Founder · Full-Stack Developer · Cybersecurity Researcher
Software engineer running Complex Developers — a studio that ships web platforms, custom tooling, and AI-adjacent products. 34+ open-source projects across cybersecurity, AI/ML, and full-stack, including GhostLM (an 81M-parameter from-scratch decoder transformer with a 422M-token multi-domain corpus, 12 differentiation bets, GhostBench eval suite, GhostAgent runtime, and a multi-vendor HTTP server speaking OpenAI / Anthropic / Gemini / Ollama wire formats), linkdrop (a cross-platform Tauri + Rust iPhone-to-Linux companion app), and an upstream contribution to pytorch/ignite fixing numerical stability in PearsonCorrelation. Computer Science student at Moi University.
- 01Founder & lead developer at Complex Developers — shipped the company's own Next.js + Prisma + Postgres CRM from empty repo to production
- 02Upstream contributor to pytorch/ignite — Welford's algorithm fix for PearsonCorrelation numerical stability (#3741)
- 03Built and trained an 81M-parameter transformer from scratch — RoPE / SwiGLU / RMSNorm, 422M-token multi-domain corpus, 12 differentiation bets, GhostBench eval suite with Wilson CIs and McNemar paired comparisons. No `transformers` library, every layer hand-written
- 04Built ghostloop — an embodied-AI agent runtime, safety pipeline, bench harness, and post-hoc analysis layer for robotics. Production-stable in v1.0.3 across 14 releases. `pip install ghostloop` on PyPI, live HuggingFace demo, automated CI/CD with PyPI Trusted Publishing OIDC. Six backends, 12 policy gates, MCP server for every major chat client. Novel pillars no other framework ships: counterfactual replay, causal attribution, LLM-as-judge, property mining, adversarial CMA-ES fuzzing, distillation, deadline scheduler, live intervention, system-ID calibration. 359 tests
- 05Shipped linkdrop v0.7.1 — cross-platform Tauri + Rust desktop app bridging iPhone ↔ Linux with CI-built .deb/.AppImage artefacts
- 06Shipped EZCare Native to the Google Play Store — React Native + Expo SDK 54 monorepo, Better Auth + Supabase + tRPC, RN Skia + Reanimated + R3F, AI coach via Anthropic SDK, EAS Build & Submit
- 07Ship code weekly — portfolio site itself runs a live GitHub API integration and full animation system
Founder & Lead Developer
Complex Developers · Nairobi
- ▸Run the studio end-to-end: engineering, architecture, client engagements, and deployment.
- ▸Built and shipped the company's own platform — a Next.js 15 App Router site with a Prisma + PostgreSQL-backed admin CRM. Admin-flagged projects propagate to the public portfolio via Server Components and ISR, so sales artefacts stay in sync without a separate CMS.
- ▸Standardised the stack: Vercel + Supabase for deploy, JWT-auth API routes, route-group CSS isolation (public marketing / auth / admin each with their own vendor bundle), and a shared design token system so the brand feels consistent from landing page through to dashboard.
Independent Developer & Security Researcher
Self-Employed · Nairobi
- ▸Shipped 36+ open-source projects spanning cybersecurity, AI/ML, and full-stack — 190,000+ lines of code and 380+ commits across active repositories.
- ▸Contributed to pytorch/ignite (#3741) — replaced the naive sum-of-squares variance formula in PearsonCorrelation with Welford's online algorithm and a parallel distributed merge, fixing catastrophic cancellation in float32 (e.g. the metric returning 0.89 instead of 0.99 at mean=1e6).
- ▸Built GhostLM from scratch — an 81M-parameter decoder-only transformer in PyTorch (RoPE positional encoding, SwiGLU activations, RMSNorm, weight-tied embeddings, GPT-2 50K BPE extended with chat + tool-call + cite tokens). Curated a 422M-token / 768K-record multi-domain corpus across 27 sources (cybersec writeups, NVD CVEs, MITRE / CWE / OWASP, NIST SP 800, the FineWeb-Edu educational subset, open-web-math reasoning, and a 105-repo / 15-language open-source code pull). Shipped 12 differentiation bets, the GhostBench eval suite (Wilson 95% CIs + McNemar paired comparisons + Cohen's h effect sizes), GhostAgent (tool-using runtime), a multi-vendor HTTP server speaking OpenAI / Anthropic / Gemini / Ollama wire formats, and an MCP server for Claude Desktop / Cursor. 312 tests green, every collector reproducible from one CLI line.
- ▸Built ghostloop from scratch: the embodied-AI sister project that takes the GhostAgent shape (tool registry, policy gates, structured trace, paired-comparison eval) and binds it to robot motion primitives. Production-stable in v1.0.3 across 14 releases (`pip install ghostloop` on PyPI with a live HuggingFace demo and full GitHub Actions CI/CD: PyPI Trusted Publishing OIDC + auto-create release pages + auto-redeploy Space). Six backends (Mock / MuJoCo / PyBullet / Gymnasium / ROS 2 / RandomizedBackend) with a MuJoCo Menagerie loader (Franka / UR5e / Stretch / Allegro / Spot / Aloha), 12 policy gates, LLMPolicy + VLAPolicy adapters, MCP server for Claude Desktop / Cursor / Continue / Cline / Zed / Gemini CLI. The novel surface no other robotics framework ships: counterfactual trace replay, causal failure attribution, LLM-as-judge, STL temporal property mining, adversarial Episode search via CMA-ES, skill graph DAG, hindsight relabeling, energy ledger, cross-embodiment morphology registry, RGB-D fusion + lightweight object detection, VLA-on-MuJoCo benchmark vs OpenVLA / π0 / RT-2 / Octo / Diffusion Policy / ACT, production fleet dashboard (auth + rate limit + alarms + Prometheus), distillation pipeline, real-time deadline scheduler, live policy intervention (pause / resume / hot-swap / e-stop), system-identification calibration. 359 tests green.
- ▸Extended ghostloop into a three-repo family for non-coders. Shipped ghostloop-ui (Next.js 15 + React 19 + Tailwind 4 control plane live at ghostloop-ui.vercel.app, FastAPI backend hosted free on Render, three-path `/connect` onboarding designed for visitors who don't code, profile-aware gamepad mapper for drone / mobile base / quadruped / arm / humanoid, demo-mode fallback so the Vercel deploy stays interactive without a backend). Shipped ghostloop-desktop v0.2 (Tauri 2 + Rust shell wrapping the same UI as a single-file desktop app for macOS / Windows / Linux: voice control via Web Speech API, gamepad rumble triggered on safety events, native OS notifications for alarms, gilrs gamepad input that handles wired and Bluetooth controllers identically, Mode-2 flight-stick mapping for drones, sidecar Python runtime via PyInstaller, system-tray integration, global e-stop hotkey). Per-PR CI matrix on macOS / Linux / Windows is green; the cross-platform release-bundle pipeline is wired but parked behind workflow_dispatch pending a v0.2.1 architectural fix that switches the embedded UI to Next.js static export.
- ▸Shipped linkdrop v0.7.1 — a cross-platform Tauri + Rust + React desktop app that connects an iPhone to Linux / macOS / Windows for photos, files, notifications, and screen mirror. Daemon-backed pymobiledevice3 bridge, CI-built .deb and .AppImage artifacts, published as a GitHub Release.
- ▸Shipped EZCare Native to the Google Play Store — a React Native + Expo SDK 54 wellness companion app with Better Auth, Supabase backend, tRPC + TanStack Query data layer, RN Skia + Reanimated animations, React Three Fiber 3D scenes, voice / camera / haptics integrations, and Anthropic SDK for the AI wellness coach. Built and submitted via EAS Build & Submit; Bun + Turborepo monorepo with shared API / config / auth / db / env packages across native + web + server apps.
- ▸Built an AI-agent security stack: secure-mcp (MCP server with fail-closed policy gates and subprocess sandboxing), ghostguard (4-tier policy pipeline proxy with real-time dashboard and audit trail), and CyberBench (reproducible benchmark for LLMs on cybersecurity reasoning).
- ▸Shipped a defence toolkit: ghostaudit (23 CIS-based Kubernetes security checks with HTML/JSON reports), ghostforensics (memory-forensics automation with YARA scanning and STIX 2.1 IOC export), ghostsiem (SIGMA-rule-driven lightweight SIEM), securecommit (pre-commit secret-and-anti-pattern detector as hook / GitHub Action / CLI).
- ▸Developed an offensive toolkit: concurrent TCP port scanner with banner-grab, packet-level network traffic analyzer for SOC workflows, static vulnerability scanner, hash-cracking framework, MAC-address rotator, and a metadata scrubber — all Python, all production-ready CLIs.
- ▸Deployed SentinelPulse — a real-time threat intelligence dashboard with live feed ingestion and a reactive Next.js frontend on Vercel.
- ▸Built an AI coding assistant that scaffolds full-stack React / Next.js applications end-to-end from a single prompt — deployed live at ai-coding-assistant-9ufv.vercel.app.
Bachelor of Science in Computer Science
Moi University
Coursework: data structures & algorithms, operating systems, computer networks, discrete mathematics. Self-directed focus on offensive security, transformer architectures, and systems programming.
TypeScript 5, JavaScript, Python, Rust, C, Swift, SQL, Shell/Bash, HCL, HTML/CSS
Next.js 16 (App Router + Turbopack + Server Components), React 19, Tailwind CSS 4, Vite, React Router, Framer Motion, GSAP, Three.js + React Three Fiber + Drei, Zustand, TanStack Query, TipTap, Recharts / lightweight-charts, Monaco Editor
React Native, Expo SDK 54, EAS Build & Submit, Android (Google Play shipped), iOS (Apple Sign-In), Reanimated, RN Skia, React Navigation, Better Auth (Expo)
Node.js, Bun, FastAPI, Express, Flask, tRPC, Prisma, PostgreSQL, Supabase (Auth + Storage + DB), NextAuth, Better Auth, JWT, bcrypt, Zod, Stripe, Resend
From-scratch transformer architectures (RoPE + SwiGLU + RMSNorm), attention mechanics, BPE tokenization with tiktoken, MLX (Apple Silicon ML), HuggingFace Hub + Spaces (gradio app live), LanceDB (vector RAG), BGE embeddings, MCP servers (Claude Desktop / Cursor / Continue / Cline / Zed / Gemini CLI), Anthropic SDK + Claude API, Groq, AI-agent policy / sandboxing, GhostBench eval suite (Wilson CIs + McNemar + Cohen's h), counterfactual replay + causal attribution + LLM-as-judge + property mining + adversarial CMA-ES — all shipped in ghostloop
Constrained MDP + Lagrangian, Safe RL with policy gates, HER (hindsight relabeling), distillation (teacher-student for embodied policies), Gymnasium (Farama), MuJoCo, PyBullet, ROS 2 (rclpy), URDF parsing, MuJoCo Menagerie, VLA models (OpenVLA / π0 / RT-2 / Octo), Sim-to-Real via domain randomization, RGB-D fusion + lightweight object detection
Real-time deadline scheduling with rolling jitter monitoring, live policy intervention (pause / resume / hot-swap / emergency-stop without process restart), system-identification calibration, fail-closed safety pipeline (Geofence + ForceCap + ActionSmoothing + RateLimit + Cooldown + TimeWindow + HITL), STL temporal logic, signed-distance-field workspaces, mission DAG with prerequisite topology
Tauri (Rust + WebView), Electron, pymobiledevice3 (iOS bridge for Linux / macOS / Windows)
Penetration testing, vulnerability assessment, CTF competitor, network analysis, packet crafting (Scapy), DNS / OSINT (dnspython, python-whois), steganography, hash cracking (Hashcat), Nmap / Wireshark / Burp Suite / Metasploit
Memory forensics (YARA + Volatility), Sigma rules, STIX 2.1 + MISP IOC export, Kubernetes CIS auditing, AI agent sandboxing, AI model supply chain security (OWASP cheat sheet author), DOMPurify / XSS defence, secret scanning (securecommit)
Git, Linux, Docker, Kubernetes, Terraform, GitHub Actions, Turborepo, Vercel, Railway, Cloudflare, Supabase
Sentry, PostHog, Vitest, pytest, ESLint, Biome, Prettier
- ▸Independent cybersecurity research — CVE reasoning, exploit-chain analysis, and vulnerability triage assisted by LLMs
- ▸Active CTF competitor — pen-testing, reverse engineering, and steganography challenges
- ▸From-scratch LLM engineering — transformer internals, attention mechanics, LR scheduling, BPE tokenization
- ▸Open-source contributor — pytorch/ignite, AutoGPT, OWASP CheatSheetSeries
- ▸Self-directed coursework — deep learning foundations, systems programming, network security