Auth & access boundaries
Who can do what, where those decisions are actually enforced, and what happens when a credential leaks.
/services · security
Find the sharp edges in your system design before production finds them for you.
A design review through a security lens — not a penetration test, a compliance certification, or legal advice.
This comes from actually operating systems — a private cloud / homelab and an AI automation lab — where blast radius isn't a slide, it's the thing that wakes you up at 2am. The review is the same instinct, pointed at your design.
Who it's for
Built for people close to the code, not a procurement department.
Scope
A pass through the parts of a system where small design choices quietly become big operational risks.
Who can do what, where those decisions are actually enforced, and what happens when a credential leaks.
Where credentials live, how they're injected and rotated, and what's quietly sitting in a repo or an env dump.
How code reaches production, who can push it, and how much damage a bad deploy can actually do.
Where sensitive data enters, rests, and moves — and which hops you don't actually need to keep.
Whether you could reconstruct what happened after an incident, without logging things you shouldn't.
The high-privilege panels, scripts, and side doors that rarely get the same scrutiny as the front door.
The trust you've extended to APIs, webhooks, and vendors — and what they can reach if one is compromised.
Where it's relevant: what agents and AI tools can read, write, or trigger, and where a human stays in the loop.
Whether you can undo a change, contain a problem, and keep the blast radius small when something goes wrong.
Deliverables
Plain-language output you can act on — not a black box only I understand.
A written, plain-language map of how your system fits together as I actually found it — not as the diagram claims.
The issues that matter, ordered by real impact and likelihood, instead of a generic checklist.
Concrete, proportionate fixes — what to change and why it's worth the effort.
A short, sequenced plan you can act on in small validated steps, starting with the cheap high-impact wins.
Boundaries
Being clear about the edges is part of doing this honestly.
I review design and reason about weaknesses; I don't run exploits or actively attack your live systems.
This won't produce a SOC 2, ISO, PCI, or HIPAA attestation, and it isn't a formal audit.
Nothing here is a legal opinion on your obligations, contracts, or liability.
A review surfaces blind spots and lowers risk — no review makes a system 'secure' or unbreakable.
This is a design-focused cut of the broader Security & Infrastructure Review, which also covers hosting, backups, monitoring, and day-to-day operational risk. How I handle access, secrets, and anything you share during a review is spelled out on the trust page. Prefer to start on your own? The resources page has the same thinking in self-serve form. Start with the practical security overview for the larger architecture-and-operations model.
Fit
I'd rather be honest up front than oversell. Here's where this works well — and where it doesn't.
Next step
Send the messy version of your architecture — a diagram, a repo, or just a description in your own words. We'll figure out whether a review is the right next step together.