Technical Deep-Dives

Systems I personally designed, built, and operate—independent production projects spanning IoT hardware, cloud backends, and AI-agent tooling, including a live medical/eldercare device currently monitoring real patients. Click a category to expand it, then click a topic for the full story.

Situation
A healthcare IoT platform was expanding across independently deployed services—cloud backend, Rust firmware, patient-facing app—with Patient and Device data starting to be modeled in more than one place.
Task
Define and enforce service boundaries before the duplication became entrenched.
Action
Authored a formal Architecture Decision Record establishing bounded contexts (Patient owned by the app backend, Device identity owned by the firmware backend), with a message bus as the single integration seam.
Result
Eliminated an active data-duplication risk before it caused a production incident; the model is now followed by every new service on the platform.

Situation
A search-technology vendor needed a new storefront connector on a major eCommerce platform—no product spec, just ambition and a non-technical client.
Task
Turn an ambiguous ask into an architecture, a scoped delivery plan, and engineering-ready documentation.
Action
Ran technical research, built a field-mapping analysis from a real data export, and produced a client questionnaire pre-filled with researched assumptions—then a full PRD (20 deliverables, 6 sprints) and agent-facing engineering docs.
Result
Engineering started from a fully specified backlog instead of a vague ask, collapsing a typical multi-week discovery cycle into one structured round.

Situation
AI coding agents can generate tests and code well, but letting an LLM directly control workflow state introduces non-determinism into a process that needs to be auditable and safe to run unattended.
Task
Design an autonomous engineering agent that uses an LLM for generation while keeping control flow strictly deterministic.
Action
Built a tree-sitter dependency walker, a per-ticket isolated vector store, and a deterministic state machine—not the LLM—driving each ticket through discovery, generation, and validation, with every test executed inside a sandboxed container before any PR opened.
Result
Ran the system against a real production repository, growing its test suite from 476 to 493 passing tests and opening pull requests autonomously.

Situation
A manufacturing client had eight aging, undocumented .NET applications, several business-critical, flagged as a security/compliance liability.
Task
As delivery lead on a fixed-hours SOW, analyze and where feasible migrate these applications, maximizing value against budget.
Action
Ran a multi-agent parallel codebase-analysis swarm across 9 projects, ~200 classes, and 160+ stored procedures in a single continuous run, then converted two utility apps from analysis to full migration once agentic velocity made it the higher-value call.
Result
Delivered in roughly one engineering week what would typically take a 4–5 person team 3–4 weeks; two applications fully migrated within the original SOW hours.

Situation
Across a personal seven-repository platform built primarily through AI-paired development, generation velocity created real risk of architectural drift and silent security regressions.
Task
Establish and personally enforce engineering discipline at a pace that kept up with AI-accelerated implementation.
Action
Instituted mandatory red-green TDD, ran automated code review on every PR but personally triaged every finding, and maintained a living Architecture Decision Record system across the repositories.
Result
Sustained a safety-adjacent production platform—including a live medical/eldercare device—through hundreds of commits per week without sacrificing security or reliability discipline.

Situation
A messaging gateway meant to support multiple customer organizations was designed around a single global bot-token—a shape that silently breaks tenant isolation once a second organization onboards. Separately, an LLM-agent integration PRD connecting to a client's live financial system had no formal security review.
Task
Correct the credential architecture before customer-facing code shipped on the flawed assumption, and review the PRD before build sign-off.
Action
Specified per-workspace OAuth tokens encrypted with AES-256-GCM instead of one shared secret. On the PRD, found an unauthenticated endpoint and overly broad RBAC, then extended the review to AI-specific threat classes—prompt injection, session leakage across chats, hallucination risk on financial output.
Result
Shipped correct multi-tenant isolation from the first customer onboarding; critical PRD findings were fixed pre-implementation, and the risk matrix became a reusable template introducing AI-specific threat categories most conventional reviews miss.

The eldercare-specific reliability engineering, PKI/OTA fleet lifecycle, and the LLM-latency-vs-safety-SLA trade-off live in the MiPariente case study.

Situation
A commercial mmWave radar sensor's UART wire protocol had no public Rust support—only an undocumented, untested C++ reference implementation.
Task
Build a correct, safe parser suitable for a memory-constrained embedded target, and prove it wasn't just working by accident.
Action
Reverse-engineered the frame format, cross-validated it against an independent crate for a sibling sensor, and implemented a no_std, zero-heap-allocation streaming parser with tests covering corrupted headers, resync, and a real byte-capture regression test.
Result
Shipped a published, independently reusable crate more rigorously tested than the reference it replaced, plus a separate published fix for a widely used embedded driver bug.

Situation
A field-deployable IoT hub needed LTE backhaul via a BG95-M3 modem on ESPHome—no ESPHome support existed, and the hardware had undocumented failure modes.
Task
Build a reliable custom component managing the full modem lifecycle, robust enough to self-recover without hardware intervention.
Action
Designed a full power-on/registration/PDP-activation state machine with exponential-backoff recovery, then root-caused a cascade of field-only bugs: inverted GPIO polarity, a modem-crashing polling pattern, an incorrect AT command stack, and an OTA-blocking boot hook.
Result
Delivered a stable component that boots cleanly and supports remote OTA updates without on-site intervention, with every fixed failure mode documented.

Situation
AI workloads were running ad hoc on individual machines with no shared storage, no observability, and no portable networking.
Task
Design and build a mobile, self-contained cluster with GPU access and persistent connectivity from any upstream network.
Action
Designed a 7-node heterogeneous Docker Swarm cluster (Jetsons, Raspberry Pis, ROC boards) routed through a travel gateway with a ZeroTier overlay, choosing GlusterFS over NFS based on the kernel/hardware constraints of the fleet's oldest nodes.
Result
A reproducible, travel-capable cluster letting GPU-accelerated AI workloads move with the engineer instead of being datacenter-bound.

Situation
A client wanted an AI-powered email automation system inside a strict, security-constrained Microsoft 365 tenant boundary—no external dependencies—but arrived with only a rough goal.
Task
Convert a broad, security-constrained ask into a fully specified, buildable architecture and requirements set.
Action
Ran a structured discovery arc, built a 37-question questionnaire across eight workstreams, then authored a ten-section PRD—architecture, tenant-scoped identity, eight functional modules, full data model—written to hand directly to a coding agent.
Result
Produced a PRD detailed enough to go straight to build with no further clarification, inside constraints that eliminated entire categories of otherwise-standard tooling.
Contact me

Let's discuss your challenge

Whether you need strategic leadership, technical architecture, or someone who can do both—I'm interested in complex problems that require crossing traditional boundaries.

Particularly interested in: Healthcare AI, digital transformation recovery, and building high-performance engineering organizations.

Stay Connected

[email protected]

+1 (954) 205-6824

© 2007-2026 Juan C. Méndez