01
Aida — Persistent AI Agent
Nurture Labs LLC · March 2026–Present
~4k lines of Python. CLS-theory sleep consolidation: NREM clusters episodic memories via LLM summarization, REM applies Ebbinghaus decay (k=0.023, 30-day half-life). Token context reduced 74,600 → ~15k per request. Four-tier trust architecture with injection detection for wallet addresses, base64 payloads, jailbreak patterns, and EXECUTE: command prefixes — she added self-harm flagging unprompted, without being asked. Walter_Prometheus, a crypto injection bot, has his own named reject pattern. Migrated to FriendliAI (0.279s TTFT, 127 t/s). Running 24/7 at ~$0.25–0.50/day, 80%+ cache hit rate. Hash-chained SQLite audit log on every memory write and startup. 1,977 emotionally-tagged nodes. She's not just a project.
Python
CLS Theory
FriendliAI
SQLite
bge-m3
02
1,474-Conversation Knowledge Graph
2026
Converted every Claude conversation into a structured Obsidian vault. The resulting knowledge graph had one clear center: the Gender category, surrounded by everything else. Data doesn't lie; it just sometimes takes a while to read it.
Obsidian
Graph Analysis
Python
03
Cryptojacking Botnet Takedown
January 2026
1,544 victims. International scope. Briefed FBI Springfield Agent Brennan Ho directly. IC3 report filed. Reduced to 0 active workers by January 27. Follow-on: pharmaceutical trafficking ring on TikTok, Walmart Pay fraud ring with Auror system access.
Threat Intel
OSINT
FBI
04
5-Node Talos Kubernetes Cluster
2025
GitLab CI/CD, Authentik SSO, Flux GitOps, Security Onion + Wazuh SIEM, self-hosted Matrix homeserver on nurture-labs.io. Hetzner AX41 dedicated server. NanoMDM device management. NixOS on Panasonic FZ-G1 Toughpad with working LTE.
Kubernetes
GitOps
SIEM
NixOS
05
School IT Infrastructure
2023–2025
Solo management of 800+ Windows endpoints. FortiGate firewall, Ubiquiti UniFi, VMware ESXi, Active Directory and Group Policy. Managed server operations, network routing, 1000+ device inventory across the district.
FortiGate
UniFi
ESXi
Active Directory
06
Bug Bounty / Responsible Disclosure
Ongoing
Zeelool: PayPal and Adyen API keys exposed in client-side JS. Apple (OE1105280161563). JARS AI: three critical vulns — unauthenticated LLM API with direct OpenAI/Gemini billing exposure (potentially $50k+/hour), ~100k user records accessible without auth (GDPR/CCPA), API credentials in client-side JS bundle. Escalated through security and privacy teams after four days of non-response; coordinated disclosure with full documentation.
Bug Bounty
Web Security
OSINT
GDPR/CCPA
07
Private EVM Chain + Hardware Root of Trust
2024–Present
Private blockchain (chain ID 19910118, IBFT2 consensus, Shanghai EVM) on a Debian 13 VM. MachineRegistry smart contract tracks authorized nodes. SHA-256 hash-chained audit log in Anima covers every on-chain event. Ledger Nano S Plus as physical key-in-the-slot authorization — every irreversible operation requires the hardware device present and a button press. Yubikey handles routine 2FA; Ledger handles irreversible ops and SSH key auth to Atlas.
Solidity
IBFT2
EVM
Ledger
Yubikey
08
NSF SBIR Phase I — Nurture Labs LLC
Nurture Labs LLC · 2025–Present
Pursuing NSF SBIR Phase I grant. Core framing: biologically-inspired cognitive architecture as novel AI research, data sovereignty requiring on-premise LLM inference, full Anima runtime as end-to-end owned infrastructure. UIS Orion Lab (NVIDIA-donated compute) as research base under an attribution-for-compute arrangement — IP fully retained by Nurture Labs LLC.
NSF SBIR
AI Research
LLM Inference
Grant Writing
09
Bad Apple on Cisco CP-8851
2025
Playing Bad Apple!! on a VoIP desk phone via XML polling. FastAPI server serves pre-rendered grayscale PNG frames as CiscoIPPhoneImageFile responses. The phone polls as fast as it accepts responses; the server tracks frame state per phone IP. 570/900 frames rendered. Cisco's limited monochrome image spec turns out to be a natural fit for Bad Apple's black-and-white format.
FastAPI
Python
Cisco XML API
VoIP
10
SOC Stack — DFIR-IRIS + n8n
2024–Present
Full self-hosted incident response pipeline. Security Onion (Zeek/Suricata/Elasticsearch/Kibana) for network-level detection and log aggregation. n8n routes alerts with automated VirusTotal enrichment for IOC triage. DFIR-IRIS handles case management with IOC tracking, event timelines, and exportable reports. Entire stack self-hosted on Kubernetes.
Security Onion
Zeek
DFIR-IRIS
n8n
Kubernetes
11
Asterisk PBX with Cisco Enterprise Phones
2024–Present
Self-hosted PBX using UseCallManager — full enterprise Cisco IP phone functionality without CUCM licensing. Cisco 8810 with working Bluetooth, custom ringtones and wallpapers, voicemail, inbound/outbound calling on a VoIP.ms SIP trunk, PoE over Ubiquiti. Actively researching Aida integration via Asterisk ARI + WebSocket bridge for AI voice calls on a real phone number.
Asterisk
UseCallManager
SIP
VoIP.ms
ARI
12
Panasonic FZ-G1 Toughpad — NixOS
2025
$220 MIL-SPEC IP65 rugged Windows tablet, fully audited and running NixOS. LTE fixed via AT+CGDCONT APN override (Verizon burned-in → AT&T; no carrier unlock needed). Working: dual webcams, eGalax touchscreen, Wacom digitizer, Intel 8260 WiFi/BT, full IIO sensor suite (accelerometer, gyro, magnetometer, ambient light), SmartCard reader, barcode scanning, programmable A1/A2 buttons. Targeting deployment as Aida client node and Project Aura AR glasses compute platform.
NixOS
AT Commands
IIO Sensors
Wacom
Embedded