Building an AI SRE Assistant From Scratch: Architecture of an Autonomous Infrastructure Investigator

What if your on-call engineer never slept, had instant access to every repository and every AWS account, and could trace a production issue from DNS to database in under a minute?

That’s the question that led me to build TARS, an AI-powered SRE assistant that autonomously investigates infrastructure issues by combining LLM reasoning with deep integrations into GitLab and AWS. Named after the robot from Interstellar (because every good internal tool needs a movie reference), TARS is a full-stack application where engineers interact with an AI agent through a chat interface. The agent doesn’t just answer questions. It investigates. It clones repos, greps code, reads CloudWatch logs, traces DNS chains, inspects ECS services, and synthesizes findings into structured reports.

Building an AI-Powered Platform Operations Agent

Platform engineering teams handle a constant stream of repetitive requests: onboarding users, managing API keys, checking service health, rotating credentials. Most of these tasks follow well-defined procedures that a human executes step by step. What if an AI agent could handle them instead?

In this post, I’ll walk through the architecture of an AI-powered operations agent that automates common platform tasks by giving an LLM access to your internal tools through a structured tool-calling interface.

ECS Fargate Production Patterns That Actually Work

I’ve deployed and managed many containerized services on ECS Fargate. Over time, a set of patterns has emerged that I apply consistently to every new service. This post documents those patterns with Terraform examples, covering everything from Fargate Spot strategies to deployment circuit breakers and ARM64 migration.

The Standard Architecture

Every service I deploy follows the same high-level architecture:

Internet/VPC -> ALB (HTTPS, TLS 1.3) -> ECS Fargate -> Aurora PostgreSQL Serverless v2
                 |
                WAF (rate limiting + AWS managed rules)

Each component has its own security group, with traffic flowing only from the layer above. The ALB sits in private subnets (no public-facing services), and Route53 private hosted zones handle internal DNS.

Building an AI-Powered Document Processing Pipeline on AWS

Insurance companies process millions of documents every year: police reports, medical records, invoices, repair estimates. Traditionally, human operators read each document, classify it, extract the relevant fields, and enter the data into the claims system. This is slow, expensive, and error-prone.

In this post I’ll describe the architecture of a production document processing pipeline I helped build. The system ingests claim documents, extracts text using vision-based LLMs, clusters and classifies document sections, extracts structured data, and generates vector embeddings for semantic search. All of this runs on a fully serverless AWS architecture with no idle infrastructure costs.

Building Interactive CLI Tools in Go with Bubbletea

If you’ve ever wanted to build a terminal application that feels more like a proper UI than a wall of text, the charmbracelet ecosystem is the way to go. I’ve been using it to build internal DevOps tools, and the developer experience is excellent. In this post, I’ll walk through building an interactive CLI tool using Bubbletea and Huh, the same libraries behind tools like gum and soft-serve.

Managing Multi-Account AWS Infrastructure with Terraform Workspaces

When you’re managing infrastructure across dozens of AWS accounts, you need patterns that scale. In this post I’ll share the approach I use to manage multi-account, multi-environment AWS infrastructure using Terraform workspaces, modular code, and a consistent tagging strategy.

The Problem

Imagine this setup: you have multiple organizational scopes (teams, business units, projects), each with their own AWS accounts for non-production and production. On top of that, your non-production account hosts multiple environments (dev, integration, certification). Multiply this by several countries or regions, and you’re looking at a lot of infrastructure to manage.

Building a Chess Engine: From Position Evaluation to Search Techniques

Chess engines are fascinating pieces of software that combine various computer science concepts: position evaluation, tree search, move generation, and optimization techniques. This guide will walk you through implementing a chess engine, with a particular focus on position evaluation and search strategies.

Part 1: Basic Position Representation

First, let’s implement a basic board representation. While FEN (Forsyth–Edwards Notation) is the standard for chess positions, we’ll use a more computation-friendly format internally.

Building a Secure JWT Issuer in Go: A Complete Guide

JSON Web Tokens (JWT) have become the de facto standard for implementing stateless authentication in modern web applications. In this guide, we’ll implement a secure JWT issuer in Go, covering both basic implementation and advanced security considerations.

Understanding JWT Basics

A JWT consists of three parts: header, payload, and signature. These parts are Base64URL encoded and concatenated with dots. The signature ensures the token hasn’t been tampered with, while the payload carries the claims (data) we want to transmit securely.

A Beginner’s Guide and Optimization Techniques

Graphs are fundamental data structures in computer science, representing relationships between entities. One of the most common problems involving graphs is finding the shortest path between nodes. Dijkstra’s algorithm is a classic solution to this problem for graphs with non-negative edge weights. In this guide, we’ll implement Dijkstra’s algorithm in Go and explore ways to optimize it using advanced data structures.\

Basic Implementation of Dijkstra’s Algorithm

Let’s begin by understanding the core concept. Dijkstra’s algorithm maintains a set of nodes whose shortest distance from the source is known and repeatedly selects the node with the minimum distance to explore its neighbors.

Monitoring Clipboard in Golang: A Guide to Obscuring Passwords

Introduction

In this article, we explore creating a Go program that monitors the system clipboard, automatically substituting passwords with asterisks. Uniquely, the program leaves the last few characters (minimum 1, maximum 3) of the password visible when the password length exceeds 8 characters.

Understanding Clipboard Monitoring in Go

The Clipboard Package

Go lacks a built-in library for clipboard operations. We use atotto/clipboard, a third-party package offering simple clipboard interfaces.