15 years across embedded Linux edge systems and AWS cloud infrastructure. End-to-end platform ownership spanning C/C++ devices deployed in 120+ countries to a multi-account AWS environment serving millions of requests per day.
A real-time prompting system for executives and speakers — transcribes the conversation live, retrieves the exact fact you need from your own knowledge base, and surfaces it on your screen within half a second so you respond calmly instead of freezing.
Proof of concept built in 2 days. Zero-latency teleprompter on a single Mac. Apple Silicon NPU transcription, vector-semantic RAG (pure numpy, no external DB), and a multi-role web UI where staff inject tactical cues into the speaker's display in under 0.5s.
Industry-aligned split across four tiers, each with its own repo and ownership boundary:
| Repo | Stack | Industry name | Tier |
|---|---|---|---|
| aegis-landing-zone-aws | Organizations · OUs · SCPs · Identity Center · GitHub OIDC · security baseline | Landing Zone (AWS Control Tower) | Account fabric |
| aegis-platform-aws | EKS + Karpenter · ArgoCD · observability (extracted from landing-zone per ADR-033) | Platform engineering / paved road / IDP | Platform |
| aegis-core | C++ + whisper.cpp (gRPC) · Go BFF gateway · TypeScript React · dual-mode LAN/Cloud | Application repo | Workload — app |
| aegis-core-deploy | K8s manifests for the application | Config repo (two-repo GitOps, Weaveworks) | Workload — deploy |
End-to-end GitOps loop: CI in the app repo builds + pushes the image to ECR, commits the new tag cross-repo into the deploy repo, ArgoCD in the platform tier reconciles. Architecture Decision Records document every trade-off plus a running incident postmortem log.
Template repositories that carry a hardened default — security harness, agent rules, CI gates — so a new project starts correct instead of catching up later. The friction differential does the work, not a checklist nobody reads.
| Repo | Stack | Description |
|---|---|---|
| aegis-template | CLAUDE.md / AGENTS.md agent rules · semgrep · pre-commit secret hooks · GitHub Actions · tool registry | GitHub template (Rule → Execution → Verification) — "Use this template" scaffolds a clean repo with the full DevSecOps harness already wired, run on every push. |
Small command-line tools that solve one real problem cleanly — cross-platform, run locally, tested. Built when an existing tool didn't fit, and shared so a fork is one clone away.
| Repo | Stack | Description |
|---|---|---|
| aegis-yt-transcriber | Python · yt-dlp · faster-whisper / mlx-whisper · uv · pytest (BVA) · GitHub Actions (3-OS matrix) | Turn a YouTube URL into a transcript locally — even when captions are disabled. Cross-platform (macOS / Linux / Windows); the audio never leaves your machine. |
Short, focused spikes into unproven territory — each drives a single question to a working yes or no, then ships the findings as a field report on Bin's Lab. Proof and reasoning over polish; the write-up is the deliverable.
| Repo | Stack | Description |
|---|---|---|
| aegis-talos-apple-container-provisioner | Go · Talos pkg/provision · Apple container (OCI micro-VMs) · DHCP reconciliation · GitHub Actions | Proven spike — verified end to end (talosctl cluster create apple-container → nginx HTTP 200 → clean teardown). Pitched upstream, declined on principled grounds — discussion #13587. Read the write-up. |