Selected projects — held together with Python, Ansible & quiet runbooks.

Multi-strategy options bot — NSE & MCX, live.

A Python trading bot running five strategies across NSE equities, NSE F&O, and MCX commodity options — live in production since March 2026.

Five concurrent scanners (first-candle breakout, support bounce, swing options, NSE F&O directional, weekly iron condor) feed every entry through an LLM-backed "Trading Brain" gate. Sizing is margin-aware; a session-wide kill switch freezes new entries when signed true-free margin goes negative, and auto-unfreezes when it recovers.

Deployed to AWS Mumbai via AWX on a t4g.medium with a static EIP for SEBI broker whitelisting. Dashboard runs behind nginx + Let's Encrypt; the bot listens to a Telegram channel for two-way control (kill / pause / resume / record-only exit) so I can intervene from anywhere.

Operationally cheap by design: ~$30/mo all-in, single EC2, single SQLite DB with WAL, and a deploy playbook that does paper-mode and live-mode from the same vault.

Monitoring Linux on AWS EC2 — ELK + Grafana.

A self-hosted observability stack on two t2.micro RHEL EC2 instances — brought up & torn down end-of-day with one Ansible playbook.

Logstash on one node ingests syslog + auditd from the fleet; Elasticsearch + Grafana on the other surfaces SLO and security dashboards. The whole stack lives behind a single inventory and two playbooks (deploy.yml, teardown.yml) so it costs nothing to leave overnight.

The non-obvious work was the dashboard — pushed to Grafana via API after each playbook run, so it stays version-controlled in git instead of hand-clicked in the UI.

SSH Key Rotation, fleet-wide.

An AWX/AAP playbook that rotates the apadmin SSH key across env-classed AWS RHEL fleets — verify-before-commit, per-host rollback, AWX credential write-back.

The rotation generates a new ed25519 keypair, distributes the public key to every target with the existing key, verifies a clean SSH login as the rotated user, only then replaces authorized_keys, and finally writes the new private key back to the AWX credential store. Any host that fails verification rolls back without touching the rest of the fleet.

Live since April 2026 — see the spec + plan in the project's docs/ for the full step list.

claude_autosearch — multi-agent research briefs.

A small multi-agent system that turns an arXiv query into a structured research brief, built directly on the Anthropic SDK with no orchestration framework.

One planner agent decomposes the query, multiple worker agents fetch + summarise papers, and a synthesiser agent stitches the result into a brief with proper citations. Tool use, prompt caching, and cost tracking are first-class — running it on a corpus of 20 papers costs a few cents and ~30 seconds.

Built deliberately without AutoGen / LangGraph to keep the loop legible: the agents are functions, the tools are JSON schemas, and the queue is a list.

Project Tracker — Jira-style, tiny.

A Flask + SQLite Jira-style dashboard I run on the home lab to keep my own backlog honest. Boards, statuses, labels, links. Nothing more.

Originally a 200-line script, now ~1.5k lines and pleasant to use. Synced to by docagent so plan / PR / incident notes from agent sessions land in the same place I track work.

Linux Security Reviewer.

A Python-stdlib-only CLI that audits a Linux host — sudoers, sshd, password policy, world-writable files, services — and prints a one-page report.

Designed for the box where you don't want to install anything. No third-party deps, no compile step, no surprises. Drop the file in, run it, read the report.