Executive brief / Agent infrastructure
Ahmed Hesham · Verified July 2, 2026
The layer agents run on

Agents became production actors. I build the layer they run on.

The infrastructure agents need to act on real systems — identity, runtime, safe execution, memory, skills, and open protocols — already shipped and merged in production.

Every claim links to a merged pull request — github.com/ahmedhesham6.

408 merged PRs · stakpak/studio (platform) 183 merged PRs · stakpak/agent (1.6k runtime) founding contributor · paks upstream in agent-client-protocol (3.5k) and OpenViking (26k)

The stack, top to bottom

Six layers. Each one thing agents need in production — and the thing I shipped for it.

L1
Identity & Access Agent Auth Protocol · AAP

An agent proves who it is on every call — and never holds the master key.

Credentials are issued at runtime, expire within the hour, and every action is audited with secrets redacted. A production implementation of the open Agent Auth Protocol; observability tools were only the first connectors.

The protocol and its APIs landed in a single +14k-line pull request.

provider-generic·discovered & executed over MCP·revocation cascades instantly

L2
Runtime & Sessions stakpak/agent · runtime

An agent can run for weeks, pause for a human, and resume exactly where it stopped.

Durable sessions with checkpoints and replayable event logs, reachable from Slack, Discord, or Telegram through one gateway — with human approvals in the loop.

autopilot lifecycle·pause & resume·one multi-channel gateway

L3
Safe Execution stakpak/agent · warden

Agents do real work inside sealed sandboxes — and secrets never leave with them.

Work runs in sandboxed containers with the agent's knowledge mounted in; secrets are redacted span-aware before anything leaves; subagents are routed to the right model deliberately, not by guesswork.

warden containers·span-aware redaction·deliberate model routing

L6
Open Protocols Agent Client Protocol · ACP

Any editor, any agent — the same session semantics.

Authored the session/list RFD and its implementation, plus the usage and context-status RFD, in the cross-editor Agent Client Protocol (3.5k stars).

session/list·usage·context-status·RFDs + implementation

The one-line pitch

Ahmed has already shipped the production agent-infrastructure layer: verifiable agent identity, scoped capability execution without stored secrets, durable multi-channel sessions, sandboxed knowledge, distributable skills, and open agent protocols — AAP for agent auth, ACP for editor-agent sessions.

Every claim traces to a merged PR under github.com/ahmedhesham6 · verified July 2, 2026