Posts

Architecture diagram — three planes (data, control, compliance) for SLSA L2 + Sigstore keyless build pipeline applied across yolo-labz Claude Code plugin repos

SLSA L2 + Sigstore keyless: a solo-dev supply-chain canon for OSS plugin repos

A 9-line GitHub Actions canon — actions/attest-build-provenance + cosign keyless OIDC + dual-format syft SBOM — applied verbatim across six Claude Code plugin repos. SLSA L2 attestations and gh attestation verify smoke tests, no per-plugin overhead, zero rotated secrets.

 · 8 min · Pedro Balbino
Architecture diagram — compliance RAG pipeline, data plane + shadow compliance plane, LGPD + BCB 4.893

Compliance-grade RAG for tier-1 LATAM banking

Building an LLM agent for tax-compliance document review under LGPD, internal audit gates, and controlled deployment windows. Pattern: retrieval pipeline + citation extractor + auditable decision log + human-review gate. Stack: Python + Azure OpenAI + Postgres + Terraform.

 · 6 min · Pedro Balbino