastructure, and agent-infrastructure work, where reliability, security, and clean handoffs matter.

start here 📌

A public reference architecture for governing untrusted autonomous AI-agent workloads.

  • Isolation substrate — nested-virt golden VM + ephemeral Kata microVMs
  • Promotion control plane — dry-run by default, cosign-signed + digest-pinned releases, drift detection, rollback receipts
  • Governance overlay — risk tiers L0–L5, fail-closed tool allowlists, default-deny egress, audit trails
  • Threat model — documented STRIDE/PASTA

Scoped honestly as a validated walking skeleton, not a product. → agent-vm.sabe.dev

Two open PRs to the NousResearch agent runtime:

  • #45460 — hardening Google Meet live caption capture
  • #44155 — fixing concurrent /model picker state collisions and stale Gemini context-length caching in the Telegram adapter

what i work with

Languages · Python · Bash · PowerShell · JavaScript Platform / Infra · GitHub Actions (CI/CD) · Linux (Debian) · KVM / microVMs · nftables · AppArmor Identity / Endpoints · Okta · JumpCloud · SAML / SCIM · Intune / MDM · Google Workspace · M365 Agent / API · OpenAPI · MCP

currently

Open to platform / infrastructure / internal-tools / agent-infrastructure roles — and forward-deployed / solutions roles at AI companies. Based in Miami, FL.

🔗 begui.me · linkedin.com/in/sambegui

Pinned Loading

  1. BoundaryKit BoundaryKit Public

    Secure, agent-agnostic platform for hosting multiple AI agents — isolation substrate + promotion control plane + production governance

    HTML

  2. NVIDIA/NemoClaw NVIDIA/NemoClaw Public

    Run agents like Hermes and OpenClaw more securely inside NVIDIA OpenShell with managed inference

    TypeScript 21.5k 2.9k

  3. hermes-agent hermes-agent Public

    Forked from NousResearch/hermes-agent

    The agent that grows with you

    Python