Product

Trade — Zero-Tolerance Cryptocurrency Trading Platform

Trade — Zero-Tolerance Cryptocurrency Trading Platform

Challenge

Build a cryptocurrency trading platform where the primary design goal is preventing catastrophic loss — not maximizing returns. The platform must survive compromised credentials, rogue orders, and operator error with multiple independent safety layers.

Solution Architecture

Defense-in-Depth Design

Five independent components, each with separate credentials and failure domains:

┌─────────────────────────────────────────────────────────────┐
│ Bybit Exchange (Testnet / Live)                              │
└────────────────┬────────────────────────────────────────────┘
                 │ WebSocket + REST
                 ▼
      ┌──────────────────────┐
      │    Freqtrade Pod     │ ◄── API key: Orders only, no transfers
      │ Strategy execution   │
      └──────┬───────────────┘
             │
      ┌──────┴──────────────────────────────────────────────┐
      │      Shared PVC: trade.db (OLTP) + journal.db       │
      └──────────────────────────────────────────────────────┘
             ↑                      ↑
      ┌──────┴──────┐        ┌─────┴───────┐
      │Risk Breaker │        │Journal Shim │ ◄── Read-only monitoring
      │Circuit break│        │Audit sidecar│
      └─────────────┘        └─────────────┘
             │
             ▼
      Wazuh SIEM (anomaly detection) + Grafana (dashboards)

Drawdown Ladder (Automatic Kill)

Capital Allocation: $4K per subaccount
├── -5% daily    → Alert + position review
├── -8% weekly   → Auto-reduce position size
├── -15% monthly → Scale to zero, require manual restart
└── -18% HWM     → Full kill-switch, key revocation

FIDO2-Authenticated Kill Switch

Emergency response in under 60 seconds:

Cryptocurrency Risk Management FIDO2 Kill Switch NIST CSF Zero Trust

WB-SMP — Wildberries Seller Management Platform

WB-SMP — Wildberries Seller Management Platform

Challenge

Wildberries sellers face 34.5–38% commission rates with limited visibility into true unit economics. They need:

  • Real-time margin per SKU after all fees
  • Automated advertising bid optimization
  • Inventory forecasting to prevent stockouts
  • Competitive intelligence

Build a unified command center integrating 262 API endpoints across 14 Wildberries hosts.

Solution Architecture

Platform Overview

Modular monolith with 9 bounded contexts serving growing sellers (10–50 SKUs, 100K–1M RUB/month revenue).

Wildberries E-commerce Unit Economics Advertising Russia B2B SaaS

Agentic AI Governance — Control Plane for AI Agents

Agentic AI Governance — Control Plane for AI Agents

Challenge

Autonomous AI agents are executing tool calls — database queries, API requests, file operations — with minimal human oversight. Enterprises deploying agents face regulatory requirements (EU AI Act Art. 12-14, Singapore MGF) for human oversight, audit trails, and authorization controls. Existing agent frameworks (LangChain, AutoGPT, CrewAI) have no built-in governance layer.

Build a control-plane overlay that intercepts, authorizes, logs, and audits every tool call made by an AI agent — without modifying the agent or tool code.

AI Governance EU AI Act Agent Security OWASP LLM Human-in-the-Loop Audit Trail

Air-Gap Compliance Platform — Fully Offline Security

Air-Gap Compliance Platform — Fully Offline Security

Challenge

Enterprises in defence, government, healthcare, and finance operate isolated network segments with zero egress to the public internet. These environments require compliance automation (vulnerability scanning, policy enforcement, evidence collection) but cannot pull container images from public registries, download vulnerability databases, or send telemetry externally. Existing compliance tools assume internet connectivity.

Build a fully offline compliance platform delivered via USB sneakernet or internal mirror, with all dependencies pre-bundled.

Air-Gapped Offline FedRAMP CMMC PCI DSS ISO 27001 Defence Government

BIMcore Engineer — Rust-First BIM Platform

BIMcore Engineer — Rust-First BIM Platform

Challenge

The AEC (Architecture, Engineering, Construction) industry is stuck with 30-year-old software architecture. Autodesk Revit struggles with models beyond 500MB, cannot handle true multi-user editing, and crashes when federated models exceed 1GB. Large industrial projects (power plants, factories, data centers) routinely hit 100GB-1TB — forcing teams into complex workarounds.

Build a ground-up BIM platform that treats terabyte models as first-class, editable objects.

Solution Architecture

Overview

┌──────────────────────────────────────────────────────────────────┐
│                    BIMcore Studio (Client)                        │
│     Rust + egui + Vulkan 1.3 | 60 FPS interactive editing        │
└────────────────────────┬─────────────────────────────────────────┘
                         │ gRPC + Protobuf
                         ▼
┌──────────────────────────────────────────────────────────────────┐
│                   BIMcore Nucleus (Server)                        │
│     Distributed: PostgreSQL + Redpanda + Raft Consensus          │
└────────────────────────┬─────────────────────────────────────────┘
                         │
         ┌───────────────┼───────────────┐
         ▼               ▼               ▼
   ┌──────────┐   ┌──────────┐   ┌──────────┐
   │PostgreSQL│   │ Redpanda │   │  MinIO   │
   │ + PostGIS│   │ (Events) │   │  (Blobs) │
   └──────────┘   └──────────┘   └──────────┘

Tech Stack

ComponentTechnologyPurpose
ClientRust + eguiNative thick client with GPU rendering
RenderingVulkan 1.3Cross-platform 60 FPS, on-demand geometry
ServerRust + TokioAsync distributed coordination
ConsensusopenraftRaft-based multi-node consistency
DatabasePostgreSQL + PostGISSpatial indexing, durability
EventsRedpandaKafka-compatible streaming (2,048 partitions)
StorageMinIOS3-compatible blob storage for geometry
AuthKeycloakOIDC, SAML, enterprise SSO
SecretsHashiCorp VaultEncryption keys, API tokens

Canonical Parameters (from 00-SHARED-CONTEXT.md)

ParameterValueRationale
P-001≥60 FPS at ≤100GB, ≥30 FPS at 1TBInteractive editing requirement
P-005JWT TTL = 5 minutesShort-lived tokens for security
P-0122,048 Redpanda partitionsScale for event streaming
P-025AES-256-GCM at-rest encryptionCompliance requirement

Key Features

1. Terabyte-Scale Model Handling

  • On-demand geometry loading: Only visible elements in GPU memory
  • Columnar bcx format: Compressed, audit-hashed, open specification
  • Spatial indexing: PostGIS R-tree for frustum culling
  • Delta snapshots: Versioned changes without full model duplication

2. Native Import/Export

Import:
├── Revit 2020-2026 (.rvt) via ODA BimRv SDK
├── IFC 2x3 / 4 / 4.3 via IfcOpenShell
└── Point clouds (.las, .laz)

Export:
├── bcx (native columnar format)
├── IFC 4.3
└── glTF 2.0 (for web viewers)

3. Real-Time Collaboration (MVP-3+)

  • CRDT-based editing: Conflict-free concurrent edits
  • Operational transforms: Merge without locks
  • Presence awareness: See other users’ selections live

4. 3D Editing Operations

// Transactional edit with automatic undo
let tx = model.begin_transaction();
tx.select(element_ids);
tx.move_by(Vector3::new(0.0, 0.0, 1000.0));  // Move up 1m
tx.commit()?;  // Generates inverse operation for undo

Roadmap

PhaseTimelineDeliverables
MVP-1Q3 2026Import Revit/IFC, ≥60 FPS on ≤100GB
MVP-2Q4 20263D edit (select, move, rotate), ≥30 FPS on 1TB
MVP-3Q1 2027Save to bcx, IFC 4.3 export, GA
Phase 2AQ3 2027Drawings, schedules, levels/grids edit
Phase 2BQ4 2027Real-time multi-user, MEP sizing
Phase 2C2028Web editor, plugin SDK, mobile viewer

Documentation Coverage

requirements/          # 96 documents, 35K+ lines
├── 00-SHARED-CONTEXT.md    # Canonical parameters P-001..P-026
├── 01-business/            # Market analysis, business case
├── 02-product/             # PRD, features, personas, roadmap
├── 03-functional/          # 24 FSDs (import, edit, save, cluster)
├── 04-technical/           # Architecture, data model, 50+ ADRs
├── 05-quality/             # Test plan, acceptance scenarios
└── 06-security/            # Security architecture, threat model

Build Targets

PlatformStatusNotes
Linux x86_64 (AVX2+)✓ PrimaryFull support, CI on 16-core
macOS arm64 (M1+)✓ SecondaryMetal 3 via MoltenVK
Windows x86_64WIPIOCP runtime, D3D12 compat

Architecture Decisions

Why Rust?

  • Memory safety without GC pauses (critical for 60 FPS)
  • Zero-cost abstractions for geometry processing
  • Excellent async ecosystem (Tokio) for distributed coordination
  • Native Vulkan bindings (ash crate)

Why Not Electron/Web?

  • GPU-bound workloads need native Vulkan, not WebGL limitations
  • Memory management must be deterministic, not JS GC
  • CAD users expect desktop-class responsiveness

Why columnar bcx format?

  • 10-100x faster spatial queries vs row-based formats
  • Columnar compression (zstd) yields 5-8x smaller files
  • Append-only for audit trail (every change is versioned)

Security Model

  • Zero-trust network: mTLS between all components
  • Audit logging: Every edit traceable to user + timestamp
  • GPL isolation: GPL code (IfcOpenShell) runs in subprocess with IPC
  • SBOM: CycloneDX generated each release

License

Dual Apache-2.0 / MIT (your choice). Dependencies tracked via SBOM.

BIM Rust Vulkan Revit Alternative CAD Architecture Engineering

DORA Incident Platform — EU Financial Compliance

DORA Incident Platform — EU Financial Compliance

Challenge

The Digital Operational Resilience Act (DORA, EU 2022/2554) requires 40,000 EU financial entities — banks, payment institutions, e-money providers, crypto exchanges (MiCA), and insurtech — to classify and report major ICT incidents within strict deadlines: 4 hours (initial notification), 72 hours (intermediate report), and 1 month (final report). Manual classification against EBA/ESMA/EIOPA criteria is slow and error-prone; missing deadlines triggers regulatory penalties.

DORA EU Compliance Incident Management EBA Reporting Financial Services AI Triage

EU AI Act Doc Generator — Automated Compliance Artifacts

EU AI Act Doc Generator — Automated Compliance Artifacts

Challenge

The EU AI Act (Regulation 2024/1689) requires AI system providers to produce extensive documentation: risk classification per Annex III, technical documentation per Annex IV (model cards, risk assessments, data governance records, human oversight procedures), and conformity assessment evidence. Manual documentation is time-consuming, inconsistent, and difficult to maintain over the 7-year retention period.

Build a platform that automates the generation of EU AI Act-compliant documentation artifacts.

EU AI Act AI Documentation Model Cards Risk Assessment Conformity Assessment Regulatory Compliance

K8s Compliance Operator — One-Day Compliance Stack

K8s Compliance Operator — One-Day Compliance Stack

Challenge

Kubernetes teams in regulated industries spend 8-16 weeks integrating policy enforcement (Kyverno), runtime security (Falco), network isolation (Calico), secrets management (Vault), and service mesh (Istio) to meet compliance requirements. Each tool requires separate expertise, and maintaining policy coherence across tools is error-prone.

Build a single Helm chart that deploys the entire compliance stack, driven by a ComplianceProfile custom resource that automatically configures all components for the selected framework.

Kubernetes Operator PCI DSS SOC 2 NIST CSF ISO 27001 Policy Enforcement Runtime Security

Multi-Framework Evidence Graph — One Evidence, Many Frameworks

Multi-Framework Evidence Graph — One Evidence, Many Frameworks

Challenge

Compliance teams managing multiple frameworks (SOC 2, PCI DSS, ISO 27001, DORA, NIS2, AI Act) collect redundant evidence for overlapping controls. A single penetration test report might satisfy requirements in 4 different frameworks, but each auditor receives a separate package. Manual mapping is error-prone, and proving evidence integrity during audits requires custom tooling.

Build an evidence repository where one artifact maps to multiple frameworks, with cryptographic integrity proofs and OSCAL-compliant audit package generation.

Evidence Management SOC 2 PCI DSS ISO 27001 DORA NIS2 OSCAL Audit

Jobs Finder — AI-Powered Job Search Pipeline

Jobs Finder — AI-Powered Job Search Pipeline

Challenge

Job searching across multiple platforms is time-consuming. Telegram channels post hundreds of vacancies daily, LinkedIn requires manual browsing, and HH.ru (Russia’s Indeed) needs separate attention. Manually reviewing all postings and assessing fit is inefficient.

Build a pipeline that:

  • Aggregates jobs from Telegram, LinkedIn, and HH.ru
  • Ranks every posting against your CV using AI
  • Runs entirely locally (no cloud API costs, no data leakage)
  • Supports multiple job search profiles (DevSecOps, Data Analyst, PM)

Solution Architecture

Pipeline Flow

┌─────────────────────────────────────────────────────────────┐
│                    Data Sources                              │
├──────────────┬──────────────────┬───────────────────────────┤
│   Telegram   │     LinkedIn     │          HH.ru            │
│ (13 channels)│ (keyword matrix) │    (public REST API)      │
└──────┬───────┴────────┬─────────┴───────────────┬───────────┘
       │                │                          │
       └────────────────┼──────────────────────────┘
                        ▼
              ┌─────────────────────┐
              │    Deduplication    │
              │  (cross-source)     │
              └──────────┬──────────┘
                         │
                         ▼
              ┌─────────────────────┐
              │    AI Ranking       │
              │ Ollama qwen3.5:35b  │
              │ (batch mode: 10/call)│
              └──────────┬──────────┘
                         │
                         ▼
              ┌─────────────────────┐
              │    Filter & Report  │
              │  (threshold: 78+)   │
              └─────────────────────┘
                         │
                         ▼
              outputs/<date>/ranked/report.md

Multi-Profile Support

# profiles/devsecops.yaml
cv_path: "info/CV/devsecops/gantman_2026_compact.md"
linkedin:
  keywords: ["DevSecOps", "Security Architect", "SRE", "CISO"]
  geo: ["Worldwide", "European Union", "Israel"]
telegram:
  channels: ["devops_jobs", "sre_jobs", "security_jobs"]
filters:
  min_salary_usd: 9000
  rank_threshold: 78

Key Features

1. Telegram Channel Scraping

  • Public channel scraping (no bot token needed)
  • 13 default DevOps/Security channels
  • Configurable per profile
  • Rate-limited with polite delays
  • Selenium with persistent Chrome profile
  • Keyword × geo matrix search
  • Handles pagination (up to 40 pages)
  • Extracts: title, company, salary, location, description

3. HH.ru Integration

  • Public REST API (no auth)
  • Area-based search (Russia, Belarus, Georgia, Israel)
  • Experience level filtering
  • Structured vacancy data

4. AI Ranking (Batch Mode)

# Batch processing: 10 jobs per LLM call
prompt = f"""
CV: {cv_markdown}

Jobs: {json.dumps(batch_of_10_jobs)}

Score each job 0-100 for fit. Return JSON:
{{"results": [{{"job_id": "...", "score": 85, "evidence_confidence": 0.9}}]}}
"""

# Amortizes model-load cost across batch
response = await ollama.generate(prompt, model="qwen3.5:35b")

5. State Management

-- ~/.cache/jobs-finder/state.sqlite3
CREATE TABLE seen_jobs (
    job_id TEXT PRIMARY KEY,
    source TEXT,
    first_seen TIMESTAMP,
    score INTEGER,
    evidence_confidence REAL
);
  • Cross-run deduplication
  • Score history tracking
  • Prevents re-ranking known jobs

Configuration

Environment Variables

# Ollama
JOBS_OLLAMA_HOST=http://192.168.2.2:11434
JOBS_OLLAMA_MODEL=qwen3.5:35b
JOBS_OLLAMA_NUM_CTX=16384

# Filters
JOBS_MIN_SALARY_USD=9000
JOBS_RANK_THRESHOLD=78
JOBS_REPORT_TOP_N=10
JOBS_MAX_POSTING_AGE_DAYS=21

# Sources
JOBS_TELEGRAM_MAX_MESSAGES=500
JOBS_LINKEDIN_HEADLESS=false
JOBS_HH_MAX_PAGES_PER_AREA=20

Usage

Run Full Pipeline

# Using profile
python -m jobs_finder pipeline --profile devsecops -v

# Skip specific sources
python -m jobs_finder pipeline --skip-linkedin --skip-hh -v

# Force re-rank everything
python -m jobs_finder pipeline --no-state

Output

outputs/2026-05-15/
├── telegram.jsonl      # Raw scraped posts
├── linkedin.jsonl      # Raw scraped jobs
├── hh.jsonl           # Raw vacancies
└── ranked/
    ├── ranked.jsonl   # All jobs with scores
    └── report.md      # Top-N markdown report

Results & Benefits

Efficiency Gains

Manual Search:
├── Telegram: ~30 min/day reading channels
├── LinkedIn: ~45 min/day browsing + filtering
├── HH.ru: ~20 min/day
└── Total: ~95 min/day

Automated Pipeline:
├── Scraping: ~5 min (background)
├── Ranking: ~10 min (batch AI)
├── Review: ~10 min (top 10 only)
└── Total: ~25 min/day

Savings: 70 min/day, 70%+ reduction

Privacy Benefits

  • No job data sent to cloud APIs
  • CV stays local
  • LinkedIn profile not exposed to third-party services
  • Full control over data retention

Architecture Decisions

  • Ollama batch mode: 10 jobs per call amortizes model-load latency
  • SQLite state DB: Simple, portable, no server needed
  • Chrome persistent profile: Maintains LinkedIn login across runs
  • Multi-profile YAML: Easy to switch between job searches
  • Confidence scoring: Filter out low-evidence matches (< 0.5)

Job Search Web Scraping AI Ranking Local LLM Automation Privacy-First