π©πͺ Deutsche Version
ICT Infrastructure Engineer at novosys.ch, building local-first developer tools in Rust, Swift, and Python. I run a hands-on AI practice: benchmarking local models against Claude and Copilot to find where a lightweight model is reliable enough for everyday tasks like explaining logs, bugs, and mail, and where cloud capability earns its place. Every repo in this portfolio follows the same published engineering standards.
- NetSweep: network storage audit and cleanup for NAS, SharePoint, and DFS, ships a signed Windows installer.
- MailPilot: local AI email organizer for macOS, on-device classification, nothing leaves the machine.
- LifePlanner: fully offline AI life planner, events and tasks extracted from plain text.
- BugRadar: live log and metric watcher, groups anomalies into incidents with AI root-cause analysis.
| Project | What it does |
|---|---|
| private-model-orchestrator | Deploys and manages on-device Core ML models across Apple device fleets |
| NetScanX | Cross-platform network discovery and diagnostics CLI, asset inventory, drift detection |
| entra-access-graph-engine | Maps Entra ID privilege graphs, detects escalation paths and hidden admin chains |
| SwiftAgent | Dependency-free Swift framework for running local LLM agents |
| CleanFlow | AI-powered file organizer with rule-based cleanup automation |
| engineering-standards | The security-first standards that govern every repo in this portfolio |
See all repositories for the full list.
- Languages: Rust, Swift, C#, Python, TypeScript
- Platforms: Apple Silicon (macOS), Windows (.NET 8 / WPF), Microsoft 365, Azure
- AI: Local inference (Ollama, llama.cpp), Claude Code, GitHub Copilot
- Practices: Semantic Versioning, enforced branch protection, security-first CI/CD
Every active repository runs GitHub CodeQL static analysis, Dependabot vulnerability alerts, and accepts vulnerability reports exclusively via GitHub Security Advisories, never public issues (details in engineering-standards, "Automated Security Signals"). Example, live on two pinned repos:
entra-access-graph-engine:
CleanFlow:
repo/
βββ src/ the tool itself
βββ CLAUDE.md AI-pair-programmer instructions (from engineering-standards)
βββ ROADMAP.md what's shipped, what's next
βββ SECURITY.md vulnerability reporting, security design
βββ .github/workflows/ CI: lint, test, security audit, release
Every repo follows the same engineering standards: PR-only merges with enforced branch protection, Semantic Versioning with one house rule stricter than the spec (v1.0.0 is reserved for a genuinely installable or runnable product, not just "feature-complete in the source"), and a risk-based merge policy, low-risk changes are self-merged and reported, anything touching business logic or security waits for a deliberate review.
- Website: raystudio.ch
- LinkedIn: Rafael Yilmaz
- Work: novosys.ch
All software repos are open source (MIT license); engineering-standards is documentation, licensed under CC BY 4.0. Issues and PRs welcome.




