Case Study: Palyan AI

Running 22 AI agents on a single VPS with The Nervous System - February 28 to March 5, 2026

The Challenge

Palyan AI operates 22 concurrent processes on a single $12/month DigitalOcean VPS with 4GB RAM. These include AI agents for operations, communication, content creation, social media, training, and three MCP servers. The system is managed primarily by LLM-powered agents that read files, execute commands, edit code, and deploy services.

The problem: without behavioral enforcement, LLM agents would routinely damage critical files, lose context between sessions, drift from objectives during long tasks, and fail silently when sessions timed out.

The Numbers

56
Violations Caught
32
Edits Blocked
13
Files Protected
0
Rules Bypassed
22
Processes Monitored
11
MCP Tools

What Was Prevented

Incident TypeCountImpact Prevented
LLM attempted to edit web server config7Site downtime for all services
LLM attempted to edit authentication code5Security vulnerability or lockout
LLM attempted to edit bridge server4Loss of remote management capability
LLM attempted to edit chatbox during live session3User-facing service disruption
LLM attempted to edit proxy configuration6API routing failures for all agents
LLM attempted to edit agent worker scripts4Agent behavioral changes without approval
Handoff not updated during active work24Context loss for next session

Timeline of Key Events

Feb 28
System goes live
Preflight.sh deployed with initial UNTOUCHABLE list of 89 files. First violation logged within hours when an agent attempted to modify simple-proxy.js.
Mar 1
First stale handoff detected
Agent worked for 40+ minutes without updating SESSION_HANDOFF.md. Violation logged, pattern identified, enforcement tightened.
Mar 2
NS MCP submitted to Anthropic directory
The Nervous System packaged as an MCP server and submitted. All 8 tools and 4 resources available for any MCP-compatible client.
Mar 4
NS integrated into chatbox
Rules loaded dynamically from MCP on startup. Step-back injection, handoff staleness checks, and violation tracking added to the chatbox backend.
Mar 5
v1.1.0 shipped + external deployment
v1.1.0 adds kill switch, tamper-evident audit chain, and dispatch-to-llm. First external deployment confirmed (MacBook Pro, March 5 2026). Published on npm, MCP Registry, and GitHub Marketplace.

What We Learned

"The LLM can't reliably self-enforce promises. Guardrails work via preflight.sh, violation logs, and catching drift. Build enforcement systems, don't make promises."
- Operating principle, established after observing LLM behavior patterns

Mechanical enforcement beats promises. In the first week, the preflight check blocked 32 file edits that would have damaged production infrastructure. The LLM was not being malicious. It was trying to be helpful. That is exactly the problem: a helpful AI with file access will "fix" things you did not ask it to fix.

Forced reflection materially improves quality. The step-back cycle (Rule 4) consistently produced moments where the LLM caught its own drift. Without the forced pause, these course corrections would not have happened.

Written handoffs are non-negotiable. 24 stale handoff warnings in 7 days means the LLM "forgot" to document its state roughly 3.4 times per day. Each of those would have been a complete context loss for the next session. The warning system caught every one.

Guest mode proves the concept. When a visitor can interact with a governed AI, see the rules being enforced, and fail to extract internal information through social engineering, the Nervous System demonstrates its value more effectively than any documentation.

Infrastructure

ComponentSpecification
ServerDigitalOcean VPS, 4GB RAM, $12/month
Process managerPM2, 22 processes online
Web serverCaddy (automatic HTTPS)
LLM providerAnthropic (Max subscription)
NS enforcementBash scripts + Node.js MCP server
NS versionv1.1.0 (11 tools, 4 resources)
Monthly cost$352 total (VPS + API + hosting)

Live data: Audit Dashboard | System Status | Try the Demo | GitHub