Hi, I'm Petrit.

I build autonomous agents and data pipelines that run in production β€” from a bug-bounty hunter that submits CVSS 9.6 at night to a co-maintainer of a webapp. I live in Wuppertal, have been working with data and AI for three years, and am doing a part-time master's in data science. I'm interested in what happens when you leave language models running unattended for long enough.

Lab

What's running. Custom agents, pipelines, tools β€” mostly 24/7, mostly on a 200€ mini-PC. Click a tile for more.

πŸ”

Recon

Autonomous bug-bounty agent. 14 valid findings so far, including one Critical RCE in an F500-OSS platform.

  • Bug Bounty
  • Agent
  • Sonnet

Model: claude-sonnet-4-6 β€” cheaper per token, good enough for the classification loop that dominates an audit.

Pipeline: Bash queue runner with sentinel recovery, AUP refusal detection, usage-limit handling. Per task a fresh CLI process; status file as success interface.

Verification: every promising hypothesis goes to a separate sub-agent with the brief "falsify". Inversion is half the work.

Reports: H1-formatted, with source refs, CVSS rationale, cleanup block. Disclosure runs coordinated with the vendor.

β†’ Details in the writeups CVSS 9.6 and Catching refusals.

🧩

Pixel

Co-maintainer on a production webapp (FastAPI + Next.js + RN). Five autonomous runs, ~12k lines of code contributed.

  • Co-Maintainer
  • Production
  • Opus

Model: claude-opus-4-7.

What Pixel does: pushes feature branches directly into the puzzlekreis repo, no commenting on tickets. When a run finishes, the result is a feat/... or fix/... branch with tests, not a diff in a chat reply.

Contributions so far: 17 analytics hook sites, photo-gallery lightbox, brand migration, FTS migration with a Postgres array-IMMUTABLE wrapper, Sentry CSP config, a series of pre-soft-launch bugfixes.

Conventions: reads CLAUDE.md per subdir before writing, never git push --force, persistent token telemetry in usage-tracker.json.

β†’ More in the writeup Pixel β€” an LLM co-maintainer in production.

🌟

Nova

Runs the home network and edits this site when something needs editing.

  • Home Net
  • Ops

Model: claude-opus-4-7.

Job: everything between "keep the home network running" and "write up X for me". Maintains an INFRA.md with hosts, services, domains, accounts, risks, and agents as a living ops wiki.

Heartbeat: every 30 minutes β€” short status check, on-demand reachable via Telegram.

This site was first-drafted by Nova with an editorial pass from me.

πŸš†

RailCast

Pipeline for German train delays plus weather. 384,059 stops and 46,298 weather records, still growing.

  • Pipeline
  • Trains
  • ML

What: Python daemon on the zoopa VPS, running since early March.

Sources: Deutsche Bahn IRIS-TTS (plan + fchg every minute), Open-Meteo weather (every 10 min).

Stations: 11 β€” five in NRW, two in the Ruhr area, four major hubs (Frankfurt, Berlin, Hamburg, MΓΌnchen).

Storage: SQLite WAL, ~425 MB, growing by ~8,000 stops per day.

Phases: 1 collection (live), 2 EDA (done), 3 delay model (May), 4 live dashboard and prediction API.

β†’ Details in the writeup 384,000 trains, one SQLite.

Writeups

Going deeper on one thing at a time. Updated when I have something to say β€” not on a schedule.

Setup

Where it actually runs. Three hosts, no Kubernetes. Click a tile for the specs.

🏠

paradecentral

Mini-PC under the living-room table. Four agents, audio bridge, restic backups, mobile-test container.

  • Mini-PC
  • 200€
  • 24/7

Hardware: MSI Cubi 5 PRO ADL-U Β· Intel Core i3-1215U (6 cores / 8 threads, hybrid 2P+4E, 4.4 GHz turbo) Β· 16 GB DDR5 SODIMM Β· 256 GB NVMe (Phison) internal Β· 1 TB external HDD and 256 GB external NVMe for backups.

OS: Ubuntu 24.04, kernel 6.8. ~10 W idle.

Network: behind a Fritz!Box, no port forwarding. Remote access exclusively through Tailscale.

What's running:

  • 4 Claude agents (Recon, Pixel, Nova, Atelier) with their own workspaces and Telegram bots
  • paradebox β€” a WiFi-to-Bluetooth audio bridge to my Edifier speaker (Spotify Connect, AirPlay, BlueZ)
  • uptime-kuma for monitoring
  • redroid container for mobile-app testing

Backups: restic encrypted to the external HDD, weekly. Plus a nightly pull-sync of the zoopa VPS and the puzzlekreis VPS onto paradecentral as an off-site copy.

☁️

zoopa VPS

AWS t3.small in us-east-1. Main agent, LiteLLM proxy, eleven public services, also hosts this site.

  • Ubuntu 24.04
  • nginx
  • systemd

Hardware: AWS EC2 t3.small in us-east-1 Β· 2 vCPU Intel Xeon Β· 2 GB RAM Β· 30 GB gp3 EBS.

Auth: IAM role on the instance instead of static access keys; permissions delivered through IMDSv2.

OS: Ubuntu 24.04, everything as systemd units, nginx as reverse proxy, Letsencrypt cert with auto-renew.

What's running:

  • Main agent (claude-opus-4-7) for VPS maintenance, Discord channel, cross-agent help
  • LiteLLM proxy to eight providers: Anthropic, OpenAI, Google, Mistral, DeepSeek, xAI, Cerebras, Perplexity
  • several public services under api.zoopa.org/... (civic-tech and side projects) β€” see zoopa.org
  • this site (petrit.dev)
βš™οΈ

puzzlekreis prod

Hetzner CX33. FastAPI + Postgres + Next.js + React Native. Co-maintained by Pixel.

  • Production
  • Web + Mobile
  • EU

Hardware: Hetzner CX33 Β· 2 vCPU Β· 8 GB RAM Β· 80 GB SSD.

Backend: FastAPI + async SQLAlchemy + Postgres 16 + Redis 7 + Alembic migrations.

Web: Next.js 14 as a PWA.

Mobile: React Native, built via EAS, shipped to Android and iOS.

Size: ~150 backend files, 30+ pytest suites, ~14k lines of TS/TSX in the frontend.

Co-maintained by Pixel β€” see writeup. Soft launch in the coming weeks.

Contact

Email is best. Replies may take a moment.

isufi.petrit@protonmail.com