8 projects · 9 categories · 0 self-certified
Eight flagship projects,
reviewed until clean.
A cross-category portfolio — backend, data engineering, observability, analytics, statistics, security, Android, iOS. Each one built a slice at a time, verified against live tests, then handed to an independent reviewer that kept finding real bugs until it didn't. Every project ships only after a security audit passes.
The loop
No project was self-certified. The same gate ran on all eight.
-
orchestrate
An Opus-4.8 lead owns planning, integration, and the slice ledger — and writes little code directly.
-
delegate
Self-contained slices are implemented by Sonnet agents — cheaper per token, parallelizable.
-
review
Codex reviews every slice as an independent validator. It caught real defects in all eight projects that passing tests had missed.
-
audit
Semgrep + dependency scan gate each phase. A HIGH/CRITICAL finding blocks the next step.
The work
Eight projects. Filter by category.
Why the gates earn their keep
Every one of these projects had green tests and a working demo before review. A self-certifying agent would have shipped them. The independent reviewer is the only reason the code is actually correct:
- FlagForge — an O(n), timing-leaky API-key check and an unauthenticated analytics-write path. All tests passed; the auth was broken.
- InsightFlow — cohort retention bucketed in the DB's session timezone, so "Day-1 retention" shifted around midnight. The numbers looked right.
- ExperimentLab — the statistics were numerically correct, but the validation schemas were never enforced: impossible inputs produced a negative sample size.
- ObserveKit — the verification itself was lenient, accepting a latency alert as a stand-in for the error alert. The gate couldn't fail.
- KnowFlow — full-text search was injection-safe but not parser-safe; a stray quote crashed search at runtime.
"It works" and "it's correct" are independent properties. The gate forces both.