Investigating why remote users were getting 5 Mbps through a WireGuard tunnel despite 400+ Mbps available on both ends. MTU fragmentation, TCP congestion collapse, and UDP buffer exhaustion.
Replacing per-service authentication with centralised SSO backed by Google OAuth. OIDC for Grafana, Immich, Portainer; forwardAuth for everything else.
Found that my *.internal.gread.uk services were publicly reachable via the VPS TCP proxy. Built a three-layer defence to fix it.
A 40,000+ line TypeScript/Angular/Electron desktop app (fli-gui) I built for the engineering team. Nobody asked for it; everyone uses it.
Rebuilt the email digest notification pipeline end-to-end — priority queuing, dedicated Redis infrastructure, Nomad migration, full observability.
Production-grade self-hosted infrastructure on a Synology NAS — reverse proxy, SSO, DNS, monitoring, WireGuard tunnel, and automated deployment.
Full-stack customer support infrastructure — designed as a graduate, still in production nine years later. Now powers the company's AI agent workflows.
36 custom static analysis plugins enforcing platform standards automatically at build time across a million-line codebase.
