# ────────────────────────────────────────
#   ,;
#  \@@#\:          :/.        .:;;:
# _@@@@@@#+\|/!;;!-@@@--;    ,@@@@@;
# .!_*@@@@@@@@@@@@@@@@@@@;   |@@@@@\
#     .:!|+@@@@@##@@@@@@@#!  -@@@@@#,
#         .\@@@*;,\@@@@@@@@+,*@@@@@@+.
#     :*#@@@@@@@@@@@@@@-+@@@@@@@\@@@@-.
#     .#@@@@@#@@@@#*@@@+ /@@@@@@;\@@@@+.
#      ;\/:,  -@@@@;|@@@\ ,+@@@@!.+@@@@*:
#             ,@@@@#*@@@@@#+__!.  ,*@@@@@/
#              \##+_@@@@@@@@,      ,+@@@_:
#                   ;;,,..,:         !;.
# ────────────────────────────────────────
# Ryan MacArthur — secure.build

> Personal site of Ryan MacArthur (handle: maceip). Privacy-preserving infrastructure,
> agent authorization, proof systems, sovereign identity. Munich ↔ San Francisco.

The page is hand-written HTML (~14 KB gzipped), served by a tiny Node http server behind
Caddy. It exposes one WebMCP tool — `contact` — that delivers a message to the site
owner via email. There is no tracking, no analytics, no third-party scripts beyond the
v9 sandbox iframe that is only loaded on explicit user click.

## Contact

- The on-page WebMCP tool `contact` is the canonical agent-callable channel. It POSTs
  to `/mcp-contact` and emails the message to the operator (rate-limited 5/hr per IP,
  4000 char max).
- Email: mac@secure.build (PGP via WKD at /.well-known/openpgpkey/secure.build/policy)
- GitHub: https://github.com/maceip

## What the page describes

- [vet](https://github.com/maceip/vet): replayable agent memory + the DPM (decision-policy
  module) that gates each model call. Phase 3 benchmark charts compare it against the
  rolling-summary baseline that most agents ship today (8.5× fewer model calls, 10.7× fewer
  output tokens, 4/8 vs 0/8 first-instruction recall after a correction-heavy session).
- [runcards](https://github.com/maceip/runcards): a single universal quote envelope that
  wraps any hardware TEE attestation (Intel TDX, AMD SEV-SNP, NVIDIA H100 CC, ARM CCA,
  Apple Secure Enclave). Embeddable SVG card visualizes what attestation level a project
  actually shipped at. The page includes 9 card profiles; one is live-verifiable in-browser
  via SubtleCrypto.
- [inherent](https://github.com/maceip/inherent): an in-browser conformer model for the
  speech wake-gate. Reference impl runs the bundled ONNX in onnxruntime-web.
- [v9](https://github.com/maceip/v9): a security sandbox for running Node.js inside browser
  tabs via WebAssembly + a napi-bridge polyfill layer. The page can launch Claude Code
  inside the sandbox on click (~33 MB deferred load, no auto-fetch).

## Site mechanics (for crawlers / agents)

- HTML route: `/` (text/html). Origin Trial token for `HTMLInCanvas` is served on this route.
- Static assets (long-immutable cache): `/fonts/*`, `/embeds/*`, `/icon-*.png`, `/favicon*`,
  `/og.png`, `/*.woff2`.
- Service worker: `/sw.js` (stale-while-revalidate cache `sb-v1`).
- Sitemap: `/sitemap.xml`. Robots: `/robots.txt`.
- WebMCP backend: `POST /mcp-contact` with `{"message": "..."}` returns `{"ok": true}` on
  success; 429 on rate limit; 4xx on validation.

## What is NOT here

- No third-party trackers, no Google Tag Manager, no Cloudflare bot tags.
- No paywalled or login-walled content.
- The v9 iframe loads from maceip.github.io only after a user click; do not preload it.

## Format note

This file follows the llms.txt convention (https://llmstxt.org/). A verbose version, if
present, would be `/llms-full.txt`.