Hi, my name is
Software engineer focused on secure systems, full-stack development, and applied cybersecurity. Building tools that bridge the gap between offensive security and modern web development.
01. About Me
I'm Joe Munene, a software engineer and cybersecurity researcher based in Nairobi, Kenya. Currently pursuing Computer Science at Moi University, I specialize in building secure systems and developing tools that push the boundaries of what's possible.
My work spans across full-stack development, applied cybersecurity, and AI integration. I've built everything from penetration testing tools and vulnerability scanners to AI-powered coding assistants and SaaS dashboards.
When I'm not writing code, I'm researching emerging threats, contributing to open-source security tools, or exploring the intersection of machine learning and cybersecurity.
/ Skills & Expertise
/ Services
Four areas I take engagements in, each backed by shipped work you can poke at. I run scope, architecture, and delivery end-to-end; you get production code with auth, observability, and a handover package, not a prototype with TODOs.
Production-grade customer platforms — contacts, deals, tasks, and metrics — with auth, audit logs, and role-based access from day one.
Full-stack product builds, paywall to dashboard. Stripe billing, transactional email, analytics, error reporting, all wired and shipped.
LLM-backed features that don't melt down in production. Custom MCP servers, policy-gated tool use, audit-trail dashboards.
K8s posture audits, memory forensics, SIEM rules, and pre-commit secret scanning — production CLIs, not slide decks.
I take a small number of client engagements per quarter. Tell me what you're building.
02. Experience
03. Currently Building
Ghost-small (81M) is benched out at the 30% CTIBench / 0-2% fact-recall ceiling — confirmed empirically across 6 ghostbench bets after the v0.9.32 corpus rebuild and v0.9.33 SFT push. The honest finding: it's a parameter ceiling, not a corpus problem, so the next move is the rented-GPU ghost-base v1.0 run (~360M params, SmolLM2-360M shape) on the new 422M-token corpus. Pretrain code share moved 2.4% → 11.6% via a 105-repo / 15-language open-source code pull this release cycle. SFT corpus is now ghost-base ready: ~1,940 cybersec records across 12 differentiation bets + 1,981 code records (code SFT surpassed cybersec for the first time at v0.9.29).
Highlights — Horizontal Scroll
iPhone ↔ Linux companion app — browse photos and files, see notifications, and mirror the screen. Ubuntu's answer to Phone Link. Cross-platform desktop build (Linux/macOS/Windows) with a daemon-backed pymobiledevice3 bridge. v0.7.1 shipped with CI-built .deb/.AppImage artifacts.
AI-powered wellness companion shipped to the Google Play Store. React Native + Expo SDK 54 with Better Auth, Supabase backend (PostgreSQL + Auth + Storage), tRPC + TanStack Query data layer, RN Skia + Reanimated animations, React Three Fiber 3D scenes, expo-camera / haptics / voice integrations, and Anthropic SDK for the AI wellness coach (EZBuddy). Bun + Turborepo monorepo with shared api / auth / config / db / env packages across native, web, and server apps. Built and submitted via EAS Build & Submit.
An open-source cybersecurity language model built from scratch in PyTorch. 81M-parameter decoder-only transformer (RoPE + SwiGLU + RMSNorm) trained on a 422M-token / 768K-record multi-domain corpus: cybersec writeups, NVD CVEs, MITRE/CWE/OWASP, NIST SP 800, the FineWeb-Edu educational subset, open-web-math reasoning, and a 105-repo / 15-language open-source code pull (cpython stdlib, the Go and Rust ecosystems, the JS / TS / C / C++ / Java / Ruby families, ~42M code tokens). Ships GhostAgent (a tool-using runtime with bet-1 tool-call + bet-9 cite-tag parsing), a multi-vendor HTTP server speaking OpenAI Chat Completions / Anthropic Messages / Google Gemini / Ollama wire formats, an MCP server, and GhostBench (a packaged eval suite with Wilson 95% CIs and McNemar paired comparisons across 14 differentiation bets). 312 tests green, every collector reproducible from one CLI line.
The agent loop, embodied. A tool-using agent runtime, fail-closed safety pipeline, sim-first execution + statistically-rigorous bench harness + post-hoc analysis layer for embodied AI / robotics. Production-stable in v1.0.3 across 14 releases: `pip install ghostloop`, [live HuggingFace demo](https://huggingface.co/spaces/Ghostgim/ghostloop-demo), full GitHub Actions CI/CD with PyPI Trusted Publishing OIDC + auto-create release pages + auto-redeploy Space. Six backends (Mock / MuJoCo / PyBullet / Gymnasium / ROS 2 / RandomizedBackend), 12 policy gates, MuJoCo Menagerie loader (Franka / UR5e / Stretch / Allegro / Spot / Aloha), LLMPolicy + VLAPolicy adapters, MCP server for Claude Desktop / Cursor / Continue / Cline / Zed / Gemini CLI, bench harness with Wilson CIs + McNemar + Cohen's h + Sim2Real transfer-gap + adversarial fuzzing (random / grid / CMA-ES). Novel surface no other robotics framework ships: STL temporal properties + auto-mining, counterfactual trace replay, causal failure attribution, LLM-as-judge, skill graph DAG, hindsight relabeling, energy ledger, cross-embodiment morphology registry, RGB-D fusion + lightweight object detection, VLA-on-MuJoCo benchmark vs OpenVLA / π0 / RT-2 / Octo / Diffusion Policy / ACT, production fleet dashboard (auth + rate limit + alarms + Prometheus), distillation pipeline, real-time deadline scheduler, live policy intervention (pause / resume / hot-swap / e-stop), system-identification calibration. 359 tests green. Family includes [ghostloop-ui](https://github.com/joemunene-by/ghostloop-ui) (Next.js dashboard) and [ghostloop-desktop](https://github.com/joemunene-by/ghostloop-desktop) v0.2 (Tauri 2 native app with voice control + gamepad rumble + native notifications).
/ Code — live
Not a demo, not a gist — actual excerpts from shipped projects. Pick a sample or let it cycle.
▋04. My Work
A curated selection of projects spanning cybersecurity, AI, web development, and automation tools. Each project reflects real-world problem solving and technical depth.
iPhone ↔ Linux companion app — browse photos and files, see notifications, and mirror the screen. Ubuntu's answer to Phone Link. Cross-platform desktop build (Linux/macOS/Windows) with a daemon-backed pymobiledevice3 bridge. v0.7.1 shipped with CI-built .deb/.AppImage artifacts.
AI-powered wellness companion shipped to the Google Play Store. React Native + Expo SDK 54 with Better Auth, Supabase backend (PostgreSQL + Auth + Storage), tRPC + TanStack Query data layer, RN Skia + Reanimated animations, React Three Fiber 3D scenes, expo-camera / haptics / voice integrations, and Anthropic SDK for the AI wellness coach (EZBuddy). Bun + Turborepo monorepo with shared api / auth / config / db / env packages across native, web, and server apps. Built and submitted via EAS Build & Submit.
An open-source cybersecurity language model built from scratch in PyTorch. 81M-parameter decoder-only transformer (RoPE + SwiGLU + RMSNorm) trained on a 422M-token / 768K-record multi-domain corpus: cybersec writeups, NVD CVEs, MITRE/CWE/OWASP, NIST SP 800, the FineWeb-Edu educational subset, open-web-math reasoning, and a 105-repo / 15-language open-source code pull (cpython stdlib, the Go and Rust ecosystems, the JS / TS / C / C++ / Java / Ruby families, ~42M code tokens). Ships GhostAgent (a tool-using runtime with bet-1 tool-call + bet-9 cite-tag parsing), a multi-vendor HTTP server speaking OpenAI Chat Completions / Anthropic Messages / Google Gemini / Ollama wire formats, an MCP server, and GhostBench (a packaged eval suite with Wilson 95% CIs and McNemar paired comparisons across 14 differentiation bets). 312 tests green, every collector reproducible from one CLI line.
The agent loop, embodied. A tool-using agent runtime, fail-closed safety pipeline, sim-first execution + statistically-rigorous bench harness + post-hoc analysis layer for embodied AI / robotics. Production-stable in v1.0.3 across 14 releases: `pip install ghostloop`, [live HuggingFace demo](https://huggingface.co/spaces/Ghostgim/ghostloop-demo), full GitHub Actions CI/CD with PyPI Trusted Publishing OIDC + auto-create release pages + auto-redeploy Space. Six backends (Mock / MuJoCo / PyBullet / Gymnasium / ROS 2 / RandomizedBackend), 12 policy gates, MuJoCo Menagerie loader (Franka / UR5e / Stretch / Allegro / Spot / Aloha), LLMPolicy + VLAPolicy adapters, MCP server for Claude Desktop / Cursor / Continue / Cline / Zed / Gemini CLI, bench harness with Wilson CIs + McNemar + Cohen's h + Sim2Real transfer-gap + adversarial fuzzing (random / grid / CMA-ES). Novel surface no other robotics framework ships: STL temporal properties + auto-mining, counterfactual trace replay, causal failure attribution, LLM-as-judge, skill graph DAG, hindsight relabeling, energy ledger, cross-embodiment morphology registry, RGB-D fusion + lightweight object detection, VLA-on-MuJoCo benchmark vs OpenVLA / π0 / RT-2 / Octo / Diffusion Policy / ACT, production fleet dashboard (auth + rate limit + alarms + Prometheus), distillation pipeline, real-time deadline scheduler, live policy intervention (pause / resume / hot-swap / e-stop), system-identification calibration. 359 tests green. Family includes [ghostloop-ui](https://github.com/joemunene-by/ghostloop-ui) (Next.js dashboard) and [ghostloop-desktop](https://github.com/joemunene-by/ghostloop-desktop) v0.2 (Tauri 2 native app with voice control + gamepad rumble + native notifications).
Public web control plane for the ghostloop runtime. Next.js 15 + React 19 + Tailwind 4 dashboard talking to a `ghostloop.dashboard.create_production_app` FastAPI backend. Live at [ghostloop-ui.vercel.app](https://ghostloop-ui.vercel.app) with the backend hosted free on Render. Fleet view, alarm tray with one-click acknowledge, episode timeline from the SQLite store, Prometheus metrics broken out per-counter, profile-aware gamepad mapper that auto-picks the right control scheme for drone / mobile base / quadruped / arm / humanoid robots. Three-path `/connect` onboarding designed for non-coders: open the live demo, run ghostloop locally with one pip command, or embed in an existing robot stack. Demo-mode fallback so the Vercel deploy stays interactive even when no backend is configured (every fixture response carries an `X-Ghostloop-Demo` header so the UI shows a banner explaining the swap path). The same gamepad library powers the desktop app's Tauri shell.
Native desktop control panel for ghostloop, v0.2.0 just shipped. Tauri 2 + Rust shell wrapping the ghostloop-ui Next.js frontend as a single-file desktop app for macOS / Windows / Linux. Voice control via the embedded WebView's Web Speech API on Windows + Linux ('ghostloop, stop / land / takeoff / pause'); native whisper.cpp lands in v0.3 for macOS parity. Gamepad rumble triggered on safety events (geofence block, force-cap trip, HITL escalation, e-stop) so the operator feels denials before they see the screen. Native OS notifications for alarms (toast / banner / libnotify, severity-tagged). Profile-aware gamepad input via gilrs polling at 120 Hz: drone, mobile base, quadruped, arm, humanoid each get an auto-applied control scheme. Wired and Bluetooth-paired controllers (Xbox / PS5 / 8BitDo / Stadia) are equivalent because gilrs talks the OS HID stack directly. Sidecar Python runtime via PyInstaller serves the dashboard backend on first launch with a SQLite store at `~/.ghostloop/store.db`. System-tray integration, global e-stop hotkey. Per-PR CI matrix (rustfmt + clippy + cargo check + cargo test on macOS / Linux / Windows) is green and runs on every push; cross-platform release-bundle pipeline (DMG / MSI / AppImage / deb / NSIS) is wired to tauri-action and parked behind workflow_dispatch until v0.2.1 finishes the Tauri-with-Next.js static-export switch.
Trading intelligence SaaS — chart-event alerting and signal aggregation for retail and prop traders. Next.js + TypeScript stack with Stripe paywall, PostHog analytics, Sentry crash reporting, and Resend transactional email. Pre-launch site live at chartsentinel.com; production shipped end-to-end behind a feature flag.
The platform behind Complex Developers — public marketing site + admin CRM. Next.js 15 App Router with route-group isolation, Prisma on Postgres, JWT auth, and a portfolio page wired directly to the admin database so featured projects go live the moment they're flagged.
Production-ready CRM built with Next.js 16, React 19, TypeScript, Prisma, PostgreSQL, and NextAuth. Contact + company management, visual deals pipeline (Lead → Qualified → Proposal → Negotiation → Closed), task management with priorities and due dates, activity logging for calls / emails / meetings, and a metrics dashboard. Drop-in starter for client engagements.
/ Project Graph
Every repo, plotted. Lines connect projects that share topics or a primary language — a live map of how the work relates. Hover a node to trace its neighbors; click to open.
/ Activity
05. Thoughts & Writing
A deep dive into building a professional-grade domain intelligence tool that mirrors real security team workflows for DNS reconnaissance and threat investigation.
What building three different network security tools taught me about packet analysis, vulnerability assessment, and the reality of enterprise SOC operations.
06. What's Next?
I'm always open to discussing new projects, cybersecurity research collaborations, or opportunities to contribute to your team. Whether you have a question or just want to say hello, my inbox is always open.