Agentic & GenAI Systems
I ship signed-capability-lease primitives for agent runtimes — the missing security contract under MCP. Production deployments of multi-agent AI systems, voice-first platforms, and enterprise GenAI solutions with 99.9% uptime.
Built the Org-Wide CI/CD Floor — 200-Repo Audit → Shipped Kit
Ran an org-wide CI/CD audit across all active repositories at Attri.ai. Initial findings: 1,135 CRITICAL across 10 audit dimensions — 81% of repos had no branch protection, 72 repos had verified live secret leaks (332 OpenAI keys + 88 AWS access tokens + 30 GitHub PATs in git history), 0% had GitHub secret-scanning or Dependabot security updates enabled, 48% of merged PRs had zero review records. Then designed and shipped `attri-dev-kit` — semver-versioned (current v1.7.0), self-testing, one-line YAML opt-in, language-aware across Python + TypeScript + Rust + Terraform + Shell + C#.
Outcomes
- Org-wide adoption rolling out across 208 repos via a single repository-rollout tracker
- AI-specific guardrails: hallucinated-import detection, swallowed-exception flags across 5 languages, unjustified-lint-disable hard-blocks, AI-author signature failure escalation, test-delta gate on production code
- Self-gating: the kit runs against itself on every PR — we don't ship a version that fails its own check
- Framing: 'AI as a risk-multiplier' — pre-AI the cost of a careless commit was bounded by typing speed; post-AI a frontier model produces 200 lines of plausible-but-wrong code in 30 seconds. The kit absorbs the multiplier so individual engineers don't have to remember to defend against it
MannSetu — AI Mental Wellness Platform
India's first voice-first AI mental wellness companion (Hindi / English / Hinglish) with real-time voice-tone emotion analysis and CBT-based guidance. Built to close the access gap for 18-35-year-olds facing 2–4 week therapy wait times and ₹2,000–5,000-per-session cost barriers; private voice-first interaction removes the stigma. DPDP Act 2023 compliant, data hosted on Indian servers, end-to-end encryption, crisis support via Tele-MANAS.
Outcomes
- 50+ active users · 10K+ cumulative conversations · 4.8/5 user rating
- 40%+ engagement rate vs 1-5% industry standard
- Zero wait-time access; free for students
- 24/7 availability including crisis hours (nights and weekends)
Agentify — Attri's Flagship Multi-Agent AI Platform
Production-grade platform orchestrating 15+ specialized AI agents (Orchestrator, PRD, Solution Architect, Designer, Coder, Diff Analyzer, Discovery) for full SDLC automation — PRD to deployment. E2B micro-VM sandboxing per agent, multi-tenant workspace + Stripe billing, real-time collaboration, Cascading Router cost strategy across Claude Opus 4.7 / Sonnet 4.7 / Haiku 4.5 / GPT-5.5 / Gemini 3 Pro, MCP integration across 10+ tool services, full observability via OpenTelemetry → Datadog.
Outcomes
- 99.9% platform uptime — enterprise SLA across 12+ active customer engagements
- ~70% LLM cost reduction via the Cascading Router (simple queries → small models; complex → Opus 4.7)
- PRD-to-production timeline: 2-3 weeks → 3-5 days (automated review by AI agents)
- Multi-cloud on-prem fork unlocked the regulated-vertical deployment mode (Terraform + adapter pattern)
Six anonymized engagements across six verticals.
Industry vertical · role · scope · outcome. Client names withheld under contractual confidentiality. Every number, scope item, and outcome below is sourced from internal evidence (commit history, PR review counts, authored docs, calendar collaborator graph).
50-State Production API Integration + MS Graph OAuth2 Migration
Tech Lead — end-to-end ownership
Owned the integration of a regulated 50-state premium / tax / coverage-type API across all US jurisdictions for a commercial insurance carrier. Drove the cutover from legacy SMTP to Microsoft Graph + OAuth2 client-credentials for compliance-sensitive transactional notifications. Diagnosed and resolved a vendor auth ambiguity (Secret-ID vs Secret-Value confusion, AADSTS7000215) in one business day — validated token endpoint (200 OK) + Graph sendMail (202 Accepted) production-ready before EOD.
Production Ops Portal v4 — Jobs / Timesheets / ERP Integrations
Senior IC + customer principal — 17 months
Owned the production operations portal for a US general contractor: jobs management, labor timesheets, hours summary export, audit log, trucking, supplier + products DB, vendor portal, daily recap emails with material/equipment cost columns. Built integrations with industry-standard inventory + construction-management platforms (end-to-end OAuth flows, sandboxed test envs, prod cutover). Drove a vendor-diversity automation pipeline: matching company records against a public diversity-program registry with confidence thresholds + manual override UI.
Greenfield Healthcare AI Platform — Both Halves in 6 Weeks
Tech Lead — end-to-end greenfield
End-to-end ownership of a new healthcare AI product launch — both halves of the stack (FastAPI backend + React frontend). Brought to production from empty repo to v1 cutover in 6 weeks. Authored the Infrastructure & Compliance Audit identifying 8 critical pre-launch gaps: unredacted PHI passed to model providers, subscription ownership mismatch, missing BAA/SLA/IP clauses in vendor contracts, plaintext secrets in App Service settings, Postgres `log_statement=all` logging PHI parameters, missing diagnostic settings.
121-Issue Codebase Audit in 30 Days + Remediation Roadmap
Senior auditor — code review, architecture, remediation lead
Inherited a struggling MERN-stack platform serving K-12 students. Ran a parallel-AI-agent code review across all three repos (frontend, backend, AI service) producing 121 categorised issues, 23 of them Critical including: auth bypass, concurrency-driven data corruption, payment gaps, zero automated test coverage. Authored a 16-section Master Engineering Plan: Mongo→Postgres migration, AI question-generation rebuild, Bayesian mastery / IRT engine fixes, infra modernization, observability from zero, COPPA/FERPA/PCI DSS compliance roadmap, mobile (React Native / Expo) strategy.
Enterprise Claude AI Audit + Observability Platform
Platform Tech Lead — system design, security, runbooks
Designed and operates a Claude-based audit + observability platform running inside the firm's own Azure tenant — captures every prompt, response, and tool use into private Azure PostgreSQL in the US, exposed through a private API for compliance reviewers. Designed for ABA Model Rule 1.6 confidentiality + ABA Formal Opinion 512 (generative-AI ethics). Three-party model: model vendor (Anthropic) + cloud platform vendor (Attri) + IT partner (managed-services provider).
Drone-Inspection POC — Vendor Selection + KMZ Verification
Technical Lead — POC scope, vendor eval, ingestion design
Defined the POC scope for an automated drone-inspection pipeline for a US commercial real-estate buyer. Required KML/KMZ exportable flight-mission file + Smart Oblique capture for repeatability. Personally verified `.kmz` flight-path data (`waylines.wpml`) — 'the golden ticket' for reproducible captures. Confirmed multi-format deliverables (OBJ + LAS/LAZ + DXF). Requested AT (aerial triangulation) / Block-Exchange XML for centimeter-grade accuracy. Authorized capture; designed Phase-2 AI ingestion pipeline.
Scanners & Firewalls for Agentic Systems
Three OSS tools I ship and use on my own agents — plus the evaluation plugin that rates them.
As of 2026-05-24 · Metrics auto-synced from GitHub.
agent-audit-kit
SAST-style scanner for agentic AI systems. Full OWASP Agentic + MCP Top-10 coverage, SARIF output, 11-framework compliance reporting (EU AI Act, SOC 2, HIPAA, NIST AI RMF, ISO 42001).
agent-airlock
Runtime firewall for AI agents. Ghost-argument stripping, strict type validation, PII masking, RBAC, E2B sandboxing, network airgap, circuit breaker, cost tracking.
mnemo
MCP-native embedded memory database for AI agents, written in Rust. REMEMBER/RECALL/FORGET/SHARE primitives, hybrid vector search (RRF), AES-256-GCM encryption, branching/replay, RBAC.
verdict
Universal quality judge for Claude Code. 7-dimension scoring (correctness, completeness, adherence, efficiency, safety), configurable rubrics, threshold blocking, auto-hooks.
Consumer AI — beyond enterprise
Solo-built consumer product that proves the agent-feasibility playbook. Type a problem below — get the full analysis on the live product in a new tab.
Why can't we have an agent for this?
Type any problem you wish an AI agent would do for you. Get a brutally honest roast, viability score, competitive landscape, open-source alternatives, agent-readiness scorecard, and a CLAUDE.md scaffold you can drop into Cursor — in ~60 seconds.
Or try one of these
A full agent-feasibility report
Every roast returns the same eight-section structure — quick to skim, brutal where it needs to be, deterministic agent-readiness score at the end.
- 1Verdict + 1-10 scoreTier from "Build it yesterday" to "Don't bother"
- 2Viability sub-scoresMarket demand · feasibility · competition · monetization · disruption risk · fun factor
- 3Pros & consWhat's going for it · what's against it · what kills it
- 4Who you're up againstReal competitors with positioning + threat level
- 5Open-source alternativesWhat you could fork instead of building from zero
- 6Big-AI killer timelineWho absorbs your idea + when + your survival strategy
- 7Build estimateSolo-dev time · team size · cost · suggested tech stack
- 8CLAUDE.md scaffoldDrop-in starter spec for Claude Code / Cursor
The Production Agent
Newsletter
Weekly lessons from running 15+ AI agents in production. Governance, security, memory, cost optimization. No demos — systems that work.
- ✓ Agent orchestration & governance patterns
- ✓ LLM cost optimization strategies
- ✓ Security & memory architecture deep-dives
- ✓ Real production war stories & lessons
Free forever. No spam. Unsubscribe anytime.
Build Your AI Platform
Looking to implement multi-agent systems or GenAI solutions? Let's discuss how I can help architect and build production-grade AI platforms for your organization.