Pedro Balbino

Every writeup here starts from a system that ran in production — under compliance gates, latency budgets, and constraints you can’t wish away. The names are anonymized; the architecture, the trade-offs, and the numbers are not.

Expect C4 container diagrams you can zoom into, a Y-statement that commits to the decision, a fitness function that enforces it, and at least one measured number — p95, recall@k, cost — per claim.

Architecture diagram — three planes (data, control, compliance) for SLSA L2 + Sigstore keyless build pipeline applied across yolo-labz Claude Code plugin repos

SLSA L2 + Sigstore keyless: a solo-dev supply-chain canon for OSS plugin repos

A 9-line GitHub Actions canon — actions/attest-build-provenance + cosign keyless OIDC + dual-format syft SBOM — applied verbatim across six Claude Code plugin repos. SLSA L2 attestations and gh attestation verify smoke tests, no per-plugin overhead, zero rotated secrets.

Architecture diagram — compliance RAG pipeline, data plane + shadow compliance plane, LGPD + BCB 4.893

Compliance-grade RAG for tier-1 LATAM banking

Building an LLM agent for tax-compliance document review under LGPD, internal audit gates, and controlled deployment windows. Pattern: retrieval pipeline + citation extractor + auditable decision log + human-review gate. Stack: Python + Azure OpenAI + Postgres + Terraform.