Project Starfish DevlogGitHub
2026-06-09

Toby and Hank: the only door in, and a watcher that cannot lie

Capability intake, runtime monitoring, and the portable overlay that became the product.

Two roles with separated duties joined the crew. Toby is intake and vetting: every new skill, tool, or agent is statically reviewed and risk-rated before it can enter the registry. Low risk auto-registers; medium and up are quarantined until a human consents; prompt-injection content is rejected outright. Toby is the only door into the registry, and a quarantined capability simply cannot run.

Hank is the runtime monitor. He sweeps the audit and transcripts for what rules miss, but he reports and escalates only, never blocks, and crucially his conclusions are reconciled against deterministic counters. A compromised watcher that reports "all clear" while denials are piling up triggers a discrepancy alarm. The watcher cannot lie about the ledger.

The product reveal

The insight that reframed the project: everyone ships skills, nobody ships governance. So the core was written headless and Electron-free, and the real deliverable became a portable overlay: starfish govern <skill-pack> brings any existing build under governance with consent. One command, deny-by-default, audited.

← All posts
Project Starfish · a governance-first, deny-by-default AI ecosystem · Apache-2.0. This devlog is a backdated build journal reconstructed from the project history.