Skip to content
View GatoGodMode's full-sized avatar

Block or report GatoGodMode

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
GatoGodMode/README.md

Note

Professional portfolio of IAM, CRM, and security case studies. Most work is proprietary enterprise and client systems; linked repositories are reviewable excerpts for IAM, CRM, security, and implementation depth.

Open to Work — Contract and Full-Time Professional Portfolio

Joseph Edwards · GatoGodMode

Cyber Security · IAM · CRM Engineering. I ship access-controlled business systems with audit-grade discipline.

Open to contract and full-time roles: CRM Systems Engineer · Business Systems Engineer · Salesforce / Zoho Administrator-Developer · IAM Analyst / IAM Engineer · Security Automation Engineer · Internal Tools Engineer · Solutions / Technical Implementation Engineer · IT Systems Administrator (automation + security)

Cyber Security IAM / RBAC CRM Engineering Zoho · Salesforce Open to Contract

  • IAM & access control: entity/field RBAC, MFA, audit trails, PII field governance; StrikeScope + bank/government-grade integration patterns
  • CRM & business systems: production Zoho org (~100 automations), Salesforce certified (Admin + Advanced Admin), multi-tenant CRMs, lender/permitting API integrations
  • Security automation & delivery: migration tooling (DNS-Sentinel), hardened client deployments, idempotent SQL migrations, internal tools

If you're hiring for…

Role focus Start here
IAM / security engineering StrikeScope IAM · RawGraded assurance · RawInvestor loopback auth · RoofRoofTexas hardening
CRM / business systems Zoho at scale · StrikeScope pipeline · RoofRoofTexas case study
Solutions / internal tools / implementation DNS-Sentinel · OrphanHunter · Portfolio at a glance

LinkedIn X RawGraded Microsoft Store RawInvestor TheMoun

Secure the identity layer. Automate the CRM. Audit everything. Role-scoped data, server-side secrets, idempotent migrations.

Let's talk on LinkedIn

About this portfolio

Most of my engineering career has been in private, proprietary enterprise and client systems: CRMs, IAM platforms, integrations, and security automation. Public repos here are case studies I can share for recruiter and security review. The rest stays with clients.


Enterprise & CRM Development

Click a bar to expand.

Expand: What I build for businesses

Custom CRM & business platforms: multi-tenant CRMs built from scratch and deep customization of platform CRMs. Role-based access control, field-level PII governance, multi-role assignment (sales agents, project managers, regional managers), customer and agent portals, document/agreement vaults, and audit trails.

Contract/consulting engagement: configured a production Zoho org for a since-wound-down multi-state solar/roofing operator (independent contractor; not an employee of that company or of Zoho) with roughly 100 workflows and automations spanning project scopes, activities, and pipeline stages:

  • Zoho Flow automation suites orchestrating cross-app processes end to end
  • Custom modules and calculators inside Zoho CRM for advanced payout and commission math
  • Custom portals for customers and sales agents with multiple assignment models
  • Automatic notifications with processing math baked into the pipeline
  • Full-stack adoption across Zoho CRM, Projects, Analytics, WorkDrive, and Flow

(The org served a company that has since wound down, so the live deployment isn't publicly demonstrable. The patterns live on in everything below.)

Integrations, APIs & webhooks: production webhook and API integrations with banks/lenders (financing flows) and permitting jurisdictions, plus Google Workspace sync, marketplace APIs, and document pipelines. Data migration between systems is routine work: CSV/structured imports, idempotent dated SQL migrations, dedupe-on-ingest, export/import tooling.

Security patterns aligned with regulated environments: banking- and government-style RBAC, role-scoped visibility, server-side key handling, audit/activity trails, and duplicate-safe, charset-safe migration practices.

Expand: Selected private builds

Client systems, described conceptually unless linked below.

StrikeScope portfolio case study: self-hosted multi-tenant CRM with entity + field-level RBAC, TOTP MFA, audit trail, Activepieces orchestration, and Dev Studio AI that observes schema/code structure. Full lead-to-install pipeline (commissions, financing, territory, field PWAs, customer portal). IAM model · Sentinel roadmap (WIP)

Field-operations CRM for multi-region installation crews: four role-scoped experiences (admin console, CRM desk, foreman mobile, restricted crew shell), two-way Google Calendar sync and Drive mirroring, QR crew check-in with geofenced sites, guided photo/video proof-of-work with GPS/timestamp forensics, permit document OCR, SLA dashboards and shift analytics, bilingual EN/ES field UX. React + Express + MySQL with dated idempotent migrations.

Public case study: see RoofRoofTexas EXPAND below.

Expand: StrikeScope

Self-hosted CRM built to demonstrate enterprise IAM and a credible path toward local AI security operations.

Shipped IAM: JWT + bcrypt + optional TOTP MFA · entity CRUD permissions per role · field-level PII (ssn_last_four, date_of_birth, co-signer fields) · multi-company membership · audit trail · scoped automation service keys · Helmet + rate limits.

Platform: Express + SQLite monorepo · Admin CRM + Server Admin · Field/Installer/Monitor PWAs · Activepieces event orchestration · Dev Studio local AI (RAG over schema, migrations, ship/rollback).

WIP: Sentinel roadmap, local AI SIEM/SOAR with company-maintained playbooks (roadmap documentation only).

Go deeper: Repository · SECURITY-IAM.md · Architecture

Expand: PDF Size Reducer

Custom tooling for people who need extreme PDF compression without touching a terminal.

Problem: 50 MB scan PDFs blocked email and portal uploads. Existing shrinkers were CLI-only, conservative, or buried in IT tooling.

Shipped: Tkinter desktop app with Ultra (max shrink) Ghostscript profile, full preset ladder, Ghostscript + PyMuPDF raster modes, Check Sizes preview (runs every preset before commit), and only keep if smaller safety. Portable 73 MB exe bundles Ghostscript for double-click use by office staff.

Go deeper: Repository · Portable exe

Expand: LuxuryCatalog

Custom tooling: turn line-art door designs into a print-ready luxury catalog, with recovery when cloud source data is gone.

Problem: An unnamed manufacturer client needed photorealistic catalog renders from B&W line art at SKU scale. Cloud assets were later deleted; only the finished PDF survived.

Shipped: React + Vite app with Gemini Nano Banana (gemini-2.5-flash-image / gemini-3.1-flash-image-preview) queue processing, teal glass unification, jsPDF catalog export (covers, spreads, index), PDF operator-list reverse engineering to rebuild the IndexedDB queue from output PDF alone, WooCommerce ZIP export, and WP Media Mapper Chrome extension.

Go deeper: Repository · Showcase renders

Expand: DNS-Sentinel

Built during a ~1 TB GoDaddy M365 → Google Workspace cutover when registrar and vendor support couldn't agree on DNS state.

Problem: Mid-migration email failures with blame shifting across GoDaddy, Microsoft, and Namecheap. No single view of MX, SPF, DMARC, SMTP reachability, or site stack exposure.

Shipped: Full-stack audit tool with domain score (SSL, headers, path exposure), email provider heuristics (Google/M365/GoDaddy legacy), SMTP + MX banner tests, WordPress vs Vite dist detection with optional deep scan, SQLite audit history, and server-proxied Gemini fix guides and migration chat.

Go deeper: Repository

Expand: RoofRoofTexas

Public case study: full redesign, re-architecture, security hardening, and local SEO for a Houston roofing company, built lean on purpose.

Problem: Thin one-pager with no project gallery, mobile nav hidden below 768px, client-side-only form validation, SEO artifacts referenced but never deployed.

Shipped:

  • Design system: brand-aligned navy/red palette, SVG icon sprite, consistent card and section language
  • Real proof content: project gallery with responsive photography and aerial drone flyovers
  • Live service-area map: interactive coverage across 14 Greater Houston cities, lazy-loaded with integrity-pinned CDN
  • Media pipeline: multi-MB source photos and 4K drone video compressed to sub-2 MB WebP/MP4 deliverables
  • Conversion form: CSRF, honeypot, minimum-delay check, per-IP rate limiting, origin/referer whitelisting, server-side sanitization (no third-party CAPTCHA)
  • Server hardening: CSP, HSTS (1 year), X-Frame-Options, nosniff, referrer/permissions policies; PHP execution blocked under /assets
  • SEO infrastructure: full JSON-LD @graph (RoofingContractor, FAQPage, VideoObject, ItemList), sitemap, robots, llms.txt, geo meta, Open Graph + Twitter Cards
  • Accessibility: skip links, ARIA landmarks, keyboard-operable accordion, reduced-motion and save-data video gating, WCAG 2.2.2 media pause control

Before / After

Before After
Original site: thin one-pager with placeholder visuals, no project gallery, no live map Rebuilt site: real project gallery, live service-area map, optimized media, conversion-focused estimate flow

Go deeper: Case study repo · Live site


Portfolio at a glance

Business systems, IAM, and security work first, then shipped desktop products used as assurance publications.

Tier 1: Business systems, IAM, security

Project One-liner Status
StrikeScope Self-hosted CRM + IAM, entity/field RBAC, MFA, audit, automation orchestration Portfolio case study
RoofRoofTexas rebuild Client site, CSP/HSTS, hardened forms, SEO infrastructure Live · case study
DNS-Sentinel M365 → Google Workspace DNS/migration auditing Portfolio tool
OrphanHunter Web app crawl, SQL/table/reference audit for migrations Portfolio tool · v1.3
PDF Size Reducer Desktop PDF shrinker, Ultra preset, size preview, portable exe Portfolio tool
LuxuryCatalog AI catalog pipeline with PDF disaster-recovery reverse engineering Portfolio tool
Zoho production org ~100 workflows/automations, Flow, custom modules. See Enterprise section Private client work

Tier 2: Shipped desktop apps & assurance publications

Project One-liner Status
RawGraded Desktop + vault API, assurance publication (SPII strip, threat model) Shipping · reviewable source
RawInvestor Local-first desktop, loopback API, token auth, Microsoft Store Shipping · assurance repo
RawMarkets / RawEngine / TheMoun Internal R&D and hardware program In progress · secondary
Published research (non-hiring primary)
Project One-liner Status
CollectorBuyerPsych Cited neuro-economic research on collectibles and digital asset markets Published research

Collapsible deep dives below.


Tech Stack

  • Verified CRM scale: archived/downgraded Expert Solar Zoho CRM evidence shows 35K+ visible records across Contacts, Accounts, Calls, Deals, Leads, Emails, and Tasks, with storage at the downgraded 5,000-record cap.
  • Certification progress: Salesforce Admin + Advanced Admin; Microsoft SC-300 in progress with 10 Microsoft Learn identity/security badges completed June 13-14, 2026.

TypeScript React Node.js Express Electron SQLite MySQL Zoho REST Ollama Python PHP

Certifications: Salesforce Administrator Salesforce Advanced Administrator

CRM platforms, IAM patterns, and integration automation first. TypeScript/Node for internal tools; Zoho Flow/Deluge and Salesforce for business systems; audit-grade migrations and server-side secret handling throughout.

Expand: Full Toolbox

Languages & Runtimes

TypeScript JavaScript Node.js Python PHP SQL

Frameworks & Tooling

React Express Electron Vite Tailwind CSS Capacitor Playwright Docker Git

Data & AI

MySQL SQLite Ollama Google Gemini Three.js Leaflet

Business Platforms & APIs

Zoho CRM Zoho Flow Zoho Projects Zoho Analytics Zoho WorkDrive Salesforce Google Cloud API Google Analytics Google Calendar Gmail Google Drive Google Maps Google Project Sunroof API REST Webhooks

Web & CMS

WordPress Gravity Forms Wordfence

Productivity & OS

Microsoft 365 Outlook Microsoft Windows Microsoft Defender

Creative

Adobe Creative Cloud Adobe Photoshop Adobe Illustrator

AI Dev Tools

Cursor Google Antigravity OpenCode


Shipped products: assurance deep dives

Secondary section: shipped desktop products used as security and architecture case studies. Domain-specific UI; the hiring signal is IAM patterns, loopback APIs, audit discipline, and release integrity.

Click a bar to expand.

Expand: Data workflow principles
Common pattern My stack
Data sourcing Manual, multi-tab search across isolated systems Unified, automated multi-source capture
Analysis Descriptive ("what happened") Prescriptive, actionable decision signals
Privacy & control Cloud-dependent, vendor-tracked Local processing, loopback APIs, data stays on-device
Expand: RawEngine Local AI

Stack: local-first AI core with loopback inference, evidence cataloging, and a deterministic math layer. Default path requires no cloud upload.

Two stages:

  1. Vision stage (local LLM inference): phased evidence passes for OCR/text extraction, identity resolution, qualitative notes, and defect cataloging across image and video frames. The model catalogs evidence only.
  2. Deterministic math stage: rules-based engine computes numeric outputs from cataloged defects, risk factors, and measured geometry. Floors, ceilings, and cross-run consistency live in code.

Architecture: local inference runtime on loopback, with optional bring-your-own-key cloud fallback. Local mode keeps sensitive imagery on-device. Standard and Deep analysis modes trade speed for forensic depth. Output includes auditable traces.

Expand: RawGraded Studio

Stack: local-first desktop, PHP vault API, SPII strip on public verify, documented threat model.

Architecture: Windows desktop app (web-tech UI in a native shell) with companion mobile capture, local database for portfolio/provenance, and pluggable AI providers (local-first, optional BYOK cloud). Optional hosted vault at rawgraded.com. Desktop workflow requires no account.

Assurance publication: GatoGodMode/RawGraded, reviewable excerpt (Electron desktop, PHP vault API, landing). Secrets load from runtime settings at deploy time; operator config and schema migration stay out of band. Release integrity gate: node scripts/publish-preflight.cjs.

Security highlights: server-side SPII strip on public cert verify; GO PRIVATE archive control; deterministic grade math with auditable mathTrace. Vault records & SPII controls →

Built for production

Scale Security Polish
PDF export over 296 assets Vault privacy mode Three.js holo card viewer
Chunked insurance ledger PDF with progress over 250+ assets Server-side SPII strip on public cert verify; GO PRIVATE archive control Three.js viewer with pattern inference
  • Portfolio-grade PDF export with sectioned rendering and live progress UI
  • Full vault provenance capture, envelope OCR, and insurance ledger
  • Platform showcase (screenshots) →

Expand: RawInvestor

Stack: loopback-only Express API, token auth, local SQLite authority, MV3 extension posting only to localhost.

Architecture: desktop app with embedded browser workspace, loopback-only local API, and local SQLite as the authoritative store. Optional MV3 extension captures live marketplace context from user sessions and posts it to localhost only.

Shipped on Microsoft Store

Distribution Product UI Security posture
RawInvestor on Microsoft Store — market signals dashboard Quick Card dashboard — Market Bias, Trend, Grade Edge Loopback-only API · token auth · local data
First RAW ENGINE Microsoft Store listing · Uses AI features badge Local portfolio analytics and decision signals Reviewable assurance repo with preflight gate

Assurance publication: GatoGodMode/RawInvestor, reviewable excerpt (Electron, loopback Express API, MV3 extension). Release integrity gate: node scripts/publish-preflight.cjs.

Go deeper: Security architecture · Security posture · How it works · Microsoft Store listing

Expand: RawMarkets

Problem: Self-directed investors juggle quote sites, news feeds, spreadsheets, and paid API keys just to see their own positions in context.

How it works: A phased bootstrap (hydrate → news → market → portfolio) pulls live quotes, metals spot prices, and RSS news into a local database, then layers analysis on top:

  • Portfolio discipline signals: barbell drift detection, fractional Kelly caps, disposition checks, FOMO cooldowns, quarterly rebalance nudges, fragility alerts
  • News Bay: watchlist-aware feed lanes with sentiment scoring and an in-app reader
  • Statements Analyzer: import broker CSVs, classify transactions, reconcile into the portfolio
  • Local AI Copilot: a locally-run model with retrieval context from your holdings, quotes, news, and research

Architecture: desktop terminal (web-tech UI + local API server + local database), with browser-automation-powered price feeds as the default so live data works without paid market APIs. Cloud AI is optional; local AI and all portfolio data stay on-device. Full database export/import for backup and migration.

Hardware R&D · TheMoun (secondary)

Integrated physical capture workstation. Hardware R&D, secondary to IAM/CRM portfolio. themoun.com · Whitepaper · Market Research · Schematics

RAW product pipeline (continuity reference)
flowchart LR
    Moun["TheMoun<br/>(physical capture station)"] --> RawGraded["RawGraded Studio<br/>(local desktop + vault)"]
    RawGraded --> Engine["RawEngine Local AI<br/>(on-device inference + math)"]
    Engine --> Investor["RawInvestor<br/>(loopback API)"]
    Investor --> Markets["RawMarkets<br/>(multi-asset terminal)"]
Loading

Legal & third-party notice

Third-party names, logos, and certifications (Zoho, Salesforce, Microsoft, Google, PSA, Pokémon, etc.) are used descriptively only. No endorsement, partnership, employment, or agency relationship is implied. Past client work describes independent engineering engagements unless explicitly labeled as a public case study repository. Linked repositories are portfolio and assurance publications for recruiter and security review.


Contact

Pinned Loading

  1. StrikeScope StrikeScope Public

    Self-hosted multi-tenant CRM with entity and field-level IAM, MFA, audit trail, and AI-assisted platform engineering

    TypeScript 1

  2. RawInvestor RawInvestor Public

    Local-first TCG investing workstation - market signals, grading EV, ROI forecasts

    TypeScript 1

  3. RawGraded RawGraded Public

    Redacted public showcase: local-first TCG pre-grading studio — Electron, Capacitor, PHP vault API

    TypeScript 1

  4. RawMarkets RawMarkets Public

    Local-first markets terminal for metals, energy, and equities with an AI copilot

    1

  5. TheMoun TheMoun Public

    Integrated capture workstation for cards, coins, and slabs - themoun.com

    1

  6. RoofRoofTexas-Rebuild RoofRoofTexas-Rebuild Public

    Full rebuild case study: roofrooftexas.com - design, performance, security hardening, and local SEO for a Houston roofing company

    1