Skip to content
View louzt's full-sized avatar
🦇
Hard solutions over loose assumptions, always.
🦇
Hard solutions over loose assumptions, always.

Block or report louzt

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
louzt/README.md
loust.pro — Let's work together
Schedule a Meeting (Google Calendar) LinkedIn GitLab X.com Matrix
Profile Views ORCID iD 0009-0008-4374-2254 OSI Member Linux Kernel
Rust Go TypeScript Python Perl Zig GraphQL PostgreSQL Redis k3s Docker C C++ Flutter WebRTC PHP Node.js Next.js Lua Ruby Always curious to debug in another language
Google Ads Meta Ads Blockchain CRM ERP SaaS-to-SaaS IA Research Open to contribute — we'd like to support your infrastructure

I design and ship production systems where the boundary between application delivery and systems engineering has to hold. Most of my work is research-flavored engineering: the abstractions are reusable, the proofs are formal where they need to be, and the operational evidence is auditable end-to-end.

How I work — section banner

  • I approach systems engineering much like a craftsman in a workshop—studying product architecture, transport bottlenecks, and telemetry end-to-end before touching code or proposing refactors.
  • I harden network, IPC, and service layers first, ensuring the underlying substrate is secure and resilient before asking application code to carry production workloads.
  • I trace edge cases directly back to runtime behavior until the underlying contract is explicit, fixing structural boundaries rather than applying superficial patches.
  • I run targeted triage, SAST, and benchmarks across C, Rust, Go, Bun, Zig, and Python in lab setups, evaluating real-world trade-offs in memory, latency, and state to build a practical pattern library.
  • I integrate new capabilities through clean, isolated adapters that respect working production logic, allowing established platforms to scale safely without breaking core business flows.
  • I address AI scaling inefficiencies at the root—optimizing local RAG substrates, execution loops, and context compaction from the bare-metal up before paying for raw model overhead.
  • I maintain a self-reliant, transparent posture: sensitive infrastructure redacted, pull requests tightly scoped, and code reviews handled as a constructive, two-way technical dialogue.

Working with me — section banner

Working with me

  • Feedback and learning — if you see me somewhere learning to work better inside a software team, I'm interested. Senior reviewers, engineering leads, or teammates who have a specific technical observation — a code review thread, a shared codebase, a process friction — are welcome to reach out. I consider your opinion useful and treat feedback as a two-way loop, not a one-way deliverable; the best learning posture is to keep the audit trail legible on both sides.
  • HackerOne disclosure track — vulnerability reports and coordinated disclosure for infrastructure under our scope route through security@loust.pro. Triaged within 72 hours; reproducible PoCs and a minimum-scope patch suggestion move reports to the front of the queue. Out-of-scope signals (DMS, PipeWire hardening) and known-busy triage windows are documented so reporters don't spin.
  • Research collaborations — formal proofs, deterministic systems, transport-layer hardening, sovereign AI infra. Best fit: university labs, independent PhD-track researchers, and private R&D teams working in applied-probability / IR / agent frameworks. Reach out at research@loust.pro with a 1-paragraph abstract and a concrete artifact (gist, paper draft, benchmark).
  • OSS upstream hardening — if you maintain an OSS project where the runtime model is well-bounded (lifecycle contracts, allocator hot paths, compositor or daemon boundaries), I'd like to talk. I take scoped PRs against the runtime boundary; bring a reproducer + a minimum-scope patch, not a slide deck. Open invite — long-running contributor or co-maintainer track.
  • Communities and chat — IRC, Discord, Matrix, and adjacent chat-based communities are my preferred channels over mainstream social networks. If you're active in OSS communities on those surfaces (Libera.Chat / OFTC, Matrix rooms, Discord OSS servers, project-specific channels), feel free to ping me. I read more than I write, but I value signal over volume.
  • B2B platform work / partnerships — long-horizon engagements only. We build the substrate, the observability, and the audit trail before declaring anything shipped — capacity for staged rollouts is the constraint, not the calendar. Reach out at partnership@loust.pro.
  • Reference policy — I write public references for shipped work with measurable outcomes. Send the PR / artifact link and a 1-line outcome metric; I respond within a week.

Selected Work — section banner

Production systems that have shipped to real users, merged into upstreams, or run as long-lived client platforms. Public artefacts link out; private platforms are referenced by name only — the boundary between public proof and client-confidential work is deliberate, reviewable, and unchanged across engagements.

How we stay current. Release notes get read before installs. Spec changelogs (MCP, Claude, OpenAI, Gemini, every model API we depend on) get watched continuously. Triage goes multi-layer-deep before anything ships — the goal is to understand the vision, scope, and future steps of anything we depend on, so the operator inherits a solid system instead of a house of cards.

Focus Operational Impact Project
Distributed data plane in Rust + Go: routing, cache control, and a hardened tool-call pipeline for autonomous agents. Backed by the Sovereign RAG math gist (English) / Las Matemáticas del Sovereign RAG (Español) Decouples agent control planes from provider volatility; 3-way semantic sync + Bayesian Stream Guard with <0.5s hallucination kill-switch.

Rust Go TypeScript Bayesian Stream Guard Redis
LZT SRE Harness (private)
Closed-core agent runtime + secure gateway: a pruned Rust CLI (h3ph) talks to a multi-tenant k3s sidecar handling ephemeral SAST scans, BYOK inference, and zero-retention report delivery. Three access tiers (Researcher / Private Beta / Commercial) gated on signed digital contract Operates with locked egress and isolated reasoning — client nodes never see the operator's reasoning loop, system prompts, or tool contracts. Adaptive VRAM/cache budgeting keeps long-running multi-agent fleets predictable across deep multi-turn runs.

Rust k3s BYOK AGPLv3 Private Repo
h3ph43st (private repo, h3ph CLI · AGPLv3 · upcoming)
Multi-protocol transport optimized for autonomous agent control planes and other latency-sensitive use cases: Go + Rust proxy racing QUIC / Hysteria2 / direct TLS / SSH, promoting the first-healthy stream under 200ms. Public artefacts: 5-layer SSH fallback chain (Cadena de fallback SSH de 5 capas) + multi-protocol reverse proxy case study (SSH Reverse Proxy & 5-Tier Evasion Chain v1.0) Sub-200ms first-healthy-stream promotion keeps agent tool-call round-trips within budget even when single-transport assumptions fail; CA-pinning blocks MITM and POSIX-atomic writes eliminate storage state drift. Designed for environments where transport-layer variability is the norm (mobile, captive portals, restrictive NATs, cross-region agent fleets) — not for any adversarial objective.

Go Rust QUIC Multi-Protocol TLS SSH Agent Transport
Multi-protocol transport for agents (private)
3D fighting game engine informed by competitive-gaming netcode research: GGPO-style rollback (snapshot/restore + speculative execution) calibrated by Ishioka's repeat-last prediction (>70% accurate at 1-3 frame windows) for a 30-frame (~500 ms) rollback window with ~12-frame headroom over average VPN/high-latency play; Valve Source Engine patterns for interpolation buffer tuning + binary input codec; Claypool's prediction taxonomy (Prediction + TimeWarp + Interpolation); Age-of-Empires-style determinism discipline on the simulation path so both clients converge on identical state. Babylon.js 8 (WebGPU preferred, WebGL fallback), Bun + Vite + TypeScript strict, headless rollback simulation harness under synthetic lag/loss profiles Real-time matches stay playable on restrictive NATs and DPI: WebSocket (TCP, reliable/ordered) carries signaling and match lifecycle while WebRTC DataChannel (UDP, unordered) carries the binary input path; WebRTC upgrade happens in the background without interrupting gameplay, falls back to WebSocket transparently on failure. Diagnostic HUD exposes real-time ping, jitter, and rollback depth (toggleable in-match).

Bun TypeScript Vite Babylon.js 8 WebSocket WebRTC TURN/COTURN GGPO Rollback
h4kken (private, deployed at h4kken.loust.pro)
Multi-tenant B2B engine: tenant-isolated Postgres/Redis namespaces, Apollo Persisted Queries (APQ) at the edge, Firefox Gecko + MDN-powered client-side translation fallback chain, cross-project indexed search across docs/frontends/dashboards, and spec-driven custom plugin development for ambitious needs — public case study on the 135k-line GraphQL schema deployment: English gist / caso de estudio en Español 7+ years operational stability without substrate resets; client-side translation chain (modular browser LLM → locale dictionaries → self-hosted LibreTranslate → Google Translate free tier → paid on-demand) keeps server-side token spend and DDoS amplification surface at zero. Locale autodetection + user-preference selectors. Data analysis from casual dashboards to business-specific algorithms. Custom plugins + spec-driven innovation posture.

PostgreSQL Redis Prisma GraphQL Next.js Astro Apollo APQ
LOUST multi-tenant platform (current, 7y6m)
Spec-driven code generators and platform scaffolding for multi-app TypeScript monorepos Single source of truth across 9 packages and 391 TypeScript files, eliminating boilerplate duplication and type drift.

TypeScript Bun esbuild Vitest
Nexus Engine (private)
Identity-anchored transport toolkit that solves the SSH/QUIC head-of-line blocking problem: when strict NATs, firewalls, captive campus networks, or carrier-grade mobile networks force transport to degrade toward TCP-ish behavior, rollback-sensitive real-time sessions become fragile. SnapPipe binds sessions to a cryptographic identity (Ed25519 public key) instead of an ip:port tuple — rebind/reconnect stays cheap, signed tickets gate the peer handshake before any data flows, and a self-hosted relay scaffolds the bootstrap path. v0.2.1 surfaces identity-gated handshake (NonNullIssuer rejects an empty trust store as default-allow), bounded NonceStore with TTL for replay protection, per-NodeId rate limiting, ALPN source-of-truth, sub-second mtime, and lock-free v0.3.0 trigger metrics on NonceStore/RateLimiter Library design + QUIC implementation choices that keep both client and server sides auditable: handshake decisions land before any peer sees an unauthenticated frame; the trust store is bounded and inspectable; rate-limit decisions trace to a NodeId, not to a transient socket. CI hardened with SHA-pinned actions, persist-credentials: false, and cargo test --locked.

Rust QUIC Ed25519 Identity-Anchored Self-Hosted
SnapPipe
Cross-platform internet upgrade toolkit with three deployment shapes: Tauri v3.1 desktop GUI (Rust + SvelteKit, ~8 MB, glassmorphism UI, Windows production), Python v2.2 CLI legacy surface (CustomTkinter + headless CLI, ~25 MB Nuitka bundle), and headless systemd/Windows Service daemons. Windows side implements Linux BBR-equivalent TCP optimizations — HyStart++ slow-start, PRR loss recovery, ECN negotiation, TCP Fast Open, TCP Pacing, RSS/RSC receive-side coalescing. Linux headless binary delivers the same DNS Auto-Failover (11 servers across 6 tiers: Speed, Security, Privacy) as a systemd user service without GUI overhead. 4-Phase Diagnostics walks Adapter → Router → ISP → DNS with parallel 4-worker health checks (~3s cycle vs ~30s sequential) and live graphs + Event Log integration Real-world throughput gains of +15-20% on Windows via Linux kernel-default techniques (queueing discipline, congestion control, socket buffers) without paying for extra bandwidth; DNS failover across Speed/Security/Privacy tiers survives ISP DNS outages and captive-portal interference; three runtime modes (Tauri GUI, Python CLI, headless systemd/Service) cover desktop power users, remote shell operators, and unattended infrastructure with the same config grammar. Apache-2.0 (deliberate single-license since 2026-06-25).

Rust Python Tauri v3.1 Windows Linux BBR DNS Apache 2.0
NetBoozt
Dual-binary GitHub automation: MCP server + webhook auto-tagger. Pulls metadata via JSON-RPC stdio surface and manages GitHub Projects triage Single-binary infrastructure for GitHub Projects triage: automated PR slicing, batch label reconciliation, and webhook ingestion with zero outbound dependencies.

Go MCP GitHub
TaxonRouter
Visual identity, access hierarchy, and turnstile validation layout for regional mass-transit credentials (2025–2026 cycle) Sustained high-density passenger throughput and multi-tier zoning enforcement under strict security constraints. Tren Maya smart-card credentials (2025, 2mo contractor)
Content-addressed documentation scraper tracking corpora changes via BLAKE3 and git-tree manifests Grounded local corpora feed Sovereign RAG (DSVH) and Virtuoso 7.2.6 pipelines, replacing ungrounded web searches with reproducible local context.

Python BLAKE3 Git tree Virtuoso 7.2.6
spec-snapshot-scraper
Compositor contract enforcement across Wayland upstreams (wlr-layer-shell, presentation-time, xdg-output) Solves multi-runtime edge cases: GTK subprocess teardown (Bottles), frame-callback race conditions (linux-wallpaperengine), and filter matrix exposure (Waypaper).

Wayland wlr-layer-shell GTK presentation-time
Upstream hardening — Bottles · Waypaper · linux-wallpaperengine
Multi-tenant MCP broker with intent-filter (read | mutate | admin) + resource engine for VRAM/cache budgeting + spec-watch loop aligning annotation contracts before downstream tools adopt breaking changes Deterministic tool-call surface survives provider churn, prevents prompt-injection-style annotation drift, and keeps cost + latency within bounded envelopes.

Rust MCP Annotation Pruning Resource Engine
LZT MCP infrastructure (private: lzt-mcp-broker + resource engine + spec scanners)
VSCode-native agent loop integration: read-only MCP server wiring live editor state, the SPARQL corpus graph, the watchdog pressure sensor, and the update manifest (4 read-only tools) + a hardened CLI companion wrapping the VSCode Insiders editor CLI as 4 typed tools (cli_open_file, cli_diff, cli_list_extensions, cli_install_extension) with subcommand allowlist, hardcoded path blocklist (/etc, /proc, /root/.ssh/, /root/.gnupg/, etc.), workspace-prefix enforcement, and publisher allowlist for install operations Lets the agent reason about the operator's live editing context (active extensions, dev ports, LSP, bridge, watchdog events, update drift vs update.code.visualstudio.com) and act on it through a tightly-scoped CLI surface — never with full shell, never with the path blocklist, never with unsigned extension publishers. Closed-loop improvement workflow: detect problem via watchdog → query corpus for upstream doc → diff/cross-reference via the read-only tools → propose change via the mutate surface, with daily JSONL audit log. Both servers declare MCP readOnlyHint/destructiveHint per tool; the read-only pair rides broker intent read, the mutate pair requires mutate/admin.

Go VSCode API MCP SPARQL Allowlist
lzt-vscode-mcp + lzt-vscode-cli (private: read-only editor state + hardened CLI companion)
arXiv preprint LaTeX source and companion verification suite for FNV-1a + L2 + cosine projection pipelines Formally proves estimator unbiasedness and concentration bounds, validated empirically under 25/25 thread concurrency stress testing.

LaTeX Rust FNV-1a 64-bit Virtuoso 7.2.6
deterministic-sovereign-rag + dsvh-verification-suite
High-efficiency subagent fleet that activates ONLY when an upstream spec (MCP, model APIs, Claude/Gemini/OpenAI changelogs) releases a breaking change outside the LLM's training window. Patches the harness' contract types before downstream tools observe the drift Closes the "stale spec" gap in long-running agent fleets — a model released 4 months ago doesn't know about a spec change from 3 weeks ago, but the harness auto-detects and re-validates contracts before production rollout.

Rust Change Detection Zero Egress
Spec-watch subagent fleet (private: lzt-mcp-version-scan, lzt-changelog-aggregate)
iCal-to-CalDAV bridge daemon translating public ICS subscriptions into localized CalDAV streams for native desktop clients Lightweight Linux runtime daemon transforming remote web calendar subscriptions into local, standards-compliant CalDAV endpoints.

Rust CalDAV Apache 2.0
ical-to-caldav
Compiler translating noisy LLM export payloads (ChatGPT, Claude, Gemini) into canonical JSONL + Markdown records Normalizes fragmented vendor exports into a structured context stream, eliminating ~60% token bloat during prompt injection.

TypeScript JSONL Claude ChatGPT
LLMmempipe
Representative build signals from shipped systems
  • 9 packages and 391 TypeScript files in Nexus Engine
  • 42 Prisma models and 600+ GraphQL endpoints in larger platform work
  • 50K embeddings queried in 188 ms in GPU-oriented retrieval
  • 15-20% throughput improvements in NetBoozt test cases
  • <2 minute lead-to-quote response latency in SYPREME conversion-attribution pipeline
  • Atomic CFDI 4.0 invoicing pipeline (multi-tenant e-commerce + Stripe)
  • Redis channel count reduced 59 → 18 via SCAN/COUNT migration over KEYS

What we ship at loust.pro — Software company section banner

The technology provider behind my work — multi-protocol transport, hardened Linux substrate, and B2B platforms that survive multi-year horizons. Public artefacts land in Research & Publications and Investigations & Notes; this section is the product surface I run day-to-day.

LOUST · Leverage Opportunities Unleashing Success and Transformation

Enterprise CMS
Multi-tenant content + commerce + operations platform with isolated Postgres/Redis namespaces per tenant. Single codebase runs marketing, ERP-lite flows, bookings, and storefronts.
Next.js Astro Prisma GraphQL PostgreSQL Redis Cloudflare
Automations
Rule + webhook engine for client operations. Connects Meta Ads, Google Ads, Stripe, MercadoPago, and CFDI 4.0 invoicing into auditable workflows with run history and replay.
Bun TypeScript GraphQL PostgreSQL Redis Streams
CRM Hub
Pipeline + contact + closing surfaces for sales teams. Sub-2-minute lead-to-quote latency under exhibition pressure. Native multi-tenant isolation.
Next.js TypeScript Prisma GraphQL PostgreSQL
SocialSphere
PropTech + hospitality ERP. Multi-property booking, turnover calendars, and channel-manager hooks. CTO since Dec 2025.
Next.js TypeScript Prisma GraphQL PostgreSQL Stripe Tauri
Nexus Apps
Spec-driven generators and platform scaffolding. 9 packages and 391 TypeScript files keep multi-app ecosystems consistent from one source of truth instead of copy-paste.
TypeScript Bun esbuild tsc vitest
Marketplace
Multi-vendor e-commerce with CFDI 4.0 invoicing, Stripe + MercadoPago splits, and a verified directory for sellers. Atomic invoicing pipeline keeps the trail auditable end-to-end.
Next.js TypeScript Prisma GraphQL Stripe Connect CFDI 4.0
AI Chatbot
Multi-tenant conversational surface for client ops. ReAct reasoning loop with provider-rotation across MiniMax M3, ChatGPT, Claude, DeepSeek, Gemini, Llama, and free-tier fallbacks; per-tenant retry budget keeps cost bounded. Routes to human handoff with full context, sessions in tenant-isolated Redis namespaces, exports to CRM Hub on close.
Bun TypeScript MiniMax M3 Pollinations ChatGPT Claude DeepSeek Gemini Llama ReAct Redis GraphQL
Public Research Notes
Long-form writeups on sovereign RAG, transport-layer hardening, kernel regressions, and infrastructure audits. Public-by-default where the abstraction boundary is legible.
Astro MDX GitHub gist ORCID bridge

Research and Publications — section banner

Long-form research notes, paper drafts, and proof chains I maintain as part of day-to-day work. Each entry has a concrete artifact (gist, draft, or measurement) — no abstract ambitions.

Deterministic Sovereign RAG via Signed-Hash Projection (paper draft, 2026)

A four-formula operator stack for reproducible retrieval on sovereign cloud corpora: FNV-1a 64-bit feature hashing into a fixed D = 128 vector, L2 spherical normalization, cosine reduced to a dot product on the unit hypersphere, and a pagination throughput window for upstream API rate-limit optimization. Seven theorems bound estimator unbiasedness, variance via Weinberger 2009, exponential collision concentration via the non-asymptotic Hanson–Wright inequality, O(D) storage/matching, scale invariance under L2 normalization, the cosine/dot equivalence, and the R_throughput operational bound.

Validated empirically on a 4,458-document operator corpus (MANIFESTs, memory entries, subagent specs, skill specs, hardening fragments) — indexed in 4.14 s on the operator's laptop with σ=0.18 s, 640 ns match latency (σ=85 ns) on the production virtualized substrate, and 0.78 top-5 recall. A 25/25 concurrency stress test on the production Rust implementation (DSVH) demonstrates stable operation under sustained workload. / Cuatro fórmulas, siete teoremas. Retrieval soberano y determinista sobre infraestructura en la nube local.

Read the Sovereign RAG math gist (English)   Leer las matemáticas del Sovereign RAG (Español)

Stack: Rust (DSVH) + Go (APG) + Virtuoso 7.2.6 + FNV-1a 64-bit + L2 normalization. Open question: empirical head-to-head against dense embedders (BGE-M3, multilingual) — left for future work.

APQ at Scale on a 135k-Line GraphQL Schema (case study, 2026)

Empirical anchor for the theorems above: 90.9% cache hit rate, p95 12 ms latency, +125% throughput lift, $0/mo incremental infra cost on the LOUST multi-tenant Next.js 16 + Apollo Server v4 stack against a 135k-line Prisma-derived GraphQL schema. The case study is the production evidence the formal results lean on — same $\lambda T \approx 389$ regime cited in Theorem A.1, same $r_1 \approx 0.25$ APQ compression ratio in Theorem B.1, and the same +125% throughput lift that compounds with Brotli q11 in the production measurements. Eight diagnostic anchors (cgroup v2 isolation, CB convergence, Zipf coverage, PSI pressure detection) and seven theorems ($H \leq 1 - \exp(-\lambda T)$, throughput gain $G = \frac{1 + \rho \cdot \frac{W_o}{W_r}}{1 + \rho \cdot \frac{W_o}{W_r'}}$, $R_{\text{total}} \approx 0.075$ end-to-end bandwidth) make the case study reviewable as a small formal dossier rather than a benchmark dump. Operator's diagnostic posture: if any of the seven anchors fire in production, the recipe (pre-warm + Redis Lua EVAL + cgroup v2 slice + persistent runner volume) is named and measurable in the document.

Read the APQ case study (English)   Leer el caso de estudio APQ (Español)

Stack: Next.js 16 cacheComponents + Apollo Server v4 + ApolloAPQCache + Redis 7 ioredis keyPrefix + Lua EVAL atomic + cgroup v2 compile-runner.slice + self-hosted GitHub Actions runner with persistent /opt/build-cache volume. Diagnostic anchors: §3.8 cgroup v2 runner isolation, Appendix F slice + hooks, Theorem E.8 throughput gain under cgroup contention. Public artefact, no host infra numbers exposed.

Zero-Prefill Keep-Alive Protocol (operator stack, 2026)

Cost-benefit gate for cache-warming probes against upstream GPU clusters. Three-step procedure: monitor the upstream's TTL state via a single max_tokens=0 probe, trigger an asymmetric EMA update based on the boolean cache-hit response, fire the next probe only when the gate fires. The protocol is 800× cheaper than a cold start at K=1 and still 50× cheaper than an evict-and-compress cycle at K=16. The cadence is asymptotically optimal under the upstream's 5,000 req/hour rate-limit constraint.

Stack: Go (APG) + Lamport happens-before ordering + Marzullo 1994 intersection bound + CLOCK_MONOTONIC. Documented in §5 (clock drift) + §8 (DET protocol) + §9 (zero-prefill) of the operator-stack paper draft.

Investigations and Notes — section banner

Public research notes, snapshots, and audit logs from ongoing work. Updated as findings stabilize.

Topic Type Notes
lzt-* gist collection Mixed · 9+ gists Bash hardening snippets, systemd unit definitions, MCP surface designs, certificate chains, transport proxy configs
APQ at Scale (135k-line GraphQL Schema) · ES GraphQL performance · Edge runtime · Self-hosted runners 90.9% hit rate, p95 12 ms, +125% throughput, $0/mo. Seven diagnostic anchors + seven theorems; §3.8 cgroup v2 runner isolation (slice + Lua EVAL pre-warm + persistent /opt/build-cache). Companion to the APQ theorems in the Research and Publications section above.
Resilient Transport vs Stateful DPI Network engineering 5-tier QUIC/Hysteria2/TLS/SSH fallback proxy; Happy Eyeballs racing in <200 ms; CA-pinned topology
PipeWire handshake timeout (protocol-native) C / Linux core 5s spa timer on pw_protocol_native_connect_local_socket(); prevents indefinite CLI hangs (wpctl/pactl) when daemon is alive but unresponsive. Published upstream on Freedesktop (PipeWire).
Niri State Observability (Wayland typed-diagnostics) Wayland compositor · Rust IPC Pull-based typed diagnostics over Niri IPC; semantic asset labeling; per-output mutex; anchored 5 PRs upstream
Waypaper image-filter PR #286 Upstream OSS Scaling algorithms exposed across swww/awww backends; HiDPI + pixel-art artifact resolution
Zero-overhead observability Linux runtime PSI over polling; inotify fork-bomb mitigation; Redis KEYS → SCAN/COUNT migration
Chromium 148 CSP regression audit Web security Accepted upstream under Opera GB-80414; CSP Level 3 + srcdoc sandbox collision isolation
NVIDIA DKMS Kernel 7.0+ RFC Linux kernel · C Forward-compat patch series for Kernel 7.0 API refactoring: VMA locking (__is_vma_write_locked() 2→1 args), DMA fence signal (dma_fence_signal_locked() int→void), __vm_flags removal in favor of vm_flags_reset(). 3-layer DKMS build-loop triage (no-autoinstall + apt-mark hold + unattended-upgrades blacklist). NVreg_DynamicPowerManagement=0x02 modprobe rule for Optimus USB-C D3cold hotplug panics under hybrid GPUs.

LOUST · Leverage Opportunities Unleashing Success and Transformation

Public gists are linked individually above as they ship. For private work-in-progress and operational forensics, see LinkedIn for the curated view.

Animated footer tagline

Pinned Loading

  1. LOUST-PRO/NetBoozt_InternetUpgrade LOUST-PRO/NetBoozt_InternetUpgrade Public

    🚀 Transform your internet speed without changing ISP. BBR-like TCP optimizations + intelligent network failover + DNS protection for Windows/Linux

    Python 1

  2. LOUST-PRO/LLMmempipe LOUST-PRO/LLMmempipe Public

    Compile noisy LLM exports (ChatGPT, Claude, Gemini) into token-efficient JSONL + Markdown for Claude Code, Projects, and agent runtimes.

    Rust 2

  3. Mathematical foundation for O(1) loc... Mathematical foundation for O(1) local context compaction in agentic AI control planes: FNV-1a 128-dim + L2 normalization + cosine similarity. Auditor-impact translation of every KPI (72x speedup, 6x storage, σ=±0.18s). Adaptive buffer pool pattern (no hard-locked RAM). 6 references. 4.14s index over 4,458 docs. Zero SaaS. Bitwise-deterministic.
    1
    Mathematical foundation for O(1) local context compaction in agentic AI control planes: FNV-1a 128-dim + L2 normalization + cosine similarity. Auditor-impact translation of every KPI (72x speedup, 6x storage, σ=±0.18s). Adaptive buffer pool pattern (no hard-locked RAM). 6 references. 4.14s index over 4,458 docs. Zero SaaS. Bitwise-deterministic.
    2
    
                  
    3
    # The Mathematics of Sovereign RAG: O(1) Local Context Compaction for Autonomous AI Agents
    4
    
                  
    5
    **How feature hashing + L2 spherical normalization + cosine similarity give a $5/month VPS the indexing capability of commercial observability SaaS — without the SaaS, without the per-document embedder, and without the telemetry egress.**
  4. SSH Reverse Proxy & 5-Tier Evasion C... SSH Reverse Proxy & 5-Tier Evasion Chain (2026-07-10 — v1.0)
    1
    5-tier SSH fallback chain: QUIC · Hysteria2 · gost · tls-direct · direct-ssh
    2
    
                  
    3
    Bypassing lazy-upstream proxy deadlocks under stateful DPI: a 5-tier SSH fallback chain (QUIC · Hysteria2 · gost · tls-direct · direct-ssh) replaces gost-client with eager Go crypto/tls dial. CA-pinned, no InsecureSkipVerify. 92.4ms p50 handshake vs ∞ deadlock under carrier DPI. Math formalism: TCP Cubic · BBR · Hysteria2 Brutal CC · Linux kernel RTO escalation. Bilingual EN ↔ ES.
    4
    
                  
    5
    # Bypassing Lazy-Upstream Proxy Deadlocks: A 5-Tier Race-Pattern Probe Under Stateful DPI
  5. LOUST-PRO/TaxonRouter LOUST-PRO/TaxonRouter Public

    Dual-binary GitHub automation: MCP server + webhook auto-tagger

    Go 1

  6. LOUST-PRO/SnapPipe LOUST-PRO/SnapPipe Public

    Identity-based QUIC transport toolkit with signed tickets, self-hosted relay scaffolding, and zero-vendor open-core lock-in.

    Rust 1