Projects
All Projects
20 projects across AI systems, compliance automation, and cloud infrastructure. Newest first.
Featured (9)
AI Driven Issue Tracking and Analytics Pipeline
An eight stage AI pipeline. It maps FedRAMP 20x controls to a client's actual tech stack, finds the gaps against live Vanta test data, writes the remediation plan, and uploads the whole Epic, Task, and Subtask hierarchy to Jira.
- →Ran 3 control families (KSI with 56 controls, ADS with 20, CCM with 3) through the full pipeline end to end
- →Generated 582 Jira tickets (Epics, Tasks, Subtasks) across every family with proper hierarchy and audit ready descriptions
- →Compressed the control to ticket lifecycle from weeks of manual analysis down to a single pipeline run per family
- →Every AI call is logged with the prompt sent and the response received. Full audit trail for compliance review.
System Architecture & Design
A high level architecture diagram of the compliance automation platform. Orchestration layer, DI, strategy based backend execution, logic pipelines, adapter protocols, and external provider integrations, all laid out.
- →Clean separation between orchestration, logic, and infrastructure layers
- →15 plus compliance workflows share the same pipelines, services, and config
- →External provider integrations are fully decoupled through adapter protocols and lazy init
Cloud Data Normalization Pipeline
A data pipeline that takes raw cloud inventory exports and Tenable scan data and turns it into a FedRAMP Appendix M workbook you can actually submit.
- →Killed the manual reconciliation work across every asset category
- →Produces submission ready Appendix M workbooks straight from the raw exports
- →Turned a tedious compliance reporting task into a repeatable workflow
Jira MCP Server for AI Agent Workflows
An MCP server that exposes Jira operations as tools the LLM can actually call. Search issues, create them, update them, transition them, drop comments. Not just suggest what to do. Do it.
- →Agents hit Jira directly instead of writing output someone has to copy and paste
- →Analysis workflows flow straight into tracked remediation work
- →Proved out a real world use case for MCP agent tooling beyond demos
Vanta Compliance Gap Analyzer
Integration with Vanta's GraphQL API. It fetches, paginates, categorizes, and structures compliance test failures into one clean dataset remediation planning can work off of.
- →Turned a paginated, unstructured API feed into a single clean, categorized dataset
- →Retired the manual UI scraping anyone used to do just to find open compliance gaps
- →Output is an analysis ready artifact that downstream pipelines and reporting tools consume directly
Production RAG Infrastructure on AWS
A reusable retrieval layer running on AWS OpenSearch and Amazon Bedrock embeddings. It grounds every downstream LLM pipeline in the actual documentation of the system it's answering about.
- →Grounded retrieval across every AI workflow that plugs in
- →One retrieval layer to maintain instead of one per pipeline
- →Every generated output now backs itself with semantic search results, which made the whole thing far more reliable
Prompt Engineering That Stops LLMs from Lying in Evidence
A layered prompt and validation architecture that keeps LLMs from hallucinating in compliance evidence work. Structured inputs, hard constraint gates, four phases of validation.
- →Killed AWS service name leakage into abstract classification outputs with a whole word regex blocklist
- →Cut misclassification on process only controls by routing them through deterministic escape hatches that never call the LLM
- →Stood up a gold set validation framework. Ten test cases written by analysts, eight codified divergence categories.
Multi Pipeline LLM Automation Platform
An AI platform that handles the grinding parts of FedRAMP documentation and evidence work. Control mapping, evidence narratives, AWS CLI evidence commands, appendix planning, inventory reports. The stuff that used to take weeks.
- →Cut manual compliance authoring and evidence prep from days or weeks down to batch jobs you rerun on demand
- →Generates output for hundreds of NIST 800-53 control parts automatically
- →Produces reusable outputs that feed other compliance docs and audit workflows downstream
Multi-Agent Compliance Orchestration Platform
A multi-agent compliance orchestration platform built on LangGraph and CrewAI. It took a brittle linear 8-stage pipeline and turned it into a resilient, self-healing distributed system with bounded loops, checkpointed pause/resume, and a terminal human-in-the-loop gate that refuses to file tickets when the system can't tell a real gap from an evidence-collection issue.
- →Replaced a linear 8-stage script with a self-healing graph. Failed nodes retry from the last checkpoint; the @idempotent decorator prevents double-execution on resume.
- →One graph runs FEDRAMP_20X and SOC2_TYPE2 today, with ISO 27001 and HIPAA wired as stub profiles. Switching frameworks is a FrameworkProfile instance, not a pipeline fork.
- →Confidence-gated Reviewer loop (threshold 0.75) catches low-confidence findings and dispatches evidence_enricher to fetch only the missing signals, then re-enters gap_analyzer. Bounded by max_revisions so the loop can't run forever.
- →human_interrupt is terminal. No LLM call, no Jira write, no external side effects. Sets human_approval_status="pending" and ends the run. Zero false-positive tickets when evidence is incomplete.
- →ui_mapper fails closed. Any status outside {complete, skipped, not_applicable} raises; the graph re-pauses at the interrupt_before checkpoint instead of pushing unverified state to jira_publisher.
- →Multi-megabyte artifacts no longer crash DynamoDB writes. 50KB threshold moves oversized payloads to S3 transparently; pointers live in the state record.
Archive (11)
AI Driven NIST 800-53 Component Mapping Engine
Maps control parts to the cloud services that implement them, using a multi stage LLM workflow with extraction and triage passes.
AI Powered AWS Audit Evidence Command Generator
Generates and validates read only AWS CLI commands for gathering evidence against NIST 800-53 control parts.
Google Docs Feedback Loop System
Closed loop refinement system. Polls Google Doc comments via the Docs API, classifies relevance with GPT, generates refined replacements, and validates the rewrites through a verification pass before applying batchUpdate edits. Client review becomes automated revisions.
FedRAMP Privacy Plan Generator
Generates FedRAMP Privacy Plan deliverables across the NIST 800-53 Rev5 Privacy baseline. It flattens nested compliance domains into tabular DataFrames with index based JSON enrichment (O(1) lookups by control ID) for moderate baseline cross references.
Supply Chain Risk Management (SCRM) Plan Generator
Two phase SCRM Plan generator with a dedicated OpenAI Assistant per domain. Hard constraint prompts ("Do NOT add, delete, reorder…") and vector store scoped retrieval grounding for FedRAMP Rev5 supply chain controls.
Incident Response Plan (IRP) Assistant
Three phase IRP generator built on OpenAI Assistants. Strict placeholder only fill, extractive QA with an explicit "Not found in the provided content" fallback, and a copy edit only second phase that enforces zero content changes.
Multi Pass Compliance Document Generator
Four pass compliance document refinement pipeline. Draft, then file search refine, then RF Score 1 to 5 rubric rewrite, then merge with existing procedures. Checkpoint and resume, prompt redaction, and per control part state persisted between runs.
NIST Component Mapping Engine (Rev.4)
First generation component mapper, per control part. Built on OpenAI Assistants with Vector Stores (file_search plus code_interpreter), with a relaxed fallback prompt variant and a rolled up summary pass feeding downstream document generation.
NIST 800-53 Audit Question Generator
LLM powered audit question synthesis using a two pass generator and critic loop (synthesize, then refine) over NIST 800-53 control objectives. Output is structured assessment questions compliance reviewers can actually use.
NIST 800-53 SSP Baseline Splitter
Splits NIST 800-53 Rev5 baselines into low, moderate, and high JSON artifacts. Parses objectives (a., b., (a), (b)) into structured parts using regex driven custom sort keys that keep the enhancement and part hierarchy intact (AC-2, AC-2(1), AC-2(1)(a)).
JupiterOne Bulk Ingest & Query Pipeline
Python service over JupiterOne's GraphQL API. Cursor pagination at limit 5000, a one to four query dispatcher, and the full bulk persister synchronization job lifecycle (create, upload, delete, finalize) for moving security graph data at scale.