Selected work

The work is the proof.

Each engagement runs through the same model: understand the reality, remove the assumptions, design the system, execute, measure. What follows is the outcome and the method behind it, not a logo wall. Named where the client has cleared it; described plainly where they haven't.

We work directly with operators, and as a subcontractor to teams already engaged on the problem.

/ 01
Released the NOMARK SDK, an open-source engine that reads your AI conversation history, infers how you actually reason, and writes the instructions every model you use should follow.
Reality
Memory systems remember what you said. They don't tell the model how you want to be answered, and they don't carry that knowledge across providers. Every time you switch from Claude to ChatGPT to Cursor, you start over, re-explaining, re-correcting, re-prompting the same preferences.
Assumptions removed
The reflex is to give the model more memory. The gap isn't recall. It's translation. The model already has your facts; what it lacks is the compiled set of rules about how to answer you, derived from how you actually reason rather than from labels you self-applied.
System designed
An Apache-2.0 engine that parses conversation ledgers, extracts preference signals across a 10-dimension cognitive framework, and compiles them into instructions the model receives before you type. Promotion gates (staged, stable, rejected) resolve contradictions so a bad-mood opinion doesn't rewrite the profile. Every rule traces back to quoted evidence in your own history.
Outcome
Live at nomark.ai. The engine ships on npm as @nomark-ai/engine with CLI, Python and TypeScript SDKs, and an MCP server. Apache-2.0 open core, with a Pro tier for trust contracts, contradiction resolution, audit trails, and team baselines.
/ 02
Built and shipped fund-flow analytics for an Australian fund manager, white-labelled and running through their standard reporting cycle.
Reality
The manager's flow data sat across Asgard, Netwealth, Hub24, and a handful of other platforms, with no two formats agreeing. Distribution and product teams ran the same reconciliation work every month by hand, and decisions about distribution effort depended on data no one fully trusted.
Assumptions removed
The instinct was to buy a vendor BI tool and connect it to everything. The dashboards weren't the problem. There was no reliable data layer underneath them to dashboard against.
System designed
A platform-data foundation on Azure SQL with dbt for transformation, Great Expectations for the contracts, Metabase as the analytics surface, and n8n for orchestration. White-labelled per customer. The manager's own data team operates it.
Outcome
Live and running the manager's flow analytics through the standard reporting cycle. Reconciliation work that took a week happens automatically; the handover spec and operating runbook are in place, so we are not the dependency.
/ 03
Released Sigil, a security scanner that quarantines and analyses every package, repo, and MCP server before install hooks execute.
Reality
AI agents are pulling code from npm, PyPI, and GitHub at machine speed, and the install hooks in those packages (postinstall scripts, setup.py cmdclass, Makefile targets) execute before any scanner can review them. Existing tools scan after install. The damage, by then, has already happened.
Assumptions removed
The reflex is to lean harder on CVE scanners. They miss the entire class of behaviour-based threats (credential harvesting, data exfiltration, obfuscated payloads), and they run too late. The intervention point is before execution, not after.
System designed
An open-source CLI that intercepts git clone and pip install, quarantines the code, and runs 8 analysis phases in parallel: install hooks, code patterns, network exfiltration, credentials, obfuscation, provenance, prompt injection, and AI skill security. Verdicts are weighted by severity; scans complete in under three seconds.
Outcome
Free CLI live at sigilsec.ai, Apache 2.0, installable via curl, brew, or npm. Threat intelligence database covering 55 signatures and over 4,700 known threats, with paid tiers for AI-assisted investigation and CI/CD automation. Runs entirely offline; no source code leaves the machine.
/ 04
Built and shipped Exectables, a private bench of retired senior Australian investment-operations professionals, available by the hour for structured mentorship and project advisory.
Reality
Niche investment firms and senior managers on stretch projects don't need a consulting engagement. They need a sounding board with scars: someone who has done the operational work before and can tell them what's about to break. That access usually depends on whose phone number you have.
Assumptions removed
The default answer is a search firm, a recruiter retainer, or a chair appointment. The gap is structural: there is no neutral, structured way to engage retired senior operators on short-form work, priced to be used rather than priced to justify a retainer.
System designed
A private, curated bench built on SvelteKit, Supabase, and Stripe Connect. Retired senior investment-operations professionals own their own listings; firms and senior managers browse, engage, and pay through the platform. Rates calibrated to the work, not the chair.
Outcome
Live at exectables.com, taking signups on both sides. The bench is private and curated; engagements are hourly and short-form by design.

We work directly with operators, and as a subcontractor to teams already engaged on the problem.

Released the NOMARK SDK, an open-source engine that reads your AI conversation history, infers how you actually reason, and writes the instructions every model you use should follow.

Reality

Memory systems remember what you said. They don't tell the model how you want to be answered, and they don't carry that knowledge across providers. Every time you switch from Claude to ChatGPT to Cursor, you start over, re-explaining, re-correcting, re-prompting the same preferences.

Assumptions removed

The reflex is to give the model more memory. The gap isn't recall. It's translation. The model already has your facts; what it lacks is the compiled set of rules about how to answer you, derived from how you actually reason rather than from labels you self-applied.

System designed

An Apache-2.0 engine that parses conversation ledgers, extracts preference signals across a 10-dimension cognitive framework, and compiles them into instructions the model receives before you type. Promotion gates (staged, stable, rejected) resolve contradictions so a bad-mood opinion doesn't rewrite the profile. Every rule traces back to quoted evidence in your own history.

Outcome

Live at nomark.ai. The engine ships on npm as @nomark-ai/engine with CLI, Python and TypeScript SDKs, and an MCP server. Apache-2.0 open core, with a Pro tier for trust contracts, contradiction resolution, audit trails, and team baselines.

Built and shipped fund-flow analytics for an Australian fund manager, white-labelled and running through their standard reporting cycle.

Reality

The manager's flow data sat across Asgard, Netwealth, Hub24, and a handful of other platforms, with no two formats agreeing. Distribution and product teams ran the same reconciliation work every month by hand, and decisions about distribution effort depended on data no one fully trusted.

Assumptions removed

The instinct was to buy a vendor BI tool and connect it to everything. The dashboards weren't the problem. There was no reliable data layer underneath them to dashboard against.

System designed

A platform-data foundation on Azure SQL with dbt for transformation, Great Expectations for the contracts, Metabase as the analytics surface, and n8n for orchestration. White-labelled per customer. The manager's own data team operates it.

Outcome

Live and running the manager's flow analytics through the standard reporting cycle. Reconciliation work that took a week happens automatically; the handover spec and operating runbook are in place, so we are not the dependency.

Released Sigil, a security scanner that quarantines and analyses every package, repo, and MCP server before install hooks execute.

Reality

AI agents are pulling code from npm, PyPI, and GitHub at machine speed, and the install hooks in those packages (postinstall scripts, setup.py cmdclass, Makefile targets) execute before any scanner can review them. Existing tools scan after install. The damage, by then, has already happened.

Assumptions removed

The reflex is to lean harder on CVE scanners. They miss the entire class of behaviour-based threats (credential harvesting, data exfiltration, obfuscated payloads), and they run too late. The intervention point is before execution, not after.

System designed

An open-source CLI that intercepts git clone and pip install, quarantines the code, and runs 8 analysis phases in parallel: install hooks, code patterns, network exfiltration, credentials, obfuscation, provenance, prompt injection, and AI skill security. Verdicts are weighted by severity; scans complete in under three seconds.

Outcome

Free CLI live at sigilsec.ai, Apache 2.0, installable via curl, brew, or npm. Threat intelligence database covering 55 signatures and over 4,700 known threats, with paid tiers for AI-assisted investigation and CI/CD automation. Runs entirely offline; no source code leaves the machine.

Built and shipped Exectables, a private bench of retired senior Australian investment-operations professionals, available by the hour for structured mentorship and project advisory.

Reality

Niche investment firms and senior managers on stretch projects don't need a consulting engagement. They need a sounding board with scars: someone who has done the operational work before and can tell them what's about to break. That access usually depends on whose phone number you have.

Assumptions removed

The default answer is a search firm, a recruiter retainer, or a chair appointment. The gap is structural: there is no neutral, structured way to engage retired senior operators on short-form work, priced to be used rather than priced to justify a retainer.

System designed

A private, curated bench built on SvelteKit, Supabase, and Stripe Connect. Retired senior investment-operations professionals own their own listings; firms and senior managers browse, engage, and pay through the platform. Rates calibrated to the work, not the chair.

Outcome

Live at exectables.com, taking signups on both sides. The bench is private and curated; engagements are hourly and short-form by design.