Charley Thomas
LinkedInGitHub

Projects

Applied systems thinking and architecture in practice. Each project is a working example of how I translate technical choices into product, security, and operating outcomes.

ASM Notebook

Live

ASM Notebook is a cloud-native attack surface visibility and passive exposure modeling platform designed to provide structured security signals without invasive scanning.

Stack

Cloud: GCP (Cloud Run, Cloud Tasks, IAM)

Backend: Python / Flask

Data: PostgreSQL (Neon)

Security & Controls: Rate limiting, environment-based configuration, guardrail-first design

Open Tool

Executive Summary

ASM Notebook is a cloud-native attack surface visibility and passive exposure modeling platform designed to provide structured security signals without invasive scanning. It reflects architecture discipline, risk awareness, and operational intent for enterprise environments.

Problem It Addresses

Fragmented external exposure visibility and the need for structured, repeatable posture assessment demand an enterprise-safe, passive analysis approach. The notebook reduces ambiguity in security signal interpretation while keeping operational risk low.

Architectural Approach

  • Passive exposure modeling rather than active exploitation.
  • Cloud-native serverless compute architecture.
  • Task-based orchestration for scalable signal collection.
  • Clear separation of ingestion, processing, and presentation layers.
  • Explicit rate limiting and abuse guardrails.
  • Data normalization for consistent artifact handling.

Operational & Security Design

  • Scoped IAM roles and secret management.
  • Containerized deployment for portability and repeatability.
  • Controlled background task execution.
  • Structured logging and operational observability.
  • Minimal attack surface philosophy.

Solution Stack

Cloud: GCP (Cloud Run, Cloud Tasks, IAM)

Backend: Python / Flask

Data: PostgreSQL (Neon)

Security & Controls: Rate limiting, environment-based configuration, guardrail-first design

This project demonstrates structured architecture thinking, security-aware systems design, production-grade deployment discipline, and practical automation integration.

Prompt Boundary

Live

Prompt Boundary is a policy-aware request builder that converts natural language into structured, enforceable AI inputs, designed to reduce ambiguity, limit scope, and control downstream risk.

Stack

Cloud: Vercel (pbg.charleyt.net)

Frontend: React / Next.js

Backend: Deterministic request generation

Security & Controls: Scope constraints, structured output schema, safe defaults, cost guardrails

Open Tool

What it does

  • Converts natural language questions into structured, policy-aware AI requests.
  • Enforces explicit intent, scope, constraints, and output schema.
  • Generates predictable, paste-ready prompts for enterprise AI workflows.

Governance Model

  • Mirrors MCP-style enforcement patterns through bounded inputs and explicit constraints.
  • Separates user intent from system-level policy.
  • Produces outputs designed for validation and review.

Guardrails

  • Explicit scope constraints.
  • Structured output requirements.
  • No autonomous tool execution.
  • Cost-aware and bounded request design.
  • Do not fabricate defaults embedded in prompt structure.

GainPath

Live

GainPath is a local-first AI health coach architecture that unifies food logging, workouts, and daily reporting with deterministic health logic and bounded AI assistance.

Stack

Frontend: Next.js App Router on Vercel

Backend: FastAPI services on Cloud Run

Data: Neon Postgres + local-first web/mobile storage

Controls: Deterministic gauges, staged AI resolution, per-user lookup throttling

Read Case Study

What it shows

GainPath demonstrates how I design AI products where the database stays the source of truth, deterministic logic drives core health outcomes, and AI is layered in as a constrained assistant.

Architecture choices

  • Built around unified tracker, workout, profile, food, and reporting surfaces.
  • Kept workout and food history separated while sharing one energy model.
  • Used deterministic gauges and summaries, then one-call AI insight phrasing.
  • Added tier-aware AI lookup with staged promotion and per-user rate limits.

The full case study now follows the latest HealthLog docs format: why these boundaries were chosen, what the platform does today, and how the system executes each request safely.