Alex LaGuardia
AI / Backend Engineer
I ship production systems by directing a fleet of AI agents
01.About Me
I'm a self-taught software engineer who found his way into code through pure curiosity and a refusal to accept “that's not possible.” What started as tinkering became an obsession with building, not just websites but complete systems that solve real problems.
Today I work across the full stack and then some: Python backends with FastAPI, React frontends with Next.js, a multi-strategy trading system with institutional-style risk controls (paper-traded), a game engine written from scratch in Rust, and AI systems that route thoughts to different language models based on complexity. I don't just use tools. I build them.
My philosophy is simple: ship things that work, then make them better. I believe in craftsman's pride: doing it right the first time, owning the full problem, and never hiding behind “that's not my layer.”
When I'm not building, I'm probably sketching out the next system in my head. I think in architectures, not features.
2026: A Year of Shipping
Eleven projects and five distributed packages, built and shipped in a single year.
Early 2026
Built the core ecosystem
Guardia Content (AI SaaS platform), Guardia MCP (95+ tool server), Akatskii (cognitive AI layer with multi-LLM routing), and Paradise (multi-strategy trading system). The foundation everything else grew from.
Spring 2026
Shipped & distributed standalone products
Vigil (agent observability, open-source on PyPI + hosted SaaS), Critik (AI code security scanner, PyPI + VS Code Marketplace), Stampwerk (freelancer business tool), and Supra (3D FPS engine from scratch in Rust).
Mid 2026
Distribution at scale & client work
The MCP Server Suite (262 tools across four PyPI packages), plus Scionbee, an operations and compliance platform built for a commercial greenhouse.
02.What I've Built
Governed MCP Server with Live Evals & Tracing
Warden
An AI agent answering questions over enterprise data through a governed Model Context Protocol server. RBAC is enforced outside the model, every run emits OpenTelemetry traces, and an LLM-as-judge eval suite proves the agent stays inside policy. Live public console at warden.alexlaguardia.dev: fire a real agent run, replay its trace, and watch the same question return different answers per role.
- ▸Live click-to-use demo: real Claude agent runs through the governed server, traced end to end
- ▸12/12 eval cases passing: accuracy, faithfulness, RBAC compliance, and honesty-on-denial, judged by a stronger model anchored to a deterministic oracle
- ▸3 governance primitives (resource access, region row-scoping, field redaction) in one policy choke point the model cannot bypass
The problem
Give an AI agent tool access to company data and you inherit two hard questions: who is the agent acting as, and how do you know it behaved? A support agent asking about pipeline numbers must not get an answer the human is not allowed to see, and “it seemed fine in testing” is not something you can take to a security review. Warden is a complete, readable answer to both.
Governance outside the model
The role comes from the session identity, like OAuth token scopes, and every read passes through a single GovernedStore choke point that applies resource-level access, region row-scoping, and field redaction. The model cannot widen its own access by prompting harder. The MCP server exposes four registry/dispatch tools instead of one tool per table, so adding a data source changes the registry, not the tool surface. When policy denies access, tools return a structured access_denied object and the agent is expected to report the limit honestly.
Evals that prove it
A deterministic oracle computes ground truth through the same governance layer, so a correctly-denied answer scores as a pass instead of a miss. Claude Opus judges Claude Sonnet's answers anchored to that reference, cutting self-preference bias, and scores each run on accuracy, faithfulness to retrieved data, RBAC compliance, and honesty about limits. The 12-case golden set covers every governance primitive: 12/12 passing.
Traces and the live console
Every run emits real OpenTelemetry spans with GenAI semantic attributes: a root agent span over each LLM completion and MCP tool call, captured by a custom in-process span processor and persisted to SQLite. The Next.js console replays them on a Gantt timeline, shows tool inputs and outputs with the enforcing role stamped on every result, and includes a side-by-side diff page where the same question is answered as admin, sales, and support. The public live-run endpoint is rate-limited per IP with a global daily budget.
Cognitive Infrastructure for AI Agents
Vigil
An open-source Python library and hosted cloud platform that gives AI agents persistent awareness, coordinated signals, session handoff, and a knowledge base. Open-source core on PyPI, hosted tier at app.vigil-agent.com with GitHub OAuth, Stripe billing, and per-tenant isolation.
- ▸8,400+ lines, 311 tests, 4 PyPI releases, open-source core + hosted cloud tier
- ▸v2.2 Cloud: multi-tenant API, GitHub OAuth, Stripe billing ($29/$79/$199), MCPWatch observability, dashboard
- ▸3 transport modes, embedded dashboard, event triggers, signal compaction, session handoff chains
The problem
AI agents today are stateless. Every session starts from zero, no awareness of what happened last time, no memory of decisions, no understanding of what’s active right now. I built a production system that solved this across 6 different interfaces and 95+ tools. Vigil extracts those patterns into a standalone library anyone can use, and a hosted platform for teams that don’t want to run their own infrastructure.
Open-source core
Vigil ships as a complete cognitive layer. Signals let agents emit structured observations with type-based content budgets. An awareness daemon compiles signals into hot context every 90 seconds. Session handoff chains give agents structured continuity. A knowledge base stores persistent facts that survive signal compaction. Event triggers fire actions when patterns match incoming signals. Everything stores in a single SQLite file with zero external dependencies. pip install vigil-agent and you’re running in 30 seconds.
Hosted cloud tier
The v2.0 hosted platform at app.vigil-agent.com adds multi-tenancy on top of the open-source core. GitHub OAuth for login, per-tenant SQLite isolation with LRU-cached connections, API key auth with hashed storage, usage metering, and Stripe billing for Pro/Team/Enterprise tiers. Each tenant gets their own isolated Vigil instance, same awareness daemon, same signal protocol, zero infrastructure to manage. Built the entire hosted backend (1,295 lines across 11 files) in a single session.
Three ways to connect
The MCP server exposes 15 tools over stdio or SSE, connect from Claude Code, Claude Desktop, or Cursor with one line of config. The REST API adds 25 endpoints with Bearer auth and an SSE event stream for real-time signal feeds. The embedded dashboard gives a live web view of awareness state, agents, signals, handoffs, and frames. All three share the same database, so a signal emitted via MCP shows up in the dashboard instantly. A Python SDK (vigil-client) wraps the REST API with 20+ methods for programmatic access.
AI Code Security Scanner
Critik
An open-source, two-pass code security scanner built for the vibe-coding era. First pass uses regex and AST to catch patterns. Second pass runs an AI review with full file context to filter false positives and catch logic-level vulnerabilities. Zero config, one command.
- ▸Two-pass architecture: regex + AST first, then AI review with full file context
- ▸VS Code extension with inline diagnostics, GitHub Action for CI/CD, pre-commit hook
- ▸4,400 lines, 138 tests, custom YAML rules, watch mode, baseline support
The problem
53% of AI-generated code has security vulnerabilities. Copilot autocompletes SQL injections. Cursor pastes API keys into public files. 35 new CVEs in March 2026 alone from AI-assisted code. Snyk charges $25+/mo. GitHub CodeQL only works on public repos. The indie developer security gap is wide open.
Two-pass scanning
Pattern matching alone has too many false positives. AI alone hallucinates findings. Combining them gets accurate results on cheap infrastructure. Pass one runs regex patterns and Tree-sitter AST parsing to catch hardcoded secrets, SQL injection sinks, XSS vectors, and command injection patterns. Pass two sends flagged files to an LLM (Llama 3.3 70B via Groq) with full file context to confirm, reclassify, or dismiss each finding. The AI sees the whole file, not just the matching line.
Ship everywhere
pip install critik && critik scan. That is the entire setup. The VS Code extension shows findings as inline diagnostics with severity levels and fix suggestions. The GitHub Action runs on every PR. The pre-commit hook catches issues before they reach the repo. Custom YAML rules let teams add their own patterns. Watch mode re-scans on file save. Baseline support lets you mark existing findings as accepted and only flag new ones.
Published Shopify App for Perishable Inventory Tracking
BatchTrack
A Shopify app that tracks product batches and expiry dates for merchants who sell perishables, with threshold alerts and a daily email digest of what is expiring. Reviewed and approved by Shopify, live and installable on the Shopify App Store with managed billing, OAuth, and GDPR compliance webhooks.
- ▸Passed Shopify's app review (auth, HMAC, GDPR webhooks, TLS, billing) and published to the App Store
- ▸Shopify managed pricing: free tier (up to 10 tracked products) + $9.99/mo Unlimited with a 14-day trial
- ▸Embedded admin in Polaris, daily expiry digest via email, self-hosted under PM2 behind a Cloudflare tunnel
The problem
Merchants selling perishables, food, cosmetics, supplements, anything with a shelf life, have no native way in Shopify to track which batches expire when. They find out when a customer complains or when stock is already dead. BatchTrack adds a batch-and-expiry layer on top of their existing catalog: log a batch against a product variant, set the expiry, and get warned before it lapses.
Built on Shopify's real surface
BatchTrack is a full embedded Shopify app, not a mockup. It uses the Shopify App Remix template with OAuth install, App Bridge, and a Polaris UI that renders inside the merchant's admin. Sessions and batch data persist in SQLite via Prisma. It implements the mandatory GDPR compliance webhooks (customer data request, customer redact, shop redact) that Shopify requires before an app can be listed.
Billing the Shopify way
Pricing runs through Shopify Managed Pricing: a free tier capped at ten tracked products and a $9.99/mo Unlimited plan with a 14-day trial, all hosted on Shopify's own pricing page so merchants subscribe without ever leaving the admin. Feature gating reads the merchant's live subscription state to enforce the free-tier cap. Getting this past review meant matching the in-app plan handles to the Partner Dashboard exactly and routing upgrades to the hosted page instead of the Billing API.
Shipped and reviewed
The app passed Shopify's full automated and human review, authentication, redirect handling, HMAC verification, compliance webhooks, TLS, and billing, and is published on the Shopify App Store. It runs self-hosted under PM2 behind a Cloudflare tunnel, with a daily cron that emails each merchant a digest of expiring batches. It is early (no install base yet), but it is a real, externally-reviewed product on a major marketplace.
Greenhouse Operations & Compliance Platform
Scionbee
A mobile-first operations app built for a commercial greenhouse crew: bay-level crop tracking, feed/irrigation/spray logging, pesticide re-entry (WPS) compliance, and shrink-loss ROI analytics. Bilingual (English/Spanish), offline-first for the field, with a grounded AI assistant that answers from real site data.
- ▸Company → Site → House → Bay → Crop model with role-based PIN auth (worker/manager) and full en/es localization
- ▸WPS pesticide compliance: tank-mix spray records, binding re-entry interval (longest REI in the mix), PA applicator-record PDF, 2-year retention
- ▸Shrink ROI dashboard, 2-tap loss capture turns crop losses into live dollars-lost analytics for managers
- ▸Offline-first queue that syncs when back online; the Bee, a grounded AI assistant that answers only from site data and cites its sources
The problem
Greenhouses run on paper and memory. Crews hand-water hundreds of bays, log sprays on clipboards, and lose entire trays when a watering gets skipped or a re-entry interval is misjudged. The data that proves loss, and the safety rules that prevent it, live in someone’s head. I built Scionbee for a real commercial greenhouse to put crop tracking, chemical compliance, and loss accounting into one phone-friendly app that a Spanish-speaking field crew can actually use.
Built for the field
Everything is mobile-first and offline-first: workers log placements, waterings, and sprays from the greenhouse floor, and the app queues submissions to sync when signal returns. Auth is a per-area PIN with a profile picker, so a shared device still attributes each action to the right person. The entire interface is localized in English and Spanish because the crew is. The data model mirrors the physical world (Company, Site, House, Bay, Crop), so a manager and a worker are always talking about the same place.
Compliance done right
Pesticide application is regulated under the federal Worker Protection Standard. Scionbee records each application as a tank mix of one or more products, each with its own rate and amount, and computes the binding re-entry interval as the longest REI across the mix, the legally correct rule, not a guess. Restricted-entry windows drive a lockout badge on every affected bay, applications generate a PA Private Applicator Record as a PDF, and a query layer enforces the 2-year retention requirement. Getting REI wrong sends a worker into a treated bay too early; the system is designed so that can’t happen by accident.
Turning loss into dollars
The standout feature is shrink. When a crop is pulled, a worker marks it lost in two taps; placement quantity and per-variety wholesale price turn that into a real dollar figure. Managers get a dashboard showing dollars lost, loss by cause and by crop, and honesty-coverage so the number is trustworthy. It reframes a vague gut feeling (“we lose a lot to neglect”) into a measured P&L line a grower can act on, the capture step at the worker level is what makes the ROI real over a season.
The Bee: grounded AI assistant
A worker can ask the Bee plain questions, “what’s growing in JW5?”, “is this bay safe to enter?”, “what do I spray for powdery mildew?”, in English or Spanish. The retriever pulls only site-scoped facts (bay contents, feed recipes, REI status, spray history, a recommendation guide), tags each with its source, and the model is hard-constrained to answer only from those facts and cite them, or say it doesn’t know. It is retrieval-grounded by design, so it never invents safety or recipe data.
AI Freelancer Business Tool
Stampwerk
A $12/mo HoneyBook alternative built after three freelancer tools died in two months. AI writes proposals from 5 questions, contracts auto-generate from accepted proposals, invoices chase themselves with a 3-step follow-up daemon.
- ▸AI proposals powered by Llama 3.3 70B, answer 5 questions, get a structured proposal in 2 minutes
- ▸Connected flow: proposal → contract → invoice → automated follow-up, no manual steps
- ▸3-step AI follow-up daemon sends escalating reminders so you never chase clients
The displacement event
HoneyBook hiked prices 89% in 2025 and the loyalty discount expired Feb 2026. AND.CO shut down March 1, 2026. Bonsai got acquired by Zoom. Three displacement events in sixty days. I was paying $29/mo for HoneyBook and using two features: proposals and invoice reminders. Stampwerk does the 80% that matters at $12/mo flat.
AI that actually works
Most freelancer tools bolt on AI as template-fill. Stampwerk uses Groq with Llama 3.3 70B to generate real proposals from five inputs: client name, project type, scope, timeline, and budget. The output is a structured document with scope, deliverables, pricing, and timeline. Not a form letter. When a client accepts, a contract auto-generates with the proposal terms. One-click e-signature. Signed contracts trigger milestone invoices through Stripe.
The daemon
The follow-up daemon is the feature nobody else has. Most tools make you manually hit send reminder. Stampwerk sends a friendly nudge at 3 days overdue, a firmer reminder at 7, and a final notice at 14. Configurable per client. The daemon runs on an hourly cycle, checking all outstanding invoices and sending the appropriate escalation. You do the work. The software chases the money.
3D Game Engine in Rust
Supra Engine
A custom 3D FPS game engine built from scratch in Rust. Features a hand-rolled Entity Component System, wgpu-based rendering, rapier3d physics, and a full movement state machine inspired by Apex Legends. Designed for multiplayer from day one.
- ▸85K+ lines of Rust across 8 crates (render, physics, ECS, input, assets, scripting)
- ▸Movement system: walk, sprint, slide, wall-run, wall-bounce, bunny hop, mantle
- ▸"Rust for the engine, Lua for the game", clean separation of systems and gameplay
Why build from scratch?
Every game engine makes tradeoffs that become your constraints. I wanted to understand the render pipeline at the metal level, how frames get to the screen, how physics ticks sync with render ticks, how an ECS actually works under the hood. Building from scratch means owning every decision and every line. When something breaks at 3am, there’s no mystery.
The movement system
Movement is the most important system in an FPS. If it doesn’t feel right in the first 10 seconds, players leave. Supra’s movement is a velocity-driven state machine: walk, sprint, slide, jump, air-strafe, bunny hop, wall-run, wall-bounce, and mantle. Each state defines its own physics, slide has friction decay, wall-run has gravity reduction and a timer, bunny hop preserves momentum on frame-perfect jumps. The goal was a parkour playground that’s fun with zero objectives.
Architecture
8 Rust crates organized as a workspace: core, window (winit), render (wgpu pipeline), input, ECS (custom archetype-based), assets (async loading), physics (rapier3d), and script (Lua). Every component is serializable and physics is deterministic, designed for multiplayer from day one. The philosophy: Rust for the engine, Lua for the game. A scripting layer lets gameplay logic iterate without recompiling the engine.
Multi-Strategy Trading System
Paradise
An autonomous trading intelligence platform running four independent strategies across forex, stocks, and prediction markets. Features institutional-grade risk management with a three-layer oversight system.
- ▸4 strategies (position trading, scalping, prediction markets, funding rate arbitrage)
- ▸3-layer risk system: signal quality gate, portfolio risk management, discipline enforcement
- ▸Thesis-driven investment pipeline with automated research cycles
Four cats, four personalities
Each strategy operates independently with its own thesis, timeframe, and risk parameters. Lion is patient, weekly and daily charts, position trading, thesis-driven entries. Cheetah is fast, M5 timeframe, London session scalping. Tiger scans Polymarket for prediction market opportunities. Jaguar runs funding rate arbitrage: long spot, short perpetual, delta-neutral, collecting the spread across three exchanges. They don’t coordinate. They don’t need to.
The birds
Risk oversight runs in three layers. The signal quality gate filters entries before they reach execution, bad thesis, bad risk/reward, no trade. Hawk monitors portfolio-level risk in real-time: position sizing, correlation, exposure limits. Eagle enforces discipline: no revenge trading, no overtrading, mandatory cooldowns after losses. The system protects capital from the most dangerous risk factor in trading, the trader.
Paper to production
Everything runs in paper trading mode through OANDA and Alpaca. The discipline of treating paper money like real money is the point, same position sizes, same rules, same journaling. Every position has a documented thesis, automated research refreshes, and clear invalidation criteria. When the track record proves out across market conditions, real capital follows.
AI-Powered SaaS Platform
Guardia Content
A social media automation platform built end-to-end for client billing, with public launch pending Meta platform approval. Content flows through an AI pipeline, styling, caption generation, quality control, scheduling, and publishing, all orchestrated by named AI agents with isolated worker processes.
- ▸Full content automation: upload to published post with zero manual steps
- ▸Multi-agent architecture: Artemis (style), Mercury (captions), Argus (QC)
- ▸Production SaaS with Stripe billing, OAuth, and custom domain support
The pipeline
Content enters as a raw upload and flows through a chain of AI agents, each with a single responsibility. Artemis handles visual styling via Replicate SDXL, transforming images to match a client’s brand aesthetic. Mercury generates captions using Groq’s Llama 3.3 70B, fast, cheap, and surprisingly good at matching brand voice. Argus runs quality control, scoring each piece before it’s allowed to publish. Everything runs as isolated PM2 workers, so a failure in styling doesn’t block caption generation.
Real users, real constraints
This isn’t a toy, it’s built to process content for clients on a recurring schedule, and that shaped every decision. Error recovery has to be graceful. The scheduling system handles timezone-aware posting windows. Stripe handles billing with tiered plans and add-on services. Custom domain support lets clients serve their content hub on their own domain via Cloudflare for SaaS. The platform is complete and deployed; public launch is gated on Meta’s app-review approval for the Instagram and Facebook publishing scopes.
Infrastructure
Python/FastAPI backend with 48 concurrent PM2 services on a single VPS, Next.js frontend, 7 SQLite databases, and Cloudflare tunnel for zero-port-exposure hosting. The whole thing runs on an 8GB Hetzner box. Resource discipline matters when you’re not throwing money at infrastructure.
Cognitive AI Architecture
Akatskii
A multi-LLM cognitive layer that routes thoughts to different language models based on complexity, fast pattern matching to Groq, deep reasoning to Claude, vision to Gemini. Features semantic memory with vector embeddings and an agentic tool loop.
- ▸Thought routing: complexity-based LLM selection optimizing cost and latency
- ▸Semantic memory with cosine similarity search and hybrid recall
- ▸Context compaction: extracts facts, drops noise, creates continuity across sessions
The routing problem
Different tasks need different LLMs. A quick status check shouldn’t cost the same as deep architectural reasoning. The thought router analyzes incoming requests and selects the optimal model: fast pattern matching to Groq (Llama 3.3 70B), complex reasoning to Claude, vision tasks to Gemini. The router considers complexity, required capabilities, cost, and latency. Most requests resolve on the cheapest model. The ones that need more get it automatically. The routing logic was mature enough to extract into a standalone open-source library, llm-route, published on PyPI.
Memory that persists
LLMs forget everything between sessions. Akatskii doesn’t. Semantic memory uses fastembed with all-MiniLM-L6-v2, a 22MB embedding model running on ONNX Runtime, no PyTorch required. Recall is hybrid: keyword search plus cosine similarity, with a boost for memories found by both methods. Below a 0.25 similarity threshold, results are treated as noise. The result is genuine continuity across conversations.
Context compaction
As conversations grow, context windows fill with noise. The compaction layer extracts structured facts, decisions made, code written, problems identified, and drops the filler. This compressed context carries forward across sessions, giving continuity without token waste. The system also runs an agentic tool loop: think, decide on a tool, execute, observe, repeat, until the task is complete or it decides to ask for help.
Model Context Protocol Server
Guardia MCP
A custom MCP server exposing 95+ tools across business operations, trading, creative writing, and infrastructure. Features frame-based filtering, each interface sees only the tools relevant to its context.
- ▸95+ tools organized by domain with decorator-based auto-registration
- ▸Frame filtering: core (14), serberus (23), paradise (25), luna (55), all (95+)
- ▸Bridges AI assistants to every system in the stack via a single protocol
The problem with 70+ tools
When an AI assistant connects to a server with 95 tools, it drowns in schemas. Frame-based filtering solves this: each interface declares its context (trading, creative writing, system admin), and the server returns only the relevant tools. My trading interface sees trading tools. My fiction-writing interface sees lore tools. Frames only affect discovery, all tools remain callable regardless, so an interface can reach across domains when needed.
Auto-registration
Every tool is a decorated Python function. The decorator captures the function’s name, docstring, and type hints, then auto-generates the MCP schema. Adding a new tool means writing a function and dropping it in the right module. No manual schema files. No registration boilerplate. The registry handles discovery, filtering, and execution dispatch.
Bridging everything
Through a single SSE connection, an AI assistant can query databases, restart services, check trading positions, read creative lore, manage client content, and orchestrate background tasks. It turns any MCP-compatible client into an operator for the entire infrastructure. One protocol, one endpoint, every system.
Premium MCP Servers for Major Platforms
MCP Server Suite
Production-grade MCP servers for underserved SaaS platforms. Four servers exposing 53-73 tools each (262 total) with full CRUD, reports, and system diagnostics, filling gaps where 12,000+ existing servers offer 3-5 tools at most.
- ▸mcp-mailchimp: 71 tools for 12M Mailchimp users (campaigns, audiences, e-commerce, analytics, webhooks, A/B testing)
- ▸mcp-woocommerce: 73 tools for 5M+ WooCommerce stores (products, orders, refunds, reports, shipping, tax, gateways)
- ▸mcp-activecampaign: 65 tools for 185K+ ActiveCampaign users (contacts, deals, campaigns, scoring, segments, forms, goals)
- ▸mcp-freshbooks: 53 tools for 30M FreshBooks users (invoices, recurring billing, 5 report types, workflow tools) with full OAuth2
The gap
The MCP ecosystem has 12,000+ servers, but less than 5% are production-grade. Major platforms like FreshBooks (30M users), WooCommerce (5M stores), Mailchimp (12M users), and ActiveCampaign (185K businesses) had zero comprehensive MCP coverage. The best existing servers offered 3-5 tools, barely scratching the API surface. Each server in this suite covers 25-34 tools: full CRUD, reporting, and proper error handling.
Covering what competitors skip
Most MCP servers handle basic reads. These handle the full lifecycle: create invoices, process payments, manage campaigns, pull financial reports. The FreshBooks server implements full OAuth2 with automatic token refresh, a complexity barrier that keeps weekend builders out. The WooCommerce server covers 8 API categories including analytics. The Mailchimp server handles campaign creation through performance reporting. The ActiveCampaign server wraps the entire API v3 surface with built-in rate limiting and auto-retry. Every response is structured and predictable, not raw API dumps.
Distribution strategy
Each server ships simultaneously to PyPI (pip install), GitHub (MIT license, public), and MCP registries (Smithery, mcp.so). The stack is intentionally simple: Python, httpx, FastMCP. No heavy frameworks, no Docker required. Environment variable auth, stdio transport. Point it at your store or account and go.
MCP Server CLI Inspector
mcpcat
A CLI tool that connects to any MCP server and pretty-prints available tools, schemas, and lets you call them interactively. Like curl, but for the Model Context Protocol.
- ▸4 commands: tools, inspect, call, ping, everything you need to debug an MCP server
- ▸Auto-detects transport mode (streamable HTTP vs SSE), point it at a URL, it figures out the rest
- ▸~250 lines across two files. Pip-installable. Fills a tooling gap in the MCP ecosystem.
The gap
MCP is new enough that the tooling gap is wide open. When building a 70+ tool MCP server, every schema change meant reading source code or wiring up a test client to verify what was exposed. There was no curl equivalent, no way to just point at a server and see what’s there. That’s the gap mcpcat fills.
Transport detection
MCP has two transport modes: the original SSE-based flow and the newer streamable HTTP. The first version only handled SSE and hung against my own server, which uses streamable HTTP. The fix: try a plain GET first. If the server returns JSON with protocol info, it’s streamable HTTP. If not, fall back to SSE. Simple, but it took a real failure to discover the need.
Keep it small
The entire tool is about 250 lines across two files. Python, Typer for the CLI, httpx for HTTP, Rich for pretty tables. Four commands: tools, inspect, call, ping. Sometimes the most useful tools are the smallest ones.
03.Writing
Same question, three answers: building a governed MCP server
June 2026Warden is an AI agent over enterprise data with RBAC enforced outside the model, OpenTelemetry traces on every run, and an eval suite where an honest denial scores as a pass. Live public console included.
I built greenhouse software for one customer (on purpose)
May 2026No signup, no billing, no multi-tenant scaffolding. Scionbee is a phone-first PWA for one wholesale grower in Pennsylvania, the bay grid, the schedule, the Ball Seed weeks, all molded to how the crew actually works.
Three freelancer tools died in two months. I built the replacement.↗
April 2026HoneyBook hiked prices 89%. AND.CO shut down. Bonsai got acquired. Building Stampwerk, AI proposals, auto contracts, smart invoicing at $12/mo.
Give your AI agents a nervous system
March 2026How I extracted cognitive infrastructure from a 95-tool production system into Vigil, from open-source library to hosted cloud platform with multi-tenant isolation, Stripe billing, and GitHub OAuth.
I got tired of guessing what my MCP server was doing
March 2026So I built mcpcat, a CLI inspector for MCP servers. The build, the transport detection bug, and why the tooling gap exists.
33 tools for Mailchimp in one MCP server↗
March 2026Building a production-grade MCP server for Mailchimp with 33 tools covering campaigns, audiences, templates, and automations.
Managing a WooCommerce store from Claude, 34 MCP tools↗
March 202634 MCP tools for WooCommerce covering products, orders, customers, reports, and webhooks, with URL normalization and array response handling.
Zero to 33 tools: building the first MCP server for ActiveCampaign↗
March 2026The first MCP server for ActiveCampaign, contacts, deals, automations, pipelines, and campaigns with client-side rate limiting.
OAuth2, two APIs, and soft deletes, building an MCP server for FreshBooks↗
March 2026Navigating FreshBooks’ dual API surface, OAuth2 token refresh, and soft delete patterns while building a 25-tool MCP server.
How I built a cognitive AI layer that routes thoughts to the right brain↗
March 2026Building Akatskii, a multi-LLM cognitive layer that routes thoughts based on complexity, manages semantic memory, and maintains continuity across sessions.
04.Skills & Tools
Languages
- PythonExpert
- RustAdvanced
- TypeScriptProficient
- SQLProficient
- LuaIntermediate
Backend
- FastAPI
- Async Workers
- Queue Pipelines
- Daemon Architecture
- REST API Design
- OAuth2
Frontend
- Next.js 14
- React 18
- Tailwind CSS
- Framer Motion
- App Router
- Responsive Design
AI & ML
- Multi-LLM Routing
- Agentic Tool Loops
- Vector Embeddings
- RAG Systems
- MCP Protocol
- Prompt Engineering
Infrastructure
- PM2
- Cloudflare Tunnels
- SQLite
- Linux/Ubuntu
- SSH Hardening
- Automated Backups
Game Engine
- wgpu (WebGPU)
- rapier3d Physics
- Custom ECS
- State Machines
- Procedural Gen
- Lua Scripting
05. What's Next
Let's Build Something
I'm looking for full-time AI and backend engineering roles: building LLM systems, APIs, and the infrastructure that runs them. Available to start immediately. If you need an engineer who can own a problem from data model to deployment and actually ship it, let's talk.