I'm a Network & Systems Engineer and teaching lab aid in Tampa, FL, working where cybersecurity, network observability, and AI infrastructure meet. I build SOC tooling, MCP servers, and multi-agent workflows that run on real production gear, not toy demos, and I write about it at solomonneas.dev/blog.

• US based in Tampa, FL, near the beach.
• 👨‍👧 Father, retired chef of 17 years, OSS contributor, and beach lover when I'm not on a screen.
• 📜 M.S. Cybersecurity Intelligence & Information Security at the University of South Florida.
• 🛡️ Building open-source SOC and threat-intel tooling on bare-metal Proxmox, stitched together with self-hosted n8n.
• 🤖 Deep in multi-agent orchestration, MCP servers, and detection engineering.
• 🗣️ Ask me about Proxmox, network monitoring, MCP servers, OpenClaw, agent orchestration, and open-source SOC.
• ⚙️ Big believer in open source, dogfooding everything, and writing it down so the next person doesn't have to figure it out.
• 🫶 If my work helped you, buy me a coffee or tip on Ko-fi.
• 📫 Reach me at me@solomonneas.dev · LinkedIn · X

Escoffier Labs is my studio for harness-agnostic agent infrastructure, named for the chef who systematized the kitchen brigade. Tools that get your agents into mise en place and keep them there.

Core

• 🚩 brigade - the flagship. Your agents run loops; Brigade keeps the receipts. Local operator layer for memory, tasks, tools, research, review, and release across every harness.
• 🦞 solos-cookbook - The companion cookbook: opinionated, dogfooded guide to running a 24/7 multi-agent AI stack on bare metal.

Agent ops

• 🍪 agentpantry - Encrypted, transport-agnostic sync of browser sessions and secrets from your daily driver to the box your agents run on, so they wake up authenticated.
• 🩺 memory-doctor - Maintenance CLI for the Claude Code and OpenClaw memory systems: status, lint, ingest, compact.
• 🧰 bootstrap-doctor - Audits and trims oversize OpenClaw prefix files into reference cards via heuristics and LLM judgment.
• 🛂 content-guard - Policy-driven content scanning and publish checks that catch secrets, hostnames, and IPs before they leave the machine.
• 🔔 agent-notify - Privacy-first push notifications for AI coding agents to Discord, Telegram, and Signal with zero telemetry.
• 🛎️ cloche - Agent-neutral desktop capture: polished shots with metadata and stable JSON, with an optional MCP server.

Evidence stack

• 🧾 miseledger - Turns scattered AI work history into a local, searchable evidence ledger: SQLite FTS5 search, Markdown export, and Brigade-ready evidence bundles.
• 👣 stationtrail - Exports local agent session logs (Codex, Claude Code, OpenClaw, OpenCode, Hermes) to portable JSONL for MiseLedger.
• 🌾 sourceharvest - Exports non-harness sources like notes, chat exports, and issue exports into the same adapter contract.

OpenClaw & Dev Tools

• 🔍 code-search-api - Local semantic code search with Ollama embeddings, SQLite, hybrid search, and LLM summaries.
• 🧩 code-search-mcp - Read-only MCP server and OpenClaw plugin that puts code-search-api in front of any agent.
• 📡 upstream-drift - Upstream drift watcher: LLM-summarized diffs of tracked repos with weekly Discord digests.
• 📊 usage-tracker - Token usage and cost analytics for OpenClaw sessions across models.
• 📚 prompt-library - Dual-mode prompt management with browse/copy UI and a REST API for sub-agents.
• 🖥️ ops-deck-oss - Self-hosted operational dashboard for OpenClaw users: React UI plus a minimal FastAPI sidecar.
• 🎞️ appreels - Agent-neutral demo-video recorder for clean, repeatable product clips.

Security & Threat Intelligence

• 🛡️ cyberbrief - AI threat intel briefings with BLUF reports, ATT&CK mapping, and IOC extraction.
• 🔍 bro-hunter - Threat hunting for Zeek and Suricata logs with beaconing detection and MITRE mapping.
• 🔬 intel-workbench - Threat intel analysis with ACH matrices, evidence weighting, and STIX export.
• 📖 hotwash - SOC playbook parser with mermaid diagram generation and Wazuh alert ingestion.
• 🏗️ soc-stack - Full SOC architecture covering MCP servers, detection pipelines, and deployment playbooks.

MCP Servers

• 🧠 cortex-mcp - Observable analysis for IOCs, reports, and response actions.
• 🛡️ wazuh-mcp - SIEM access for agents, alerts, rules, and decoders.
• 🔬 misp-mcp - Threat intel search, IOC correlation, and STIX/Suricata/CSV export.
• 🐝 thehive-mcp - Incident response workflows for cases, alerts, tasks, and observables.
• ⚔️ mitre-mcp - MITRE ATT&CK technique mapping, threat group profiling, and detection gap analysis.
• 🔎 zeek-mcp - Network monitoring access for connection, DNS, HTTP, and SSL logs.
• 🦔 suricata-mcp - IDS/IPS workflows for managing rules, querying alerts, and analyzing traffic.
• 🕸️ maltego-mcp - Maltego graph authoring and OSINT lookups for whois, DNS, ASN, and crt.sh.
• ⚙️ n8n-ops-mcp - Ops control for n8n workflows, validation, and execution lifecycle.
• 📮 postiz-mcp - Postiz social scheduling control with full public-API coverage, env-gated writes, and a 30/hr rate-limit guard.
• 🧱 adguard-mcp - AdGuard Home control with tools across read, safe-write, and destructive tiers.
• 🖥️ proxmox-mcp - Proxmox VE control with 12 tools for container/VM lifecycle, snapshots, and backups.
• 📡 librenms-mcp - LibreNMS control with 10 tools for device, port, and alert reads plus alert acks.

Network & Infrastructure

• 🔭 watchtower - NOC dashboard with interactive topology, L2/L3 views, and LibreNMS/Proxmox integration.
• 🔌 portgrid - Switch port visualization for LibreNMS with color-coded views and instant search.
• 🔒 proxguard - Proxmox security auditor with config parsers, CIS benchmarks, and remediation scripts.
• 🧮 config-diff-explainer - Offline CLI that turns before/after network device configs into operator-ready reports on what changed, what's risky, and how to roll back. 8 vendor parser paths.
• 📶 eero-cli - CLI for the eero mesh API with SMS auth, filtered device listing, and bulk blocking.
• 🐧 samba-ad-migration - Windows AD to Samba file share migration scripts for Proxmox.

Media Automation

• 🎬 jellyfin-mcp - Control Jellyfin from LLMs with playback sessions, library scans, user admin, and 20 MCP tools.
• 🖼️ immich-mcp - Browse and search Immich photos, manage albums, recognize people, surface memories, and resolve duplicates.
• 🎞️ reelgrep - Local video search with ffprobe metadata, Whisper transcription, and FTS5 subtitle search.
• 🔍 reelgrep-mcp - MCP wrapper for reelgrep with citation-formatted timestamps from your local video library.
• 🎚️ media-cli - Single-file bash CLI for the self-hosted *arr media stack: Sonarr, Radarr, Prowlarr, qBittorrent, and more, locally or over SSH.

Streaming & OBS

• 🎛️ deckctl - Declarative driver for the Elgato Stream Deck with YAML config and OBS execution.
• 🎥 obsctl - kubectl-style multi-host wrapper for managing OBS Studio across machines from one CLI.

I'm always open to building, contributing, collaborating, and chatting. Feel free to reach out.

• 💰 How I Migrated 6 Servers from VMware to Proxmox and Saved $343K
• 🖥️ I Migrated Our Entire Infrastructure from Hyper-V to Proxmox
• 💿 Replacing SCCM with FOG Project
• 🛡️ I'm a Lab Assistant. So I Built My Own SOC
• 🧩 I Built 7 MCP Servers for Security Tools. The Protocol Was the Easy Part.
• 📡 A Fiber Cut at 2 PM Taught Me Why I Needed to Build Watchtower
• 🎓 3 Days, 18 Hours: What I Learned at NDG's Proxmox Workshop
• 🤖 Anthropic Broke My OpenClaw Stack. GPT 5.4 Put It Back Together