┃
Production Platforms Shipped
A controlled, auditable agent — not a chatbot — that turns operations questions into reviewed, parameterized Cypher over a Neo4j knowledge graph plus registered external tools, with every returned value traceable to the query, node IDs, and tool call behind it. Current delivery: hi-fi product design (eight live screens + a WebGL graph explorer) on a scaffolded FastAPI / Neo4j / Postgres backend; the orchestration core is a phased build.
Highlights:Versioned, injection-safe Cypher templates over a Neo4j 5.26 asset-maintenance model (read-only by default, writes behind an approval gate); an append-only Postgres 16 trace store that makes every field's lineage tamper-evident and runs deterministically replayable by request_id; a manifest-based tool registry (Snowflake, SAP, CMMS) with timeouts, retries, and circuit breakers; and a WebGL graph explorer (Sigma.js + graphology). Full detail in the repo.
Neo4j 5.26CypherFastAPIPythonasyncpgPostgreSQL 16Sigma.jsgraphologyWebGLesbuildDocker ComposeCloudflare PagesWrangler
Temporal-orchestrated multi-agent delivery system with two pipelines: a greenfield brief-to-scaffold flow, and a work-on-existing-code flow that clones a repo, indexes it into a Neo4j code graph, and opens a pull request. Multi-provider LLM routing (Anthropic + xAI/Grok, OpenAI fallback) with per-role model selection.
From a brief:Turns a plain-English brief into working starter code. A relay of agents — analyst, researcher, architect, engineer, estimator, reviewer, writer — hands work down the line with a human sign-off midway; a final coding agent writes and tests until it passes.
Existing code:Point it at a GitHub repo and describe a change. It maps the codebase, plans, edits, and checks its own work — retrying as needed — then opens a PR. Bigger changes try several approaches in parallel and keep the best.
Knowledge graph:Parses code across Python, TypeScript, Java, and C++ into a Neo4j graph of the whole repo — a searchable map of how files, classes, and functions connect — so agents and tools like Claude Code know exactly where to make a change.
Storage:Postgres for project and run history; Neo4j for the repository graph. Re-scans only re-read changed files, so updates stay fast.
Model choice:One router picks the model per agent and tracks cost — cheaper for simple tasks, stronger for hard ones, with automatic provider failover.
How it runs:AWS containers that autoscale under load, with durable Temporal workflows that survive restarts. Every run is tracked for cost and performance, with full multi-tenant isolation.
PythonTemporalFastAPIClaudeGrokOpenAINeo4jtree-sitterMCPpgvectorGitHub AppLangfuseOpenTelemetryECS FargateRDS PostgresTerraform
Six-agent software-delivery platform built on Embabel + Spring AI (Anthropic Claude). A Business Analyst clarifies a free-form brief into a RequirementsDocument; an Architect decomposes it into a task DAG; an Engineer writes and commits the code task-by-task; a Reviewer reads the diffs; plus Research (web investigation) and Doc (documentation). A 27-module Maven monorepo that ships as one bootable Spring Boot fat jar with the React 19 SPA packaged inside.
Agent flow:BA clarifies the brief → RequirementsDocument. Architect → task DAG (files, layers, acceptance criteria, mustImplements) persisted to Neo4j. Engineer runs an investigation → solve → verify loop, committing per task; Reviewer runs AST-aware mustImplement checks on each diff and posts blocking / advisory feedback. Research and Doc produce findings manifests and documentation.
Resilience:Orchestrator worker pool + DAG dispatcher checkpoints run state to Postgres; interrupted runs resume on startup and the Embabel planner skips completed actions via satisfied postconditions.
LLM layer:platform-llm wraps Anthropic with a prompt-cache proxy, cache-floor padding, and a rate-limit interceptor; every run is traced to Langfuse v3 over OpenTelemetry for token / cost visibility.
Multi-tenancy:JWT resource server (ES256 + JWKS) with side-by-side AuthOn / AuthOff filter chains. A per-user run-ownership table stamps runs on creation and propagates across BA → Architect → Engineer handovers; role + groups claims scope which agent dashboards a customer sees. Auth handled by tw-auth-worker (Cloudflare Worker, ES256 JWTs); backend verifies offline via JWKS.
Repo:swarm-of-agents — multi-module Spring Boot app + React SPA, built and published as a GHCR container image via GitHub Actions.
Spring Boot 3.5Java 21EmbabelSpring AIClaudeReact 19TypeScriptNeo4j 5PostgreSQL 17FlywayLangfuseOpenTelemetryCloudflare WorkersMavenDocker
Self-contained Splunk Enterprise security POC on AWS demonstrating five capabilities end-to-end: data ingestion, CIM Data Model Acceleration, detection engineering, Detections-as-Code CI/CD, and AI-drafted detections with a human review gate.
Detections:8 ATT&CK-mapped YAML rules in detections/aws/ (CloudTrail tampering, MFA bypass, login bursts, IAM key abuse, SG-open-to-world, S3 public write, root usage, AI-drafted password spray). Every rule is ES-compatible — drops into a licensed Splunk ES as a correlation search without rewrite.
DMA:3 accelerated CIM datamodels (Authentication, Network_Traffic, Change) with per-DM tags_whitelist and a benchmark dashboard comparing |tstats vs |search latency.
CI/CD:6-job pipeline. CI uploads payload to S3, sends one SSM SendCommand, the EC2 fetches + runs locally. OIDC AWS auth (zero static keys); Splunk :8089 never publicly exposed. DR rebuild from git verified in ~15 min.
AI workflow:Operator types ATT&CK technique + slug + description → Claude drafts schema-conformant YAML → validate CI passes → human merges PR → live as a scheduled saved search. End-to-end demonstrated in production.
Splunk EnterpriseCIMCloudTrailVPC Flow LogsTerraformGitHub Actions OIDCAWS SSMClaudeMITRE ATT&CK
Self-hosted infrastructure observability with zero-trust browser access. Grafana + Prometheus + yace CloudWatch exporter on ECS, fronted by Cloudflare Tunnel + Cloudflare Access (no public IPs, SSO-gated).
Dashboards:AWS cost tracking (MTD, daily trend, service breakdown, end-of-month forecast from Cost Explorer + sidecar), ECS health, RDS health, ALB/NLB latency, ElastiCache metrics.
Alerts as code:5 Grafana unified-alert rules provisioned from Terraform (ECS unhealthy, RDS CPU, ALB 5xx, monthly forecast over budget, scrape target down) using the A → B → C reduce-and-threshold pattern.
Access:Cloudflare Tunnel outbound from Fargate → Cloudflare edge → SSO challenge (Google / Microsoft / GitHub). No ALB, no public IP, no inbound firewall rules; tunnel token stored in AWS Secrets Manager.
Cost:~$55/mo per environment (ap-southeast-2)
GrafanaPrometheusyaceAWS Cost ExplorerCloudflare TunnelCloudflare AccessECS FargateTerraform
Plain-language cyber intelligence briefings built from trusted public, vendor, and government sources. Turns high-signal advisories, vendor reports, and research notes into "what happened · why it matters · what to watch" summaries that busy teams and executives can scan in seconds, with one-click drill-down to the original source.
Feed:Five filterable categories on the homepage — Threat Intelligence, Security News, Government Advisory, Cybersecurity Research, Industry News. Live "last updated" indicator. Every summary preserves direct source lineage so practitioners can verify or dig deeper without hunting.
Briefings:Email subscription for ongoing intel. The subscription form posts to a Cloudflare Pages Function that proxies to a Cloudflare Email Worker, gated by Cloudflare Access service-token headers so the worker stays protected behind zero-trust auth.
Stack:Static HTML/CSS/JS landing on Cloudflare Pages, Pages Functions for the same-origin email proxy, dedicated intel feed at /intel/news.html, Cloudflare-fronted DNS + CDN.
Cloudflare PagesPages FunctionsEmail WorkerCloudflare AccessZero-trustHTML/CSS/JS
Autonomous AI Red Team agent. Plans reconnaissance, invokes 17 scanning tools, interprets results, produces structured vulnerability reports. Prompt injection guardrails, timeout/fallback behaviour, real-time voice consultation.
Agent:Claude Sonnet with multi-step agentic tool-calling. Temporal workflow orchestration. Langfuse tracing.
Tools:Nmap, Nuclei, Nikto, testssl.sh, ffuf + 12 others
PythonFastAPIClaudeTemporalLangfuseDockerStripeGrok Voice
Multi-channel AI marketing platform. Context-aware AI Advisor with secure server-side tool-calling fetches live campaign data. MVP shipped in under 2 weeks.
Channels:Google Ads, YouTube, TikTok, Meta
Stack:Node.js/Express, Google Cloud Run, Cloudflare Workers, Terraform, OAuth 2.0, Google Ads API, NoSQL, Stripe
Node.jsExpressCloud RunCloudflare WorkersTerraformOAuth 2.0
AI-native equity research terminal — multi-signal stock analytics, real-time X/Twitter sentiment, conversational AI co-pilot with investment-school voice personas (Buffett · Lynch · ARK · quant), voice-activated portfolio rebalancing, and tokenized trading via Ondo Finance. ~$100/mo serverless infra vs $24K/yr per-seat Bloomberg.
Signals:Four independent analytical signals per ticker — Sentiment (Grok x_search on X/Twitter), Technical (SMA / EMA / RSI / MACD / Bollinger majority vote), Fundamental (FMP valuation / profitability / growth / health / consistency), Equity Risk Premium (earnings yield minus 10Y treasury). Combined into a single actionable verdict.
AI co-pilot:xAI Grok (Responses + Realtime API, text + voice) reads your actual holdings, switches between investment philosophies, executes portfolio rebalancing through a two-stage commit pattern — bot proposes, you confirm.
Trading:Ondo Finance integration — 263 tokenized US stocks available on-chain as of April 2026.
Stack:Next.js 15 App Router on Vercel Edge, 17 API route handlers, 22 lib modules of business logic, Upstash Redis for per-user data + multi-TTL caches, Cloudflare Worker for magic-link auth, daily cron for scans.
Next.js 15React 19TypeScriptVercel EdgexAI GrokPolygonFMPOndo FinanceUpstash RedisCloudflare WorkersPWA
Side-by-side ISM diffing tool for IRAP assessors. Compares the latest Australian Government ISM PROTECTED baseline against prior releases — surfacing new, removed, and modified controls with word-level diffs so assessment-prep scope is clear at a glance. Entirely client-side: no backend, no tracking.
Diffing:Fetches OSCAL catalogs from the ASD/ACSC repository and diffs current vs. historical PROTECTED baselines in the browser. Flags added / removed / modified controls with word-level highlighting; embedded ASD guideline text expands inline per control.
Architecture:100% client-side React 19 + Vite SPA — no server ever holds the data. A Cloudflare Worker proxies the GitHub-hosted catalogs to avoid API rate limits while staying stateless. IndexedDB caches catalogs with ETag revalidation; localStorage persists UI state.
Export:Findings export to TXT, CSV, JSON, and PDF for assessment workpapers.
Self-host:Forkable for air-gapped use — npm run deploy to a private Cloudflare Worker keeps PROTECTED content inside your own boundary. CI/CD via GitHub Actions; tested with Vitest + React Testing Library.
React 19JavaScriptViteCloudflare WorkersOSCALIndexedDBVitestGitHub ActionsIRAP / ISM
A human-in-the-loop M&A buyer-outreach platform for sell-side advisory teams: buyers move through one pipeline — identify → enrich → sequenced email → reply triage → NDA → meeting — with every outbound email, enrichment spend, and NDA counter-sign behind an advisor approval gate. AI does only deterministic work (classifying replies, diffing signed NDAs), never generating outbound copy. Shipped as an interactive prototype; the production design specifies a Java 21 / Embabel backend on PostgreSQL behind the same UI.
Highlights:A tiered enrichment + verification waterfall (RocketReach → Apollo → Hunter → Clay; verify via NeverBounce) with source attribution, a templated 4-touch sequence in an advisor review queue, AI reply triage (Claude, OpenAI fallback) into six buckets, and a DocuSign / wet-ink / Word-redline NDA flow text-diffed against the OneDrive template. Full detail in the repo.
React 19TypeScriptesbuildCloudflare PagesWranglerJava 21EmbabelSpring BootPostgreSQLClaudeOpenAIDocuSignMicrosoft GraphApolloHubSpotVertex AI
"Ask your literature. Get cited answers." Turns thousands of research papers into an interrogable knowledge graph: ask a question in plain English and get an answer where every value carries its citation — exact passage, DOI, date — plus the multi-hop connections across the corpus that keyword search never surfaces. Current delivery: the marketing site and an interactive 3D knowledge-graph explorer live on Vercel; the answering engine is architected as a Java 21 / Spring Boot modular monolith on AWS Bedrock.
Hybrid engine:A four-layer retrieval engine (the "H4") where each layer covers the others' blind spot: vector search (Qdrant) for meaning, graph traversal (Neo4j) for multi-hop citation / method / concept relationships, a PostgreSQL system-of-record for source text, DOIs, dates, and licence rights, and a Claude agent (Embabel GOAP planner) that decides which traversals to run and synthesises the cited answer — where vector-only RAG returns only what sounds similar.
Governed answers:The agent plans over a catalog of registered, read-only, depth-limited parameterized traversals (citation_chain, concept_bridge, method_comparisons, contradiction_scan) — never improvised Cypher — so retrieval is deterministic and injection-safe. Every value is written to an append-only lineage store (template id + version, bound params, node IDs, source chunk, graph version), so the system cannot emit an untraceable value and any answer is reproducible on demand.
Discovery & rights:Federated paper discovery over open sources (OpenAlex, Semantic Scholar, arXiv, CrossRef, PubMed) plus bring-your-own-licence publisher connectors, with per-source text-and-data-mining rights enforced at ingestion — the platform never relicenses publisher content, and your corpus is never trained on. Regional data-residency pinning for both storage and inference.
API-first:Versioned, additive-only REST API (/api/v1) with generated SDKs (npm / PyPI / Maven), HMAC-signed webhooks instead of polling, idempotency keys on mutating calls, and dual auth (API keys + OAuth2 client-credentials for machine-to-machine).
Next.js 15React 19TypeScriptTailwind CSS 4MotionVercelJava 21Spring BootEmbabelNeo4jQdrantPostgreSQLAWS BedrockClaudeAuth0StripeOpenTelemetry