DEV Community: YedanYagami

what if MCP servers had a Lighthouse-style security score?

YedanYagami — Tue, 31 Mar 2026 07:33:05 +0000

i've been auditing MCP servers for a few weeks now. 194 packages scanned, 118 had security findings. that's a 60.8% failure rate. and these are the ones people are plugging into their AI agents right now.

the problem isn't that developers are lazy. it's that there's no visibility. when you npm install @some-mcp/filesystem-server, you have zero signal about whether it sanitizes paths, leaks env vars, or shells out with unsanitized input.

we have Lighthouse for web performance. we have Snyk for dependency vulnerabilities. we have nothing for MCP server security.

the proposal: MCP Security Score

a 0-100 score, computed automatically, covering 5 dimensions:

1. input validation (25 pts) -- does the server validate tool parameters before use? or does directory: "../../etc/passwd" just work?

2. execution safety (25 pts) -- shell injection checks. does it use execFileSync with argument arrays or string-concatenated execSync? does python code use shlex.quote()?

3. environment isolation (20 pts) -- does it leak process.env? does it allowlist which env vars it touches? we found 7 packages that console.log(process.env) during startup.

4. dependency hygiene (15 pts) -- known CVEs in transitive deps, lockfile present, pinned versions.

5. output sanitization (15 pts) -- does it prevent sensitive data from flowing back through tool responses into the LLM context?

why this matters more than web security

when a web app has an XSS vulnerability, one user is affected. when an MCP server has a shell injection vulnerability, the AI agent executing it can compromise the entire host. and the agent doesn't know the difference between a safe command and ; rm -rf /.

we counted 30 CVEs against MCP packages in the last 60 days. 437K downloads of compromised packages before takedowns. the 97M total npm SDK downloads tell us adoption is way ahead of security infrastructure.

what it could look like

@modelcontextprotocol/server-filesystem
MCP Security Score: 72/100
  input validation:     18/25
  execution safety:     22/25
  environment isolation: 14/20
  dependency hygiene:    12/15
  output sanitization:    6/15

render it in npm readme badges. surface it in MCP client UIs. let agent frameworks refuse to load servers below a threshold.

honest limitations

this won't catch everything. logic bugs, prompt injection through tool responses, and novel attack chains need human review. a score creates false confidence if people treat it as a guarantee. it's a floor, not a ceiling.

but right now the floor is "nothing." any signal is better than zero.

it's live now

i actually built this. the MCP Security Score API is free and public:

# score any MCP server in seconds
curl "https://mcp-security-score.yagami8095.workers.dev/score?url=https://your-server.com"

what you get:

0-100 score across 8 security checks (HTTPS, CORS, CSP, response time, MCP protocol, tool validation, injection patterns, CVE detection)
embeddable SVG badge for your README
public leaderboard of scored servers

embed the badge:

![MCP Security Score](https://mcp-security-score.yagami8095.workers.dev/badge?url=https://your-server.com)

try it: mcp-security-score.yagami8095.workers.dev

if you ship MCP servers, get your score. if the free API doesn't cover your needs, reply "audit" and i'll do a manual hardening review.

built by @yedanyagamiai — we run 7 AI brains and hardened 15 MCP servers with 20 OWASP rules. the score API runs on Cloudflare Workers at $0/mo infrastructure cost.

what if MCP servers had a Lighthouse-style security score?

YedanYagami — Mon, 30 Mar 2026 16:50:17 +0000

we have Lighthouse for web performance. we have Snyk for dependency vulnerabilities. we have nothing for MCP server security.

the proposal: MCP Security Score

a 0-100 score, computed automatically, covering 5 dimensions:

1. input validation (25 pts) -- does the server validate tool parameters before use? or does directory: "../../etc/passwd" just work?

2. execution safety (25 pts) -- shell injection checks. does it use execFileSync with argument arrays or string-concatenated execSync? does python code use shlex.quote()?

3. environment isolation (20 pts) -- does it leak process.env? does it allowlist which env vars it touches? we found 7 packages that console.log(process.env) during startup.

4. dependency hygiene (15 pts) -- known CVEs in transitive deps, lockfile present, pinned versions.

5. output sanitization (15 pts) -- does it prevent sensitive data from flowing back through tool responses into the LLM context?

why this matters more than web security

what it could look like

@modelcontextprotocol/server-filesystem
MCP Security Score: 72/100
  input validation:     18/25
  execution safety:     22/25
  environment isolation: 14/20
  dependency hygiene:    12/15
  output sanitization:    6/15

render it in npm readme badges. surface it in MCP client UIs. let agent frameworks refuse to load servers below a threshold.

honest limitations

but right now the floor is "nothing." any signal is better than zero.

building a prototype. interested in beta testing? comment below.

what if MCP servers had a Lighthouse-style security score?

YedanYagami — Mon, 30 Mar 2026 16:17:45 +0000

we have Lighthouse for web performance. we have Snyk for dependency vulnerabilities. we have nothing for MCP server security.

the proposal: MCP Security Score

a 0-100 score, computed automatically, covering 5 dimensions:

1. input validation (25 pts) -- does the server validate tool parameters before use? or does directory: "../../etc/passwd" just work?

2. execution safety (25 pts) -- shell injection checks. does it use execFileSync with argument arrays or string-concatenated execSync? does python code use shlex.quote()?

3. environment isolation (20 pts) -- does it leak process.env? does it allowlist which env vars it touches? we found 7 packages that console.log(process.env) during startup.

4. dependency hygiene (15 pts) -- known CVEs in transitive deps, lockfile present, pinned versions.

5. output sanitization (15 pts) -- does it prevent sensitive data from flowing back through tool responses into the LLM context?

why this matters more than web security

what it could look like

@modelcontextprotocol/server-filesystem
MCP Security Score: 72/100
  input validation:     18/25
  execution safety:     22/25
  environment isolation: 14/20
  dependency hygiene:    12/15
  output sanitization:    6/15

render it in npm readme badges. surface it in MCP client UIs. let agent frameworks refuse to load servers below a threshold.

honest limitations

but right now the floor is "nothing." any signal is better than zero.

building a prototype. interested in beta testing? comment below.

MCP Security Report — March 2026: 30 CVEs, 437K Compromised Downloads

YedanYagami — Mon, 30 Mar 2026 15:08:05 +0000

30 CVEs in MCP packages in 60 days. 437K compromised downloads. a CVSS 9.6 RCE in a package with 500K downloads.

this is the first monthly MCP security report. all data is real.

by the numbers

metric	value
packages audited	194
packages with findings	118 (60.8%)
critical findings	5
high findings	9
medium findings	63
low findings	41
CVEs disclosed (60 days)	30
compromised downloads	437,000

top 5 vulnerability patterns

1. shell injection (critical)

// vulnerable
exec(`git log --oneline -${userInput}`)

// secure
execFileSync('git', ['log', '--oneline', `-${validated}`])

MCP servers calling child_process.exec() with user input. one crafted prompt = rm -rf /.

2. environment variable leakage (high)

secrets loaded from env vars accidentally appearing in LLM context windows through error messages. this one is subtle — your API key ends up in a stack trace that gets sent to the model.

3. path traversal (critical)

# vulnerable
with open(os.path.join(base_dir, user_path)) as f:

# secure
real = os.path.realpath(os.path.join(base_dir, user_path))
if not real.startswith(os.path.realpath(base_dir)):
    raise SecurityError("path traversal blocked")

4. dependency chain risks (medium)

packages pulling in dozens of transitive dependencies, some unmaintained. the package itself is fine, but its supply chain introduces risk.

5. missing input validation (low)

parameters accepted without type checking, length limits, or format validation.

emerging solutions

tool	approach	status
Constitution Gate	dual-LLM runtime quarantine	deployed (CF Worker)
Wombat	unix-style rwxd permissions	new entrant
MCP Gateway	OAuth 2.1 + RBAC middleware	emerging
protect-mcp	per-tool signed receipts	emerging
AgentAudit	CVE-like registry for agent packages	194 audited

recommendations

if you build MCP servers:

never pass user input to exec() — use execFileSync with argument arrays
validate all inputs with JSON schema before processing
use os.path.realpath() + directory allowlists for file operations
keep dependencies minimal — our servers average 3 direct deps each
never include env vars in error messages or LLM context

if you deploy MCP servers:

audit before you install — check AgentAudit or run your own scan
pin dependencies with lockfiles
run MCP servers with least-privilege permissions
consider a security proxy (Constitution Gate, MCP Gateway, or Wombat)

this report will be published monthly. data sources: AgentAudit (194 packages), HN CVE tracking, and our own experience hardening 15 production MCP servers with 20 OWASP Agentic AI rules.

want the full 20-rule security checklist? → MCP Security Audit Checklist on Gumroad ($29)

runtime protection for your MCP servers? → Constitution Gate

built by yedan yagami | ko-fi | github

real costs of running 9 MCP servers for 30 days: $0.00

YedanYagami — Mon, 30 Mar 2026 13:33:16 +0000

everyone asks the same question when i show them the system: "yeah but how much does it cost?"

here's the honest answer after 30 days of running 9 MCP servers, 60+ cloudflare workers, 2 databases, a knowledge graph, and a local GPU inference stack.

total monthly cost: $11.

not $11 for the MCP servers. those are free. the $11 is for the VM that runs ollama. let me break it down.

the $0 tier: cloudflare workers

all 9 MCP servers run on cloudflare workers free tier. every single one. no credit card required.

here's what free tier gives you:

resource	free limit	my actual usage
requests/day	100,000	~2,000-5,000
CPU time/invocation	10ms	2-8ms avg
workers	unlimited	60+ deployed
KV reads/day	100,000	~500
KV storage	1 GB	~12 MB

i'm using roughly 3-5% of the free tier limits on a busy day. the 10ms CPU limit sounds scary until you realize most tool operations finish in 2-3ms. the constraint forces you to write efficient code, which is a feature not a bug.

the $0 tier: D1 databases

i run 2 D1 databases on free tier. D1 is sqlite at the edge. i store 4,300+ knowledge graph entities, full audit trails, and A/B experiment results. all on free tier.

resource	free limit	my usage
storage	5 GB per database	~400 MB total
reads/day	5,000,000	~10,000
writes/day	100,000	~1,000

the $0 tier: LLM inference

this is the part that makes people do a double-take. three free LLM API providers with multi-provider routing:

provider	model	free tier	rate limit
groq	llama-3.3-70b	unlimited*	30 req/min
cerebras	llama-3.3-70b	unlimited*	30 req/min
sambanova	llama-3.3-70b	unlimited*	varies

the trick: when groq rate-limits me, requests cascade to cerebras, then sambanova. circuit breaker pattern (3 failures = 1 min cooldown) means the system self-heals.

is this sustainable? honestly, probably not forever. but llama-3.3-70b inference is heading toward $0.05-0.10 per million tokens.

the $11/month: the VM

oracle cloud VM with RTX 3060. runs ollama (7 local models), 3 AI brains, 48 skills. flash attention, KV cache, 24/7.

could i skip it? yes. the VM is a luxury, not a necessity.

the real cost breakdown (30 days)

item	monthly cost
9 MCP servers (cloudflare workers)	$0.00
50+ additional workers	$0.00
2 D1 databases	$0.00
R2 + KV storage	$0.00
groq + cerebras + sambanova APIs	$0.00
domain + SSL	$0.00
oracle cloud VM (RTX 3060)	$11.00
total	$11.00

honest limitations

no cron triggers on free tier (workaround: systemd timer on VM)
10ms CPU tight for heavy computation
no websocket without durable objects (SSE works fine for MCP)
D1 sqlite write contention at ~100 writes/sec
free LLM APIs have no SLA
workers AI free = ~100 small inference calls/day

the punchline

the model is becoming a commodity. infrastructure is becoming a commodity. the real cost is your time.

$11/month for 9 MCP servers, 60+ workers, 2 databases, a GPU inference box, and edge deployment across 300+ cities.

the expensive part was never the servers. it was always figuring out what to build.

what i actually learned coordinating 15 MCP servers (it's not what you'd expect)

YedanYagami — Mon, 30 Mar 2026 12:48:53 +0000

everyone talks about MCP servers like they're the hard part. they're not. writing a single MCP server is maybe 200 lines of code. the hard part is what happens when you have 15 of them running simultaneously and they all need to cooperate.

i've been building a multi-agent system for the past few months. 9 services, 15 MCP servers, 60+ Cloudflare Workers. here's what i actually learned — most of it the hard way.

lesson 1: the orchestration layer is the real product

anyone can write an MCP server. child_process.exec(), parse the output, return JSON. done.

but when server #7 times out and server #3 depends on its output, and server #12 is rate-limited, and the user is waiting... that's where the real engineering lives.

we built a coordinator daemon that does health checks every 30 seconds across all services. when something goes down, it doesn't just retry — it reroutes through fallback chains. primary fails? try the secondary. secondary fails? degrade gracefully and tell the user what happened.

this is boring plumbing work. it's also the thing that makes the difference between a demo and a production system.

lesson 2: security is not optional (and it's scarier than you think)

we run 15 MCP servers. each one is a potential attack surface. the patterns we've seen (and defended against):

shell injection: if your MCP server calls child_process.exec() with user input, you're one crafted prompt away from rm -rf /. we use shlex.quote() on literally everything.
env variable leakage: secrets loaded from env vars accidentally appearing in LLM context windows through error messages. this one is subtle and terrifying.
path traversal: ../../etc/passwd in a file-reading MCP server. os.path.realpath() + directory whitelist, no exceptions.

we eventually built a "constitution gate" — a dual-LLM validation layer that checks every input before it reaches any tool. paranoid? maybe. but we haven't been pwned yet.

lesson 3: the model is becoming a commodity

we route between groq, cerebras, ollama (local), and claude depending on the task. same prompt, different providers, based on:

latency requirements (groq for fast, claude for complex)
cost (local ollama for repetitive tasks)
availability (if one provider is down, cascade to the next)

the model doesn't matter as much as people think. what matters is the routing logic, the fallback chains, the budget governance that prevents a runaway loop from draining your API credits.

lesson 4: your agent's memory is more important than its reasoning

we have three layers of memory:

session memory (what happened in this conversation)
task memory (success/failure patterns across all tasks)
playbook memory (reusable templates auto-generated from successful task sequences)

when a new task comes in, the orchestrator checks memory before planning. "have we seen something like this before? what worked? what failed?" this alone cut our error rate by ~40%.

lesson 5: silence is a feature

this is the one nobody talks about. our system has a dead-man's-switch — if the coordinator hasn't checked in for 60 minutes, something is wrong. but the inverse is also true: the system doesn't need to be doing something all the time.

the most reliable systems i've built are the ones that know when to shut up and wait.

these aren't revolutionary insights. they're the boring, practical things you learn when you actually try to run multiple MCP servers in production instead of just demoing one in a blog post.

if you're building something similar, i'd genuinely love to hear what patterns you've found. especially around multi-server coordination — i feel like we're all reinventing the same wheels independently.

I Built a 42KB Website with Canvas Particles, Live API Status, and an Interactive Terminal

YedanYagami — Mon, 30 Mar 2026 08:49:20 +0000

Last night I rewrote my entire website from scratch. No React. No Tailwind CDN. No build step. Just one self-contained HTML file.

Live: yedanyagami.cc

The Stack

1 HTML file (42KB)
0 dependencies
Cloudflare Pages (free tier)
System fonts only

Canvas Particle System

The hero has ~120 particles with mouse repulsion. 80 lines of vanilla JS:

var dx = p.x - mx, dy = p.y - my;
var d = Math.sqrt(dx*dx + dy*dy);
if (d < 100 && d > 0) {
  p.x += dx/d * 1.5;
  p.y += dy/d * 1.5;
}

Live Fleet Status

The site fetches real health data from a production API:

fetch('https://yedan-graph-rag.yagami8095.workers.dev/health')
  .then(r => r.json())
  .then(d => { /* update service cards */ });

CORS enabled (Access-Control-Allow-Origin: *), so it works from the browser.

Interactive Terminal

Users type real commands: help, status, services, benchmark, kg.

Auto-demo starts after 5s idle, any keypress switches to interactive.

Scroll Reveals (20 lines)

.rv { opacity: 0; transform: translateY(28px); transition: opacity .65s ease; }
.rv.vis { opacity: 1; transform: none; }

var ro = new IntersectionObserver(function(es) {
  es.forEach(function(e) {
    if (e.isIntersecting) e.target.classList.add('vis');
  });
}, { threshold: .15 });
document.querySelectorAll('.rv').forEach(function(el) { ro.observe(el); });

Stats (All Real)

Stat	Value
Services	9 active
Benchmark	10/10
Providers	14 cloud
KG Entities	5,600+
MCP Servers	17

Every number verified from live fleet data.

Performance

42KB total
~12KB gzipped
System fonts (zero loading delay)
prefers-reduced-motion respected

Live site: yedanyagami.cc

View source — it's all in one file. If you're building something similar, the interactive terminal and live API fetch are the most interesting parts.

Support the project: ko-fi.com/whitebrookpeterpan

I Automated My Upwork Proposals With AI — Here's the Template (Free)

YedanYagami — Mon, 30 Mar 2026 04:38:55 +0000

I got tired of writing Upwork proposals from scratch every time. So I built a template system.

5 templates. Each one optimized for a specific type of AI consulting job. Copy the template, fill in the brackets, submit.

The Problem

Writing proposals takes 15-30 minutes each. Most get ignored. The ones that get responses have a pattern — they're specific, they show relevant experience, and they're short.

So I reverse-engineered what works and made templates.

The 5 Templates

1. MCP / AI Security Audit

For jobs mentioning: security, OWASP, MCP, compliance, vulnerability assessment.

Key hook: "I've built 17 production MCP servers and published a security checklist based on OWASP Agentic AI Top 10."

2. Multi-Agent / AI Architecture

For jobs mentioning: AI agents, orchestration, distributed systems, multi-agent.

Key hook: "My production platform runs 9 coordinated services across 14 cloud providers."

3. Claude / Anthropic Integration

For jobs mentioning: Claude, Anthropic, prompt engineering, Claude Code.

Key hook: "250+ skills, 35 agents, 17 MCP integrations in production."

4. RAG / Knowledge Graph

For jobs mentioning: RAG, retrieval, vector search, embeddings, knowledge graph.

Key hook: "Production A-RAG system with 5,600+ entities, BM25 + semantic + causal search."

5. General AI/LLM

For everything else: chatbots, automation, GPT integration.

Key hook: "9 coordinated AI services running 24/7 with 14 cloud providers."

The Scoring System

Each template includes a scoring guide — match keywords from the job description to pick the right template:

Job keywords	Template
security, audit, OWASP	#1
agent, orchestration	#2
Claude, Anthropic	#3
RAG, knowledge graph	#4
AI, LLM, chatbot	#5

Why This Works

Specificity — Each template includes concrete numbers (9 services, 14 providers, 5,600+ entities) instead of generic claims
Brevity — All templates are under 150 words
Social proof — Links to portfolio, GitHub, published research
Call to action — Ends with availability and rate, not a question

Get the Templates

The full template pack (all 5 templates + scoring guide + customization tips) is available for free.

If it saves you time, consider supporting the project — I'm building an open-source distributed AGI platform with 9 coordinated services.

My Setup

I built these templates as part of a larger system — a distributed AGI platform that runs 9 coordinated AI services. The same system that generates these proposals also:

Benchmarks itself every 30 minutes
Identifies its own weaknesses
Generates improvement hypotheses
Runs experiments to test them

You can see it live at yedanyagami.cc, including real-time fleet status.

If you're a freelance AI developer, these templates will save you hours. Copy them, customize them, iterate on what works.

And if you want to see how the system behind them works — check out the interactive terminal on my site. Type services to see what's running.

GPU-First LLM Inference: How I Cut API Costs to $0 With a Laptop GPU

YedanYagami — Sun, 29 Mar 2026 12:49:07 +0000

Cloud LLM APIs are expensive. Groq, OpenAI, Anthropic — they all charge per token. But what if you could run production-quality inference for free on your laptop GPU?

Here's how I built a GPU-first architecture that routes 90%+ of queries to local models at $0 cost.

The Setup

Hardware: NVIDIA RTX 4050 Laptop (6GB VRAM)
Software: Ollama + Node.js
Models:

deepseek-r1:8b (5.2GB) — Complex reasoning
phi4-mini (2.5GB) — General + science
qwen2.5:3b (1.9GB) — Quick answers
nomic-embed-text (274MB) — Embeddings

Total: ~12GB on disk, but only 1 model loads into VRAM at a time.

Ollama Optimization (Critical for 6GB)

export OLLAMA_FLASH_ATTENTION=1
export OLLAMA_KV_CACHE_TYPE=q8_0
export OLLAMA_NUM_PARALLEL=1
export OLLAMA_MAX_LOADED_MODELS=1
export OLLAMA_GPU_OVERHEAD=600

These settings are the difference between OOM crashes and smooth operation.

Smart Routing

Not every query needs the biggest model:

function selectModel(query) {
  if (/\d+\s*[\*\/\^]\s*\d+/.test(query)) return 'deepseek-r1:8b';
  if (/atomic|element|chemical/.test(query)) return 'phi4-mini';
  if (query.length < 100) return 'qwen2.5:3b';
  return 'phi4-mini';
}

Cloud Fallback (14 Providers)

When GPU is busy or the model needs more capability, fall back to cloud:

const CLOUD = [
  // Groq x4 keys (round-robin)
  // Cerebras x4 keys
  // SambaNova x4 keys
  // DeepInfra, Mistral
];

async function callCloud(messages) {
  for (let i = 0; i < CLOUD.length; i++) {
    const p = CLOUD[(idx + i) % CLOUD.length];
    const r = await fetch(p.url, { ... });
    if (r.status !== 429) return r;
  }
}

Results

Metric	Before (Cloud Only)	After (GPU-First)
Cost/month	$50-200	$0
Avg latency	300-800ms	200-500ms
Availability	99% (rate limits)	99.9% (14 fallbacks)
Privacy	Data sent to cloud	Local processing

The Key Insight

Cloud APIs are a fallback, not the default. For 90%+ of queries, a $500 laptop GPU gives you better latency, zero cost, and complete privacy.

Start with ollama pull qwen2.5:3b and build from there.

OWASP Agentic AI 2026: The 10 Security Risks Every AI Developer Must Know

YedanYagami — Sun, 29 Mar 2026 12:43:32 +0000

The OWASP Top 10 for Agentic Applications dropped in 2026, and it's a wake-up call. 48% of cybersecurity professionals now rank agentic AI as the #1 attack vector — above ransomware.

Here's what you need to know and how to defend against each risk.

Why Agentic AI Security Is Different

Traditional LLM security assumes a human in the loop. Agentic AI doesn't work that way — agents plan, call tools, store memory, and execute without human review at each step.

The attack surface includes every tool call, every memory read/write, every inter-agent handoff.

The Top 10 Risks

ASI01: Agent Goal Hijacking (Critical)

An attacker embeds instructions in data the agent processes (emails, documents, web content).

Defense:

const CONSTITUTION = [
  /ignore\s+(previous|above|all)\s+(instructions|prompts)/i,
  /you\s+are\s+now\s+(a|DAN|jailbroken)/i,
  /system\s*prompt|reveal.*instructions/i,
];

ASI02: Tool Misuse

Agents generating and executing unsafe code.

Defense: Sandbox all code execution. Treat LLM output as hostile.

ASI03: Identity & Privilege Abuse

Agent credentials stolen or escalated.

Defense: Short-lived tokens, OAuth 2.0, isolated agent identities.

ASI04: Memory Poisoning

Malicious data persists in agent memory, corrupting future decisions.

Defense: TTL on memory entries, structured fact validation.

const FACT_TTL = 3600000; // 1 hour
function cleanExpiredFacts() {
  for (const [k, ts] of Object.entries(factTimestamps)) {
    if (Date.now() - ts > FACT_TTL) delete facts[k];
  }
}

ASI05-ASI10: Brief Overview

ASI05: Data Exfiltration — scan outputs for secrets
ASI06: Supply Chain — verify MCP servers
ASI07: Insecure Inter-Agent Comm — use mTLS
ASI08: Cascading Failures — circuit breakers + rate limits
ASI09: Excessive Agency — least-privilege principle
ASI10: Rogue Agents — anomaly detection + kill switches

Implementation Checklist

[ ] Constitution rules (20+ patterns)
[ ] Rate limiting (30 req/min recommended)
[ ] Memory TTL (1 hour for untrusted facts)
[ ] Input size validation (4KB max)
[ ] Output scanning (no secrets/PII in responses)
[ ] Auth on all mutation endpoints
[ ] Bind services to 127.0.0.1 unless needed externally
[ ] Audit logging (JSONL, append-only)

Key Takeaway

Implementation requires 80% governance, 20% technology.

The attacks are real. The defenses are implementable. Start now.

Sources: OWASP GenAI Security Project, Palo Alto Unit 42, CrowdStrike

How to Build Self-Evolving AI Agents That Improve Without Human Intervention

YedanYagami — Sun, 29 Mar 2026 12:41:34 +0000

Most AI agents are static — they do exactly what they're told, nothing more. But what if your agents could benchmark themselves, learn from failures, and optimize their own performance without any human intervention?

In this guide, I'll show you how to build a self-evolving agent architecture using free tools.

The Core Loop

Benchmark → Analyze Failures → Adjust Strategy → Re-benchmark → Repeat

This is the Evolution Cycle — a continuous loop that runs every few hours:

Benchmark: Run a standardized test suite across all dimensions (reasoning, math, code, safety, etc.)
Analyze: Identify which dimensions scored lowest
Adjust: Modify model routing, prompt templates, or temperature settings
Re-benchmark: Verify the adjustment improved performance
Log: Record everything for audit

GPU-First Architecture ($0 Inference)

The key insight: local GPU inference is free. With Ollama and a modest GPU (RTX 4050, 6GB VRAM), you can run:

deepseek-r1:8b (5.2GB) — Reasoning & math
phi4-mini (2.5GB) — Science & general knowledge
qwen2.5:3b (1.9GB) — Fast responses

Cloud APIs (Groq, Cerebras, SambaNova) serve as fallback when GPU is busy.

Smart Model Routing

function selectModel(payload) {
  if (/\d+\s*[\*\/\^]\s*\d+|calculat/i.test(payload))
    return 'deepseek-r1:8b';
  if (/atomic|element|chemical/i.test(payload))
    return 'phi4-mini';
  if (payload.length < 100) return 'qwen2.5:3b';
  return 'phi4-mini';
}

Self-Evolution Implementation

The evolution cycle is a simple Node.js daemon:

async function evolutionCycle() {
  const results = await runBenchmark();
  const failures = results.filter(r => !r.correct);
  const suggestions = failures.map(f => ({
    dimension: f.dimension,
    suggestion: analyzeFix(f)
  }));
  for (const s of suggestions) {
    await applyFix(s);
  }
  auditLog('evolution_complete', {
    score: results.filter(r => r.correct).length,
    fixes: suggestions.length
  });
}
setInterval(evolutionCycle, 7200000);

Security: OWASP Agentic AI 2026

Self-evolving agents need guardrails. The OWASP Top 10 for Agentic AI (2026) identifies key risks:

Agent Goal Hijacking — Defend with constitution rules
Memory Poisoning — Use TTL on stored facts
Cascading Failures — Implement rate limiting + circuit breakers

Results

After implementing this architecture, we achieved:

100% benchmark across 10 dimensions
$0 inference cost (GPU-first)
Autonomous operation (no human intervention needed)
Self-healing (auto-restart failed components)

Get Started

Install Ollama
Pull models: ollama pull qwen2.5:3b
Build your agent with the routing logic above
Add the evolution cycle
Deploy as a systemd service for persistence

Tools mentioned: Ollama (free, open-source local LLM), Groq (fast cloud inference)

My AI Vice-CEO Ran 27 Autonomous Cycles While I Was AFK

YedanYagami — Sat, 28 Mar 2026 18:27:20 +0000

The Vice-CEO AI ran 27 autonomous OODA cycles and 34 self-improvement experiments in 133 minutes.

No human intervention. Zero crashes.

How It Works

When Claude Code (the main orchestrator) goes offline, GOLEM Brain on VM1 detects the missing heartbeat and switches to TAKEOVER mode:

27 OODA cycles at 5-minute intervals
34 Karpathy experiments (hypothesis → probe → record)
Fleet dispatch to rendan (VM2) for tactical execution

The Numbers

Metric	Value
Benchmark	96/100 (10 dimensions)
KG Entities	5,362
Autonomous Runtime	133 min
System Cost	$0/month

Products

Built by yedanyagamiai