Projects

Co-architected an event-driven agentic AI system at Chainguard that automates 70% of secure package creation, processing 200+ concurrent requests across a 2000+ image catalog.

Built a production-grade secure container image for vLLM at Chainguard, reducing CVE count from 700+ to fewer than 10 — a 98%+ reduction while keeping the full LLM serving stack operational.

A Go CLI that ingests sources (files, URLs, repos, PDFs, RSS/Atom feeds) and synthesizes them into a persistent, evidence-validated Markdown wiki using LLMs. Every page ships with byte-exact source quotes — hallucinated pages are dropped before hitting disk. Obsidian-native output with MCP server for Claude Code integration.

A Claude Code PreToolUse hook that intercepts Edit/Write calls and surfaces a focused permission prompt when AI-suggested code contains secrets, hardcoded credentials, disabled TLS verification, or wildcard CORS. A tripwire against rubber-stamping AI edits — catches the small set of mistakes you'd most regret committing.

Scaled Chainguard's secure container image catalog from fewer than 50 to 500+ images in 14 months, including Node.js FIPS, Python FIPS, and Keycloak. The catalog drove 7x ARR growth to $40M with 150+ enterprise customers.

Built an adapter that periodically checks CIS benchmarks and converts kube-bench outputs into Policy Reports defined by Kubernetes CRDs. Published as a Springer research paper.

Contributed release cycle support to schedule-builder in kubernetes/release — helps Kubernetes maintainers plan and track release windows.

An open-source Python tool for cross-platform stream-line editing — a BSD/GNU-compatible alternative to sed with a simpler interface.

A GitHub Action wrapping yapf to automatically format Python code per PEP 8 on every push. Used by open-source projects across GitHub.

A GitHub Action for no-code training of image classification models using Azure Custom Vision. Push a dataset and workflow file — no Python required.