Production platforms. Open-source libraries.
Production back-end products and the open-source tooling that grew up alongside them — each focused on one problem, end-to-end.
Skeptik
Self-funded, solo-built. Each platform lives on its own site with its own docs, pricing, and roadmap — no suite lock-in.
Security infrastructure as one binary.
A 9-engine security platform — credentials, encryption, secrets, encrypted object storage, encrypted search, internal CA, authorization, secure notifications, and audit — running as a single binary with one auth model, one config format, one telemetry pipeline.
- Per-tenant AES-256-GCM key isolation baked into the storage layer
- 44K JWT verifications/sec, 33K encrypt/decrypt ops/sec at sub-ms latency
- Client-side E2EE via WASM — search over data the server never sees in plaintext
- Crypto-shredding turns GDPR right-to-erasure into a single key-destroy op
Real-time events that actually arrive.
A multi-tenant WebSocket transport with embedded WAL storage — no Redis, no broker, no external retry queue. Auth, presence, and chat engines ship built in and can be swapped without forking.
- ~8K msg/sec sustained at 0.1ms p50 latency
- Clients reconnect and replay up to 7 days without gaps
- Four Docker images: transport-only, chat, presence, full stack
- Zero-knowledge by design — message bodies are opaque bytes
Catch revenue leaks before they reach the invoice.
Real-time metering and quota enforcement that runs in the request path, not after the fact. Atomic Redis Lua quota checks with two-phase reservation prevent overselling; Postgres takes over when Redis is unavailable.
- ~10K events/sec per tenant at the Envoy edge
- Five pricing models — flat, graduated, volume, package, weighted
- Credits system with FIFO burn and contract drawdown
- Stripe integration plus a swappable billing backend
Matching and discovery, without the ML team.
A consent-scoped social graph with matching, ranked feeds, and campaigns across five microservices behind Envoy. Warm and cold-start matching live in a single pipeline, with affinities isolated per context so one platform can power dating, networking, and community discovery without cross-contamination.
- FAISS retrieval + HDBSCAN clustering + SVD reduction in one pipeline
- 35+ scoring parameters tunable without shipping code
- Self-correcting clustering that re-clusters on detected drift
- Native CPM/CPE campaign engine with A/B variants
Open-source tooling.
Open-source tooling focused on runtime data modeling, service boundaries, and operational clarity — the same instincts that drive the platform work above.
Obfuskey
Reversible, fixed-length obfuscated keys from integers with bit-packing — multiple language ports sharing a single spec and test surface.
Ruby
- CattriRuby
Class and instance attributes with strict semantics: inheritance, lazy defaults, write-once finals, fine-grained visibility and coercion.
- CastkitRuby
Type-safe DTOs and contracts with declarative schemas, typecasting, validation, and serialization for hardening service boundaries.
- GaskitRuby
Composable operations and service objects as step pipelines — early exits, explicit error handling, integrated logging and duration tracking.
These libraries are developed independently and are not affiliated with any employer.
Side projects and one-offs.
A status-check site wiring a SwitchBot motion sensor to Vercel functions and Upstash Redis. Motion updates a timestamp that renders as an intentionally absurd status ("got dunks 2 days ago, still kickin"). IoT webhooks, event filtering, near-real-time serverless data flow.