Freedom is engineered.
Modern software is no longer just code running behind a UI.
AI models, agents, workflows, APIs, files, secrets, databases, and infrastructure are becoming tightly connected. The important question is not only what these systems can generate, but what they are allowed to reach, invoke, modify, expose, or automate.
My work focuses on security-first systems where automation remains useful without becoming unbounded: clear trust boundaries, controlled execution, documented architecture, resilient deployment, and practical DevSecOps discipline.
| Area | Focus |
|---|---|
| Secure AI Infrastructure | Systems where AI workflows interact with tools, APIs, files, and execution environments through explicit boundaries. |
| API-First Systems | FastAPI, REST APIs, OpenAPI contracts, managed file flows, webhooks, and backend integration layers. |
| DevSecOps & Deployment | Docker-first services, CI/security scans, runtime hardening, observability, and deployment documentation. |
| Sovereign Architecture | Portable, understandable, self-hostable when useful, and designed to avoid blind platform dependency. |
| Controlled Automation | Automation patterns based on predefined actions, validated inputs, bounded outputs, and safer operational primitives. |
| Clarity & Documentation | READMEs, architecture notes, threat models, security assumptions, diagrams, and handoff-ready technical docs. |
| Layer | Tools & Technologies |
|---|---|
| Languages | Python · TypeScript · JavaScript · Bash · C |
| Backend & APIs | FastAPI · Node.js · Express · REST APIs · OpenAPI · Pydantic · Webhooks · Django · Flask · Postman |
| Frontend | Next.js · React · Tailwind CSS · HTML · CSS |
| Infrastructure | Docker · Docker Compose · Linux · VPS deploy · GitHub Actions · HashiCorp Vault · Prometheus & Grafana |
| Data & Storage | PostgreSQL · SQL · Prisma · Managed file workflows · Qdrant · JSON metadata |
| Automation & AI | OpenAI/GPT integrations · n8n · workflow systems · prompt engineering · agent-adjacent tooling |
| Security | DevSecOps · API security · web application security · SAST/DAST · threat modeling · secure file handling |
| Documentation | Architecture docs · README systems · threat models · security notes · deployment guides |
My background combines software engineering, DevOps, AI development, cybersecurity, API security, Python development, web app pentesting, bash scripting and full-stack development.
Selected training and credentials span:
- Full-stack software development and cloud-native application foundations
- DevOps, CI/CD, Linux, Docker, and software delivery practices
- AI development, generative AI applications, and applied machine learning foundations
- Cybersecurity, SIEM/IDS, pentesting, risk, threats, and mitigation
- Python development and scripting for cybersecurity and advanced security
- DevSecOps, web application pentesting, SAST/DAST and API penetration testing
- Computer science and Python programming
Selected training and credential sources include:
IBM · Google · Harvard · INFOSEC · APIsec University · DataCamp · TryHackMe · Hack The Box · Jason Haddix
These principles guide how I design, evaluate, and document systems.
| Principle | Meaning |
|---|---|
| Architecture over vibes | AI-assisted development still needs boundaries, interfaces, and system design. |
| Security over shipping theater | Shipping matters, but not at the cost of irresponsible exposure. |
| Control over black-box automation | Automation should increase leverage without surrendering operational control. |
| Sovereignty over platform captivity | Use platforms intentionally. Avoid becoming trapped by them. |
| Resilience over happy-path engineering | Real systems must survive bad inputs, failures, drift, and abuse conditions. |
| Secure defaults over heroic fixes | The safest path should be built into the system, not patched after failure. |
| Clarity over accidental complexity | Complexity is acceptable. Confusion is not. Clarity begins with intention. |
| Substance over hype cycles | The signal is in what survives execution. |
AI agents and automation systems increasingly need access to real tools, files, APIs, and execution environments.
The risk is not only what a model says. The risk is what the system allows that output to reach.
Safe actions. No raw shell.
STAR is a FastAPI-based secure automation runtime for workflows, AI agents, and low-code systems that need predefined system-level actions without exposing arbitrary shell execution.
It separates what a client can request from what the system is allowed to execute.
Instead of giving workflows or agents a general-purpose command runner, STAR exposes authenticated, typed, allow-listed actions and managed file operations through an HTTP API.
Key ideas:
- Predefined action contracts instead of arbitrary shell commands
- YAML-based Action DSL validated and compiled at startup
- Immutable runtime action registry
- No shell-based public execution path
- Per-action binary allowlists and blocked-binary policy
- Managed file operations through UUID-based references
- Request hardening, body limits, timeouts, and rate limiting
- Output sanitization, path redaction, and bounded stdout/stderr
- Docker-first runtime, OpenAPI docs, CI, security scans, and threat-model documentation
STAR is not an LLM firewall, an agent orchestrator, or a complete policy engine. It is narrower by design: a constrained execution boundary for systems that need useful automation without broad runtime exposure.
Explore STAR -> · OpenAPI Docs · Releases
- STAR as a secure action-execution runtime for AI agents, workflows, and automation systems, with MCP integration on the roadmap.
- Security-first microservice building blocks for AI workflows: execution, file scanning, prompt/output guarding, auth, telemetry, and policy boundaries.
- Docker-first templates with DevSecOps pipelines, testing, observability, security documentation, and secure defaults built in.
libertocrat.comas a technical authority hub for projects, articles, architecture notes, and documentation- Public technical writing around AI workflow security, controlled execution, DevSecOps, API infrastructure, and sovereign systems
For technical collaboration, security-first automation work, or project discussion:
For sensitive information or encrypted communication, use my public key: SECURITY_PGP_KEY.asc
PGP fingerprint:
0093 2D8B E725 68F8 7C60 D138 B00F 1868 1AFD 0A6F
Build systems. Secure architecture. Preserve sovereignty.