Tools built to solve real problems. Most of it started as internal tooling for client work and got open-sourced when it proved useful.
CloudTrail for AI agents
Raw CloudTrail is too noisy for AI agents to reason over directly. TrailTool pre-aggregates events into entities (people, sessions, roles, services, resources) so you can ask questions like "What did Alex do yesterday?" and get a useful answer without blowing your context window.
Credential isolation and least privilege for AWS agents
Agents get proxy-issued fake AWS keys; the proxy re-signs every outbound request with real credentials. Because it intercepts every request, it can resolve each one to an IAM action string, generate a least-privilege policy from observed behavior, and enforce it.
SOC 2 compliance in GitHub
Pre-written SOC 2 controls, policies, and standards in Markdown with semantic linking. Fork it, customize it for your company, publish a compliance site with GitHub Actions. Your compliance documentation in version control, queryable by AI, not locked in a SaaS platform.
Whether you have a specific security challenge or want to discuss building out your security program, I'd like to hear from you. Reach out at:
alex@engseclabs.comOr use the form to tell me about what you're working on.