The Lab
Open-Source Security & AI Tools
Tools I build and use in real client work. Open-sourced because the problems they solve aren't unique to one engagement.
AI Infrastructure
Cost, capability, and orchestration for production AI workloads.
ProjectLodestar
Multi-LLM router that picks the right model for each request.
Production AI workloads waste 60–90% on the wrong model. Lodestar routes by task profile, model performance, and price. Used in client deployments to bring inference cost down without giving up capability.
Control Tower
GitHub-native control plane for AI-assisted projects.
Most AI orchestration tools want you to adopt yet another dashboard. Control Tower uses GitHub itself — issues, branches, actions — as the substrate. Zero new tooling, full audit trail, version-controlled workflow.
Governance & Audit
Audit trail, decision logging, and compliance evidence built into the runtime.
SentinelForge
Governance, audit, and observability for AI agent execution.
EU AI Act, NIST AI RMF, ISO 42001 — the frameworks all converge on the same evidence: who decided what, when, and on what input. SentinelForge captures that automatically. Built before regulators required it; useful regardless of which framework lands on you next.
Security Tooling
Field-ready assessment kit for constrained environments.
KYNEĒ
Portable, AI-assisted security assessment platform.
Built for environments where you can't install agents, can't bring a laptop, and can't leave artifacts. Runs from USB, performs structured assessment against a defined control set, and packages findings on the way out.
Adjacent
Where the patterns get prototyped before they show up in client work.
Zebra Ecosystem
Infrastructure-as-code for the home lab.
Enterprise practices shouldn't stop at the office door. Zebra applies the same automation, observability, and access controls to homelab infrastructure that you'd expect at scale. Where I prototype most of what eventually ends up in client work.
Want to apply this to your business?
These tools sit underneath the engagements I run. If your AI or security stack would benefit from any of the above, the work is described on the services page.