This is my personal website, portfolio, and blog. It is built with SvelteKit and Tailwind CSS. It is then statically generated and hosted on GitHub Pages, It sits behind a Cloudflare proxy for security and performance.

The blog section is a custom solution that allows me to statically generate the blog posts and host them on GitHub Pages, hence the super fast loading times.

At the Entrepreneurs First EBL hackathon in Milan, I built a Scratch-style drag-and-drop frontend (using Konva + a custom renderer) for creating AI agents via visual programming.

The system transpiles block-based workflows into a tree structure, which is then converted into syntactically sugared JavaScript and evaluated in a sandboxed runtime with a custom standard library.

This made it easy to abstract over APIs like Gladia, ElevenLabs, OpenAI, Mailgun, Twilio, and more, letting users chain actions like voice input, text handling, TTS, and webhooks with zero code.

Please keep in mind this was built on zero sleep in under 24 hours—so go easy on the code!

Noise.email is a privacy-first, end-to-end encrypted email platform I built while picking up Go for the first time, because why not learn a new language *and* write a crypto system at the same time?

It uses Argon2 for password hashing, SHA-256 for message integrity, and asymmetric key pairs for encryption between users. Messages are stored encrypted-at-rest, and the backend strictly avoids handling plaintext.

I also built a minimal SMTP/IMAP-compatible API layer and a custom frontend for zero-knowledge key handling, aiming for full client-side trustlessness.

GoThic is a Go library designed to provide robust session management, CSRF (Cross-Site Request Forgery) protection, and RBAC (Role-Based Access Control) for web applications, particularly those built with frameworks like Gin. It focuses on security, extensibility, and a clear request processing lifecycle.

• Secure Session Management: Manages user sessions using encrypted cookies, handling creation, validation, refresh, and association of custom data (claims).
• CSRF Protection: Implements the synchronized token pattern (double submit cookie), with tokens linkable to authenticated sessions.
• Role-Based Access Control (RBAC): Provides a flexible system for resource access control based on user roles and permissions, with caching.
• Structured Request Lifecycle: Defines a clear process for handling HTTP requests, encompassing session handling, CSRF validation, RBAC checks, input processing, logic execution, and response generation.