Assylzhan Nyussupov

Projects

Two small Go libraries, MIT licensed. Both are clean-room extractions of patterns I kept needing while building agent infrastructure at work: written from the design up, no employer code.

go-agent-reliability

Problem Long-running LLM-agent loops fail in ways ordinary services do not. They stall silently: a model call hangs and nothing makes progress for forty minutes, but no error is raised. They get stuck retrying the same failing step and burn tokens. They die mid-task and leave half-written state behind. A supervisor like systemd or Kubernetes restarts the process but cannot tell the agent what it needs to know on restart: was that a clean stop or a crash, and where exactly was I?

Approach Six standalone packages, standard library only, meant to compose in a plain for loop rather than a framework: watchdog (idle warn/alert tiers), stuck (consecutive-failure detection), checkpoint (atomic write-rename state store), runlock (a flock whose leftover content is the crash signal), recovery (pure classification of the previous run plus resume-context prose for the next prompt), and lifecycle (signal-aware graceful shutdown with LIFO hooks).

Outcome A go get-able library with a bundled demo agent that survives Ctrl-C and kill -9 and explains, in prose, how its previous run ended. Deterministic tests via injectable clocks and signal notifiers; go test -race clean.

Limitations Unix-only (flock), single-node, last-write-wins checkpoints with no history. Durability over speed: it fsyncs on every checkpoint.

Stack Go 1.24, zero dependencies · github.com/Assylzhan-a/go-agent-reliability

mcp-oauth-go

Problem The MCP authorization spec (2025-06-18 and later) makes an HTTP-based MCP server an OAuth 2.1 resource server: it must publish RFC 9728 protected-resource metadata, validate token audience per RFC 8707 so it can't be used as a confused deputy, and emit a WWW-Authenticate challenge on 401. The official MCP Go SDK ships the low-level pieces; wiring them correctly is left to you.

Approach One package that assembles those pieces into an http.Handler, plus a production JWT/JWKS verifier, per-tool scope enforcement as MCP middleware, structured audit logging, and a dev issuer for local testing. Deliberately small: token issuance stays with your identity provider (Keycloak, Auth0, and the like).

Outcome Bearer-token protection and spec-correct metadata for any Go MCP server in a few lines, with scopes checked per tool rather than per server.

Limitations Resource-server side only; it will not issue tokens or handle the authorization-code flow for you. JWT access tokens only.

Stack Go 1.25, modelcontextprotocol/go-sdk, golang-jwt · github.com/Assylzhan-a/mcp-oauth-go

Related writing: Keeping autonomous coding agents honest covers the production context both libraries came from.