Director of Security @ Grayscale Investments · Open to AI-forward security and engineering leadership conversations.
18 years from USMC to director-level security. Now building the infrastructure that agentic AI runs on — not as an end user, but as the person writing the runtime, the memory system, and the wire protocol.
My work is a self-hosted mesh of composable systems: each piece is independently useful, but together they form a fully autonomous, voice-controlled, memory-persistent agent environment running entirely on local hardware. Security is a design constraint from the first commit — sandboxes, policy gates, audit hooks, and loop detection are not features, they are architecture.
I build microservices based architecture that maps cleanly to cloud environments with infrastructure that can be dictated for policy as code.
The flagship is not a single repo — it's a suite of systems that compose:
| Layer | What It Does |
|---|---|
| agnt — Agent Runtime | Production Rust engine. Zero-I/O kernel, multi-backend inference (OpenAI · Anthropic · Ollama), parallel tool dispatch, NATS wire protocol, SQLite persistence. Security: FilesystemRoot sandbox (path traversal rejected at the type level), should_dispatch policy gate for HITL approval, loop detection via (tool_name, args) fingerprinting, per-step token audit. 7 crates. 9/9 on formal end-to-end eval. |
| voicectl — Voice Layer | Always-on voice pipeline. Silero VAD, faster-whisper-large-v3 STT, Kokoro TTS — all self-hosted, no cloud. Transcripts dispatch to named agents over NATS. Treated as an adversarial input surface: sandboxed at dispatch. |
| memctl — Memory System | FSRS-6 spaced-repetition memory with session search, auto-ingest, and decay scoring. Agents recall prior decisions, corrections, and context without ballooning prompt size. |
| vlt — Secrets Manager | Hardware-bound secrets manager. Tiered KEK hierarchy: Argon2id (passphrase) → YubiKey HMAC-SHA1 → FIDO2 hmac-secret. AES-256-GCM encryption, append-only HMAC-chained audit log, caller registration with binary hash verification. The credential layer the mesh trusts. |
| msh-gtwy — Wire Protocol | Mesh gateway — IACP (Inter-Agent Communication Protocol) in Rust. Ed25519-signed trust claims, tier delegation, causal chains, replay prevention. Routes and authenticates all inter-agent traffic. |
| vzn — Vision Layer | Vision service daemon. Subscribes to NATS, routes requests to a local OpenAI-compatible vision API (Qwen2-VL), publishes replies back to the mesh. Self-hosted visual perception with no cloud dependency. |
| repomap — Repo Worldview | Cross-machine git worldview scanner. Dirty/ahead/behind/fetch-age per worktree, remote SSH scanning, PR/MR listing, JSON output. Agents call this to know the state of every repo before acting. |
| rig — Edge CLI | Thin CLI client for cross-machine operations via dmn edge daemons. Routes commands through local or remote dmn instances with SSH fallback. The control surface for operating the mesh from any machine. |
| sia — Self-Improvement | Self-improving agent loop. Give it a target artifact, an eval script, and a metric — it runs LLM-driven hypothesis-generate-evaluate cycles with git-native checkpointing. The mesh's own optimization engine. |
These run on a self-hosted 3-node Talos K8s cluster with HashiCorp Vault HA for secrets and NATS for messaging.
| Project | What It Is |
|---|---|
| jc | Jira + Confluence CLI built for AI consumption. JSON-first output, full markdown-to-ADF converter, dry-run mutations. An agent reads tickets, reasons over them, executes changes, and updates Jira — no human in the loop. |
| claude-sec | Enterprise security framework for Claude Code. Approval gates, architecture guardrails, governance controls for teams running AI coding assistants at scale. |
| aws-sec | Multi-account AWS security foundation — credential-less CI/CD via OIDC, Terraform-managed controls, GitLab pipelines. Production-grade. |
| Project | What It Is |
|---|---|
| plyglt | Enterprise AI Agent Control Plane — Rust kernel, Go gateway, TypeScript webapp. Multi-tenant agent governance: trust tiers, HITL policy gates, audit logging, session management. The platform layer the mesh runs on. |
| lumen | Local-first document intelligence platform. 7-stage ingest pipeline (parse → chunk → embed → index → enrich → graph), GLiNER NER, Qwen3 claim extraction, hybrid BM25 + pgvecto.rs semantic search, Apache AGE property graph, MCP server for agent consumption. |
| crbrs-security | Security governance repository. CIS baselines for Kubernetes, containers, Talos, AWS, and Terraform. Policy library, finding lifecycle, Trivy/Nuclei/Semgrep/Gitleaks scan results, DefectDojo integration. |
| herald | Multi-agent orchestration platform in Go. Pipeline triggers (cron + webhook), tiered Ollama inference with fallback, coordination protocol, async session bridging. |
| session-recall-rs | Rust CLI + MCP server for searching Claude Code session transcripts. Surfaces prior decisions, error patterns, corrections, and compaction events — agents query it before starting work to recover context. |
Security is a design constraint, not a feature.