8 projects · 9 categories · 0 self-certified

Eight flagship projects,
reviewed until clean.

A cross-category portfolio — backend, data engineering, observability, analytics, statistics, security, Android, iOS. Each one built a slice at a time, verified against live tests, then handed to an independent reviewer that kept finding real bugs until it didn't. Every project ships only after a security audit passes.

01

The loop

No project was self-certified. The same gate ran on all eight.

  1. orchestrate

    An Opus-4.8 lead owns planning, integration, and the slice ledger — and writes little code directly.

  2. delegate

    Self-contained slices are implemented by Sonnet agents — cheaper per token, parallelizable.

  3. review

    Codex reviews every slice as an independent validator. It caught real defects in all eight projects that passing tests had missed.

  4. audit

    Semgrep + dependency scan gate each phase. A HIGH/CRITICAL finding blocks the next step.

02

The work

Eight projects. Filter by category.

03

Why the gates earn their keep

Every one of these projects had green tests and a working demo before review. A self-certifying agent would have shipped them. The independent reviewer is the only reason the code is actually correct:

  • FlagForge — an O(n), timing-leaky API-key check and an unauthenticated analytics-write path. All tests passed; the auth was broken.
  • InsightFlow — cohort retention bucketed in the DB's session timezone, so "Day-1 retention" shifted around midnight. The numbers looked right.
  • ExperimentLab — the statistics were numerically correct, but the validation schemas were never enforced: impossible inputs produced a negative sample size.
  • ObserveKit — the verification itself was lenient, accepting a latency alert as a stand-in for the error alert. The gate couldn't fail.
  • KnowFlow — full-text search was injection-safe but not parser-safe; a stray quote crashed search at runtime.

"It works" and "it's correct" are independent properties. The gate forces both.