Three systems built from scratch, in production, with benchmarks. No toy projects.
A sovereign, post-quantum encrypted private RAG engine for law firms and regulated enterprises. Fully air-gapped — no OpenAI, no cloud APIs, no data egress. Every document encrypted at rest with ML-KEM-768 key encapsulation. Every access event signed with ML-DSA-65. Built entirely in Rust across 8 purpose-built crates.
PDF extraction (native + OCR) → legal-aware chunking at ARTICLE/SECTION boundaries → CUDA embeddings → hybrid HNSW+BM25 search → local LLM generation
AES-256-GCM document shards. ML-KEM-768 (Kyber) key encapsulation. ML-DSA-65 signed, append-only audit chain. NIST FIPS 203/204.
150-document mixed-format legal corpus. 20/20 queries with verbatim source citations. Zero hallucinations without explicit flagging. 1.7s average end-to-end.
8 Rust crates: ra-rag, ra-gateway, ra-vault, ra-crypto, ra-audit, ra-ingest, ra-ui, ra-fabric. Leptos WASM frontend. Zero Python.
A sovereign masterless alternative to Kubernetes for web development teams. No etcd. No Helm. No YAML manifests. No platform engineer required to operate it. 5 MB binary vs 600+ MB for Kubernetes. Every command authenticated with ML-DSA-65 post-quantum signatures — no unsigned instruction accepted. Built in C23.
No leader election, no single point of failure. Any node can coordinate. Mesh survives the loss of any peer. No consensus protocol overhead.
Every command propagation signed with ML-DSA-65 on transmission, verified on receipt. No unsigned instruction accepted by any node. Ever.
Deploys native binaries, WASM, and full VM workloads directly. No Docker daemon, no container runtime, no image pull delays at startup.
5 MB control plane. Kubernetes requires 600+ MB plus etcd, CoreDNS, kube-proxy, API server, controller manager, scheduler. skr8tr is one binary.
When your team says the data is too big for a single machine, I benchmark it first. 172 million rows per second — 167 million NYC Yellow Cab records, 48 Parquet files, 5 business queries, 971ms wall time. No cluster. No JVM. No Spark. Also authored a DuckDB C++ extension implementing ML-KEM-768 and ML-DSA-65 directly callable from SQL — every deliverable cryptographically signed.
167M NYC Yellow Cab records. 48 Parquet files. 5 complex business queries. 971ms wall time. Single workstation. No cluster, no JVM, no Spark.
DuckDB C++ extension implementing ML-KEM-768 and ML-DSA-65 via liboqs 0.15.0 — callable directly from SQL. Every deliverable ML-DSA signed.
Spark/Databricks → DuckDB migrations with verified before/after benchmarks. 5–25× performance gains. 80%+ cost reduction. Signed deliverables.
Built HazyNet: multi-node Apache Spark 3.5 cluster in pure functional Scala to deeply benchmark distributed vs. single-node DuckDB at scale.