I turn difficult problemsinto working software.
27 years across the full stack. I build production AI on user-delegated auth, so every tool honors what each user is already allowed to see. Blank editor to shipped product, brand and design included.
// 27 years · startups to enterprises · full-stack to infrastructure
What I do
Most consultants specialize in one of these. I do all of them, and they compound.
Production AI systems, not proofs of concept. RAG pipelines, per-user vector stores, and grounded agents built on user-delegated auth, so every tool sees only what each user is allowed to see.
const docs = await retriever.search(
q, { auth: user.delegatedToken },
); // only what this user can readGCP and AWS at scale. I design and build the infrastructure that your products run on, from Terraform to Kubernetes to cost optimization.
$ gcloud run deploy api \
--region=us-central1 \
--min-instances=0End-to-end product development. Web applications, native macOS and iOS apps, APIs, databases. I ship the whole thing, not just a slice.
@Controller('billing')
export class BillingController {
@Post() create(@Body() dto: Dto) {}
}Why user-delegated auth
Most AI rollouts stall on the same question: what happens when the model can read more than the person asking it? The standard answer is a service account with broad access and a policy document promising restraint. That answer fails security review, and it should.
I build AI tools the other way. Every retrieval runs on the requesting user's own credentials, so a tool can only read what that user could already open. Email, calendars, SharePoint, Slack: the permissions your organization spent years setting up keep working. Nothing new to audit, no shadow copy of your data with its own rules.
That is the difference between AI your org demos and AI your org deploys.
Try it. Same question, asked by three different people:
“What did the Q3 board deck say about the hiring plan?”
what the AI is allowed to read
the answer they get
Slide 14 approves twelve Q4 hires. The email thread and #finance both flag the engineering backfills as the first priority.
Every AI tool I ship works this way.
Projects
Shipped through Pixel Guild.
Relay
relay.pixelguild.compaid app · Mac App StoreA fast, native REST client for macOS
SwiftUI for developers tired of bloated API tools. Collections, code generation, iCloud sync, Keychain-secured secrets. One price, no subscription.
Loom
loom.pixelguild.comSession intelligence for Claude Code
Persistent memory across development sessions. Log decisions, intelligently archive context, and search patterns throughout your projects. Claude Code never forgets.
Gammy
gammy.pixelguild.comYour gcloud identity, one click away
A menubar app that eliminates repetitive gcloud terminal commands. Switch between GCP projects, manage multiple accounts, and enable service account impersonation with a single click.
StudySpark
studyspark.ioWeb-based flashcard study app
Built and operated solo: the product, the infrastructure, and the growth funnel. Spaced repetition study tools that run in the browser.
Writing
Field notes on architecture, AI, and building software that lasts.
Follow the work
One field note per month on architecture and shipping. No drip campaigns, no AI hot takes.