Sequence-modeling pipeline
Python services normalize events, tokenize activity, build profiles, train sequence models, and export inference artifacts.
Case study
A prototype for behavioral security analytics: event normalization, sequence modeling, edge-oriented inference infrastructure, and analyst-facing review tools brought into one inspectable product system.

Repository evidence: routes, data model, interface screens, and workflow code.
A prototype for behavioral security analytics: event normalization, sequence modeling, edge-oriented inference infrastructure, and analyst-facing review tools brought into one inspectable product system.
Isolated security events rarely explain behavior. The prototype normalizes authentication, process, file, and access activity into behavioral sequences, compares them against user and peer context, and shows the result for analyst review rather than treating a model score as the product.
A full-stack applied AI product practice: domain modeling, ML pipeline design, deployment architecture, operational dashboard, validation, and documentation.
Python services normalize events, tokenize activity, build profiles, train sequence models, and export inference artifacts.
Analyst screens show queue state, alerts, user risk, timelines, peer context, recommendations, and resolution workflows.
Worker gateway, Python inference containers, queues, KV, R2 artifacts, D1 records, and active-version switching outline a Cloudflare runtime path.
Pydantic/Zod contracts, exercise-data review, audit records, benchmark-style pages, and model exposition pages keep the prototype inspectable.
Pydantic and Zod service boundaries.
Bundles, vocabularies, templates, versions.
Implementation details from the product, data, workflow, and infrastructure layers.
Contract-driven Python services with Pydantic validation.
Runtime validation in TypeScript with Zod and hardened security headers.
Model bundle export, quantization, artifact upload, and active-version switching workflows.
Dashboard screens for triage, analytics, data exploration, users, settings, and operational administration.
System components map across Events, Gateway, Linguist, Profiler, Predictor, Investigator, and Dashboard screens.
Cloudflare deployment paths include Workers, D1, KV, R2, queues, containers, and Access-oriented configuration.
LANL-style and red-team artifacts support benchmark-style review, alert inspection, and model evaluation.
Security headers, audit records, validation contracts, and model exposition pages keep the workflow inspectable.
How the public pages, staff workflows, data, review steps, and infrastructure connect.
Structured security telemetry.
Sequence-ready behavioral inputs.
Anomaly scoring and inference artifacts.
Severity, status, recommendations.
Triage, timelines, analytics, settings.
Technology
The platform stack behind the build.
A security-operations visual language: dark review panels, compact mono labels, sparse severity color, table-first evidence, queue state, and diagrams that explain the model path.
Philosophy
The product framing keeps the model visible but subordinate to analyst review: event context, peer comparison, queue state, validation, and auditability do the explanatory work.
Additional screens from the case study.