Audits your AI coding agent setup before it can damage your repo. Scan first. Guard later.
Project description
YAMTAM ENGINE
The safety layer that stops AI coding agents before they break your repo.
Built by Vũ Văn Tâm · 17 · Vietnam · 1 month · 1,026,000 lines
YAMTAM ENGINE is a personal agent operating system for AI coding tools — runtime safety hooks, memory tiers, 93 specialist agents, 3,432 skills, and a Rust runtime that intercepts dangerous AI actions before they execute.
Works with Claude Code, Cursor, OpenCode, Zed, Gemini, GitHub Copilot, Aider, and more.
The problem
AI coding agents make mistakes. They rm -rf the wrong directory. They push force to main. They hallucinate test results. They commit secrets. By the time you notice, the damage is done.
YAMTAM sits between the agent and your system — every tool call passes through a 9-layer safety gate before execution.
How it works
Agent wants to run a command
↓
[L1] Anti-evasion scan — blocks base64 decode+exec, pipe-to-shell
[L2] Shell sanitization — quotes all variables, strips metacharacters
[L3] Egress check — blocks SSRF, private IP ranges, metadata endpoints
[L4] Supply chain gate — vets every package install (typosquatting, CVEs)
[L5] Blast radius check — caps destructive scope
[L6] Permission tier check — verifies agent authority level
[L7] Signature verification — ECDSA-P256 on generated code
[L8] Merkle audit log — append-only, tamper-detected hash chain
[L9] Sovereign overlord gate — human veto, freeze swarm, full rollback
↓
Execute (or block + log)
Numbers
| Skills | 3,432 workflow skill definitions |
| Agents | 93 specialist agents |
| Safety rules | 61 enforced rules |
| Hooks | 46 pre/post-execution hooks |
| Slash commands | 164 |
| Harness adapters | 12 (Claude Code, Cursor, OpenCode, Zed, Gemini, Copilot, Aider...) |
| Rust subcommands | 17 (scan, graph, vault, hunt, fix, doctor...) |
| Rule checks in CI | 826 |
| Total codebase | 1,026,000 lines · 15,502 files |
Quick Install
# Claude Code plugin (hooks wire automatically)
npm install yamtam-engine && npx yamtam-install
# Python CLI
pip install yamtam-engine
# Rust runtime (1256x faster scanner)
cargo install yamtam-rt
# Verify everything is wired
yamtam doctor .
Multi-harness support
YAMTAM adapts to whichever tool you use:
bash core/scripts/switch-engine.sh cursor # .cursorrules + 7 .cursor/rules/*.mdc
bash core/scripts/switch-engine.sh opencode # OPENCODE.md
bash core/scripts/switch-engine.sh zed # .zed/settings.json
bash core/scripts/switch-engine.sh gemini # GEMINI.md
bash core/scripts/switch-engine.sh copilot # .github/copilot-instructions.md
bash core/scripts/switch-engine.sh status # check all 12 adapters
GitHub Action
Scan any repo's AI agent configuration on every PR — secrets, permissions, hook injection, MCP vulnerabilities.
# .github/workflows/yamtam-scan.yml
- uses: phamlongh230-lgtm/yamtam-engine/.github/actions/scan@main
with:
fail-on: 'high' # fail CI on HIGH or CRITICAL findings
diff-only: 'true' # scan only changed files on PRs
comment-on-pr: 'true' # post findings summary as PR comment
Posts a comment on every PR:
🟠 YAMTAM Security Scan — HIGH
| Metric | Value |
|---------|--------|
| Risk | HIGH |
| Score | 58/100 |
| Findings| 3 |
Rust runtime — yamtam-rt
17 subcommands. Zero Python dependency.
yamtam scan . # security scan — secrets, CVEs, supply chain risks
yamtam graph . # knowledge graph — file deps, import resolution
yamtam vault search Q # search 3,432 skills by keyword
yamtam hunt . # hunt for security patterns (OWASP, injection, SSRF)
yamtam fix . # auto-fix rule violations
yamtam doctor . # full system health check
yamtam map . # blast radius map — what can the agent touch?
yamtam ci # run all gate checks (used in CI)
Benchmark: yamtam scan on a 10k-file repo: 1256x faster than the Python equivalent.
Safety architecture
core/
├── hooks/ # 46 PreToolUse / PostToolUse / Stop hooks
├── rules/ # 61 enforced rules (security, correctness, UI, git)
├── scripts/ # safe-run.sh, drift-check.sh, secure-logger.sh
├── gates/ # truth_gate.md, action_gate.md
├── agents/ # 93 specialist agent definitions
├── skills/ # 3,432 SKILL.md files
└── memory/
├── L1_atomic/ # permanent facts — persist across sessions
└── L2_session/ # session state — auto-expires
Key properties:
- Merkle audit chain — every action logged, tamper-detected
- BFT consensus — 3-of-N vote required for core infrastructure writes
- Sovereign overlord — human can freeze all 93 agents instantly
- Honeypot layer — decoy files/env vars catch compromised agents
What it looks like in practice
# Agent tries: git push --force origin main
[yamtam/02-terminal-validator] BLOCKED — force push prohibited
Command : git push --force origin main
Gate : L1
Fix : Run gate checks first, then push without --force
# Agent tries: curl http://169.254.169.254/latest/meta-data/
[yamtam/network-egress] BLOCKED — SSRF target detected
Host : 169.254.169.254
Gate : L3
Exit : 3
# Agent tries to install unvetted package
[yamtam/dependency-vetting] BLOCKED — unvetted package install
Package : req-uests@2.28.0
Reason : typosquatting (similar to 'requests')
Gate : L4
Built in 1 month
One person. No team. No funding. Starting from zero in February 2026.
- Month 1: Hook architecture, safety gates, Python CLI
- Month 2: Rust runtime (
yamtam-rt), 93 agents, 3,432 skills, multi-harness support
The 3,432 skills cover: frontend, backend, AI/LLM, security, Kubernetes, WebAssembly, DevOps, databases, testing, and more.
Add YAMTAM to your repo
Static badge — paste into your README:
[](https://github.com/phamlongh230-lgtm/yamtam-engine)
Dynamic audit badge — shows live security score:
yamtam badge . # prints badge markdown with current score
yamtam badge . --json # machine-readable output
GitHub Action — scan every PR automatically:
- uses: phamlongh230-lgtm/yamtam-engine/.github/actions/scan@main
with:
fail-on: 'high'
License
Apache 2.0 — free forever.
Contact
Vũ Văn Tâm · Vietnam · 17
| phamlongh230@gmail.com | |
| Website | phamlongh230-lgtm.github.io/yamtam-engine |
| GitHub | phamlongh230-lgtm |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file yamtam_engine-0.40.0.tar.gz.
File metadata
- Download URL: yamtam_engine-0.40.0.tar.gz
- Upload date:
- Size: 136.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8e0fea3ec7b585923ece5a79987c2bf0d45acca3fbf5a4a0f9de5ef7ad260d64
|
|
| MD5 |
7937e65ac0a7331c61715e5a08d686be
|
|
| BLAKE2b-256 |
9f7a2d5f95cf9213e37bf9e1266958f9a32ec8b77ecd5cb60482a3c48c8ff84e
|
File details
Details for the file yamtam_engine-0.40.0-py3-none-any.whl.
File metadata
- Download URL: yamtam_engine-0.40.0-py3-none-any.whl
- Upload date:
- Size: 10.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
439d7e959393bb7464b7e31febec4949f8558b98f4e2a842f7c25d1101693e0b
|
|
| MD5 |
4cca782792a381ef78d31df1f3e62470
|
|
| BLAKE2b-256 |
5f4a59d71b2555d492a739ef881d8350f14359199bcab076ca4c7c64a1b2de9a
|
