stratumiops/docs/en/ia/ia-stratumiops-projects.md

# AI Portfolio: Intelligent Development from Start to Finish

## The Problem

Development teams face critical challenges when integrating AI into their workflows:

- **Scattered knowledge**: Decisions in Slack, patterns in wikis, guidelines in separate docs
- **AI agents without context**: Generate code that ignores project conventions
- **Uncontrolled LLM costs**: No visibility or limits per team or task
- **Manual infrastructure**: Repetitive configuration consuming valuable time
- **Fragmented interfaces**: One tool for CLI, another for web, another for TUI

## The Solution: An Integrated Ecosystem

Five projects designed to work together, each solving a specific problem.

---

## Vapora: Intelligent Agent Orchestration

### Agents that Learn from Experience

Vapora is not just another agent framework. It's a system that **learns which agent is best for each task** based on previous executions.

**How it works**:

- Each execution builds an expertise profile by task type
- Last 7 days weigh 3x more than historical data (recency bias)
- New agents don't override experienced ones (confidence weighting)

**Real cost control**:

- Budgets per role (monthly/weekly)
- Three levels: normal → near limit → exceeded
- Automatic fallback to cheaper providers without manual intervention

**For whom**:

- Teams using multiple AI agents for development
- Organizations needing to control LLM spending
- Projects with code pipelines (architect → developer → reviewer → tester)

**Expected results**:

- LLM cost reduction through intelligent routing
- Improved output quality by assigning agents based on expertise
- Complete visibility of spending and performance per agent

---

## Kogral: The Team's Knowledge, Queryable

### Your AI-Integrated Knowledge Base

Kogral captures your team's decisions, patterns, and guidelines in a format that both humans and AI agents can query.

**What makes it different**:

- **6 specialized node types**: Notes, Decisions (ADRs), Guidelines, Patterns, Journals, Executions
- **Git-native**: Everything in versioned markdown, not in an external SaaS
- **MCP for Claude Code**: Your agents query guidelines before generating code

**The flow**:

```text
Developer makes decision → Captures in Kogral as ADR
                                    ↓
            Claude Code queries via MCP → "Are there auth guidelines?"
                                    ↓
                   Kogral responds with project context
                                    ↓
              Generated code follows team conventions
```

**For whom**:

- Teams losing knowledge when members rotate
- Organizations with multiple projects needing consistent guidelines
- Developers using Claude Code wanting project context

**Expected results**:

- Onboarding new members in days, not weeks
- AI-generated code respecting conventions
- Architectural decisions preserved and searchable

---

## TypeDialog: One Definition, Six Interfaces

### Forms that Work Everywhere

Define a form once in TOML. Execute it in CLI, TUI, Web, or let an AI agent complete it.

**Available backends**:

| Backend | Typical use |
| --------- | ----------- |
| **CLI** | Automation scripts, CI/CD |
| **TUI** | Admin tools, terminal dashboards |
| **Web** | SaaS applications, public forms |
| **AI** | Semantic search, RAG over documentation |
| **Agent** | Agent execution from .agent.mdx files |
| **Prov-gen** | Multi-cloud infrastructure generation |

**The flow**:

```text
employee_onboarding.toml
        ↓
    TypeDialog
        ↓
┌───────┬───────┬───────┐
CLI    TUI     Web    Agent
│       │       │       │
▼       ▼       ▼       ▼
Same validated result with Nickel contracts
```

**For whom**:

- Teams maintaining the same logic in CLI and Web
- DevOps needing configuration wizards
- Organizations with multi-language forms

**Expected results**:

- Single definition for all interfaces
- Typed validation before runtime
- Forms that execute LLM agents directly

---

## Provisioning: Infrastructure with AI

### Declarative IaC + AI-Assisted Generation

Provisioning combines the precision of typed configuration (Nickel) with AI assistance to generate and validate infrastructure.

**Unique capabilities**:

- **Nickel IaC**: Typed configuration with lazy evaluation, not YAML
- **MCP Server**: Natural language queries about infrastructure
- **Integrated RAG**: 1,200+ domain documents for contextual responses
- **Multi-cloud**: AWS, UpCloud, local from the same definition

**Enterprise security**:

- JWT + MFA (TOTP + WebAuthn)
- Cedar policy engine for RBAC
- 7-year audit log retention
- 5 KMS backends (RustyVault, Age, AWS KMS, Vault, Cosmian)

**The flow**:

```text
"I need a K8s cluster on AWS with 3 nodes"
                    ↓
              MCP Server (NLP)
                    ↓
          RAG searches similar configurations
                    ↓
          Generates Nickel + validates types
                    ↓
          Orchestrator deploys with rollback
```

**For whom**:

- DevOps teams wanting typed IaC, not fragile YAML
- Multi-cloud organizations (AWS + others)
- Teams needing audit and compliance

**Expected results**:

- Configuration errors caught at compile time, not runtime
- Infrastructure generated from natural language
- Automatic rollback on failures

---

## SECRETUMVAULT: Secrets with Post-Quantum Cryptography

### The First Production-Ready Rust Vault with PQC

SecretumVault is a secrets management system implementing **production-ready post-quantum cryptography** (ML-KEM-768, ML-DSA-65).

**Crypto agnostic**:

- **OpenSSL**: RSA, ECDSA, AES-256-GCM (classic compatibility)
- **OQS (Post-Quantum)**: ML-KEM-768, ML-DSA-65 (NIST FIPS 203/204)
- **Pluggable backends**: Change algorithms without modifying code

**Secrets engines**:

| Engine | Capability |
| ------- | ----------- |
| **KV** | Versioned secret storage |
| **Transit** | Encryption-as-a-service with key rotation |
| **PKI** | X.509 certificate generation |
| **Database** | Dynamic credentials with TTL |

**Multi-backend storage**:

- Filesystem (development, single-node)
- etcd (Kubernetes, high availability)
- SurrealDB (complex queries, time-series)
- PostgreSQL (enterprise, ACID)

**Enterprise security**:

- Shamir Secret Sharing for unsealing
- Cedar policy engine (ABAC)
- Native TLS/mTLS
- Complete audit logging

**For whom**:

- Teams deploying post-quantum cryptography today
- Organizations with cryptographic agility requirements
- Multi-cloud platforms needing Rust-native secrets management

**Expected results**:

- Preparation for quantum threats without architecture changes
- Secrets management with Rust memory guarantees
- Native integration with the ecosystem (Provisioning, Vapora)

---

## The Ecosystem in Action

### Scenario: New Feature with AI

```text
1. Kogral provides guidelines and patterns to Claude Code via MCP
2. Vapora coordinates agents: Architect designs → Developer implements → Reviewer validates
3. TypeDialog captures necessary configurations with Nickel validation
4. SecretumVault manages credentials and feature secrets
5. Kogral records decisions made during development
6. Provisioning deploys required infrastructure changes
```

### Scenario: New Developer Onboarding

```text
1. Kogral exports project knowledge graph
2. TypeDialog presents interactive architecture quiz
3. Vapora assigns progressive onboarding tasks
4. Provisioning automatically configures development environment
```

### Scenario: Multi-Cloud Migration

```text
1. Kogral documents migration ADRs
2. TypeDialog validates configuration parameters
3. Provisioning executes migration with checkpoints
4. Vapora orchestrates agents for monitoring and reporting
```

---

## Why Choose This Ecosystem

### Versus Alternatives

| Us | Alternatives |
| ---------- | -------------- |
| **Rust native**: Performance, no GC, type-safe | Python: GIL, optional typing |
| **Nickel configs**: Pre-runtime validation | YAML/JSON: Runtime errors |
| **Execution learning**: Agents improve | LangChain: Static chains |
| **MCP integrated**: Context for Claude Code | No native integration |
| **Budget control**: Automatic fallback | Manual cost control |
| **Native multi-tenant**: SurrealDB scopes | Manual isolation |

### Technical Investment

| Metric | Value |
| --------- | ------- |
| Rust Crates | 40+ |
| Tests | 4,360+ |
| Lines of code | ~206K |
| LLM Providers | Claude, OpenAI, Gemini, Ollama |
| MCP Tools | 14+ |
| Crypto backends | OpenSSL, OQS (PQC), AWS-LC |

---

## Getting Started

### Recommended Progressive Adoption

1. **Kogral**: Establish knowledge base (standalone, no dependencies)
2. **TypeDialog**: Enable structured inputs and validation
3. **SecretumVault**: Secrets management with modern cryptography
4. **Vapora**: Orchestrate agents with Kogral context
5. **Provisioning**: Infrastructure informed by the ecosystem

Each project works independently. Synergies emerge when combining them.

---

## Contact

- **Repositories**: GitHub (private projects)
- **Stack**: Rust, Nickel, SurrealDB, Axum, Leptos
- **License**: Proprietary / To be defined

---

*AI-assisted development shouldn't require 10 disconnected tools.*
*One ecosystem. Five projects. Real integration.*