Four Doors Just Opened — Four Self-Hosted Platforms Live

Building in private is comfortable. You control the narrative, you fix things before anyone sees them, and nothing is ever quite finished enough to show. I've spent enough time there. Four platforms I built are now standing on their own, behind a waitlist, and this is me opening the doors.

They're closed to the public on purpose — access is by waitlist while I bring on early operators deliberately rather than all at once. That's not scarcity theater. It's how you onboard systems that handle real money, real network traffic, and real intelligence work without breaking anyone. Each one solves a problem I had myself before it was a product, which is the only reason I trust any of them. Here's what's behind each door.

Shadow Obsidian — one console where eight tools used to be

Most security teams run a graveyard of tools: one for packet capture, another for OSINT, a third for vulnerability scanning, a honeypot somewhere nobody checks, and a spreadsheet holding it together. Each tool has its own database, its own login, its own view of reality, and the analyst becomes the integration layer — copying an IP from one window into another, correlating in their head what the tools should have correlated for them. Shadow Obsidian collapses that into a single self-hosted console with three vectors sharing one database — network intelligence, OSINT investigation, and offensive tooling.

The reason it shares one database is the whole point. An attacker IP that hits the honeypot doesn't sit in a separate log — it pivots, in one click, straight into an OSINT lookup and a CVE correlation. The network vector does live packet capture and flags a DNS tunnel using Shannon entropy math, not vibes: legitimate queries for a zone sit around two bits of entropy per label; a tunnel runs near four, and the histogram doesn't lie. The OSINT vector runs thirteen engines — username enumeration, breach lookups, dark-web search, the standard arsenal — against a target the moment it appears in the network data. The offensive vector brings real scanning, a live SSH honeypot, canary tokens, and current vulnerability data. Roughly fifty thousand lines, a quarter Python and a quarter TypeScript, all on hardware you own and none of it phoning home.

It's built for the CISO at a mid-sized company priced out of enterprise SIEM licensing, the MSP juggling a dozen client networks who needs one pane of glass, and the team with an on-premise mandate that rules out the cloud-only vendors entirely — government, defense, regulated finance. Darktrace-class correlation without the Darktrace invoice, and without your security telemetry living on someone else's servers. The network and offensive vectors are fully live; the OSINT vector is nearly there.

The door: join the Shadow Obsidian waitlist.

Red Box Protocol — one risk engine, three asset classes

Red Box Protocol is a multi-vector autonomous trading platform. Centralized crypto, decentralized exchanges across five chains, and stock CFDs — all watched by a single pipeline and gated by one risk manager. It runs on real capital, live on Binance, which is the only test that ever mattered. Paper-trading proves nothing; the market only tells you the truth when your own money is on the line.

The architecture is the interesting part. Signals flow through six stages — anomalies, domino chains, signals, decision, execution, position management — and every order passes a ten-rule risk gate before it touches the market. The AI's confidence is capped by design: chart reads, sentiment, and language-model input each have a hard ceiling, because a model that's certain is a model about to be expensive, and the fastest way to blow up an automated system is to let one confident signal size itself. It detects cross-asset domino chains — a gold spike that cascades into crypto and reacts in equities — which is exactly the kind of correlation a single-asset system is structurally blind to. And it keeps audit-grade logs of every decision, because a trade you can't explain is a loss you'll repeat. Smart exits re-evaluate on regime change instead of sitting on a blind stop-loss; force-execute exists for manual overrides but logs to a separate audit trail so the record stays honest. It runs on a time-series database tuned for market data, with secrets in a proper vault, not a config file.

This isn't a signal newsletter and it isn't financial advice. It's the execution and risk infrastructure I run my own positions through, built for quant operators and desks that need the same discipline applied across asset classes that usually require three separate systems and three separate teams. Phase one is nearly complete and live on spot and futures; more venues are in testing.

The door: join the Red Box Protocol waitlist.

Rabbit Hole Tornado — when a word becomes a ticker

Rabbit Hole Tornado treats narrative the way a desk treats price. It scans 244 news sources in fourteen languages — including Ukrainian, Russian, Arabic, and Turkish, the ones most English-only systems never read and therefore never see coming — and turns word-frequency ratios into tradeable instruments. A hundred narrative tickers: WAR against PEACE, INFLATION against SAVINGS, AI against JOBS. When one moves anomalously against its own history, you see it before it's "news," because by the time it's news it's already priced.

The discipline I'm proud of: it's ninety-five percent algorithmic. Regex, z-scores against historical baselines, graph traversal — running at essentially zero marginal cost — with a language model only on the five percent where it genuinely earns its place. It rides a ten-million-edge concept graph spanning hundreds of languages to predict how a story in one market cascades into another, names the actors involved by role and sentiment, and sources every single signal back to the original article so nothing is a black-box "trust me" number. Fifteen analytical surfaces — dashboard, chart, cycle, chains, cascade, signal-to-noise, psychology, anomalies, geopolitical, whales, and more — over thirty thousand lines of code, with eighty-plus tracked actors and over a hundred cause-effect chains already wired in production.

It's built for macro and global-macro desks, geopolitical risk teams, and intelligence shops that need multi-language collection on infrastructure they control rather than a vendor's cloud. The story usually moves before the candle does. This is the instrument that watches the story, in the languages where the story breaks first.

The door: join the Rabbit Hole Tornado waitlist.

HunterStahl — the CV platform where you own the data

The job market runs on platforms that own your professional history, rent it back to recruiters, and lock your data behind their export button. Your career becomes a row in someone else's database, formatted their way, visible on their terms. HunterStahl inverts that. Your career is a structured document tree you fully own — no vendor lock-in, no proprietary cage, exportable in a form you control. You bring your own AI key, so you control the cost and the model rather than paying a markup on someone else's. You ship role-targeted versions of your profile as branded snapshot links, and you see the view analytics on the recruiter side — who opened it, when, how long they spent.

It's a polyglot system under the hood — eleven services across seventeen containers, payments handled in their own hardened layer on both card and crypto rails, capability-based access control throughout, roughly eighty-four thousand lines — but the experience is simple: a senior operator managing several targeted versions of their story, in full control of the data, the AI, and who sees what. The editor, the PDF export, and the billing are all live; public profiles, an API tier, and team workspaces for boutique recruiters are next.

It's for the senior product and engineering leaders running three or four role-targeted CVs, the founders who need a sharp pitch surface, and — soon — the boutique recruiting agencies who want a tool that respects the candidate instead of harvesting them. You own your work history. After a decade of platforms that quietly decided otherwise, imagine that.

The door: join the HunterStahl waitlist.

The same spine under all four

It's worth saying what these four share under the hood, because it's not an accident and it's the reason they're trustworthy rather than just ambitious.

Every one of them runs the same operating discipline: containerized so it deploys the same way on any machine, architected on paper before a line was written, and built test-first so the thing that works in the demo is the thing that works under load. Each ships with the same lifecycle — a fixed set of commands to set it up, run it, watch it, and deploy it — which is exactly why one person can stand up a SIEM, a trading engine, an intelligence platform, and an identity tool without any of them turning into a haunted house nobody dares touch. The variety lives in what each system does; the way you operate them is deliberately, boringly identical. That sameness at the foundation is what makes the range at the surface possible.

They also share a stance toward your data: it stays yours. Self-hosted, on infrastructure you control, with no telemetry phoning home and no vendor cloud holding the keys. A security console whose telemetry lives on someone else's servers isn't a security console — it's a liability with a dashboard. A trading system you can't audit is a story you're choosing to believe. The ownership isn't a marketing line bolted on; it's the design constraint every one of these was built under, the same constraint behind the engine this site runs on.

Why a waitlist, and what it says

Four platforms, four domains, four distinct problems — security, trading, intelligence, professional identity — and one thing in common: every one of them is self-hosted, owned end to end, and built so the operator never depends on a vendor who can change the terms underneath them. That's not a coincidence across four projects. It's the thesis, applied four times, in four markets where the incumbents all made the opposite bet — that your data, your telemetry, and your history are theirs to hold.

I'm gating access because these aren't toys, and onboarding them well matters more than onboarding them fast. A trading system, a SIEM, and an intelligence platform are not things you fire-hose to a thousand strangers and hope. Early operators get my direct attention while the cohorts are small — which is worth more than instant access to a queue. If one of these solves a problem you actually have, the waitlist is the move.

If none of them fit, that's fine too — they weren't built for everyone, and a tool that's for everyone is usually for no one. But if one of these is the system you've been wishing existed, you now know it does, and you know where the door is.

Four doors are open. Walk through the one that's yours.

Next, something quieter: why the writing about how I think lives somewhere else entirely, and what that separation is for.

---

Summary

Four platforms are now live behind a waitlist — security, trading, intelligence, and professional identity — all self-hosted, owned end to end, and built from problems I had myself.

Shadow Obsidian. A self-hosted security console collapsing eight tools into one: network intelligence, OSINT investigation, and offensive tooling sharing a single database.

Red Box Protocol. A multi-asset trading engine running real capital on a six-stage pipeline, with a ten-rule risk gate and deliberately capped AI confidence.

Rabbit Hole Tornado. A macro-sentiment instrument reading 244 sources in fourteen languages, turning narrative shifts into a hundred tradeable tickers — ninety-five percent algorithmic.

HunterStahl. A CV platform where the candidate owns the data, brings their own AI key, and sees recruiter-side view analytics.

One Spine. All four share the same discipline — containerized, test-first, no telemetry phoning home — and gate access so early operators onboard deliberately.