Skip to content
View danielcadev's full-sized avatar

Achievements

Achievement: Pair ExtraordinaireAchievement: YOLOAchievement: Pull SharkAchievement: Quickdraw

Achievements

Achievement: Pair ExtraordinaireAchievement: YOLOAchievement: Pull SharkAchievement: Quickdraw

Highlights

  • Pro

Block or report danielcadev

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
danielcadev/README.md

Daniel Castrillon

Software Engineering Student Software Architecture · AI-Assisted Software Engineering · Security Research

I am a software engineering student focused on the design, implementation, and security analysis of production software systems. My work combines practical experience building large-scale web platforms with independent research on the structural risks introduced by AI-assisted software development.

I have built and maintained more than 450,000 verified lines of source code across owned repositories, including production Next.js and React systems, CMS architectures, travel technology platforms, and academic projects in C and C++.

Research Interests

My current research focuses on the security limitations of AI-assisted development workflows, particularly in repository-scale systems where locally correct generated changes may weaken global security properties.

Areas of interest include:

  • Authorization-boundary erosion in generated code
  • Route and Server Action exposure in Next.js applications
  • Secret handling and debug-surface persistence
  • Policy enforcement across large codebases
  • Structural security auditing for AI-generated changes
  • Human-in-the-loop validation of coding-agent outputs

I presented work on structural security in AI-assisted software systems at the Max Planck Institute for Security and Privacy. The presentation covered trust boundaries, route visibility, authorization policy enforcement, and limitations of current coding-agent evaluation benchmarks.

Current Work

CMS Nova

CMS Nova is a headless content management architecture focused on dynamic content schemas, localization, role-based access control, Prisma-based persistence, and maintainable administrative workflows. The project serves as a practical case study for studying security, modularity, and long-term maintainability in AI-assisted software systems.

Mitiquete and Conociendo Colombia

I work on production travel technology platforms built with Next.js, React, Prisma, PostgreSQL, and AWS S3. These systems include booking workflows, content management, media pipelines, authentication flows, database migrations, and operational tooling for tourism-related services.

Secure

Secure is a production-security review and hardening workflow for evaluating AI-generated code changes against repository-wide security invariants before deployment. It focuses on authentication trust, authorization dominance, tenant and owner boundaries, exposed routes, unsafe secrets, debug surfaces, storage flows, webhooks, payments, AI/PDF processing, and architectural-boundary violations introduced during AI-assisted development.

Selected Projects

CMS Nova

A reusable headless CMS and administrative architecture with dynamic content models, localization support, schema-driven workflows, and strict type-safety across the application stack.

Mitiquete SAS

A multi-platform travel ecosystem for B2B booking and tourism operations. The system includes production architecture, database migrations, media infrastructure, authentication flows, and security hardening.

Conociendo Colombia and Región Colombia

Tourism and content platforms built with Next.js, React, Prisma, PostgreSQL, and CMS-driven publishing workflows.

TripEuropa B2B

An international B2B tour-operator platform built with Next.js, Prisma, PostgreSQL, and AI-assisted development workflows. I led architecture decisions and performed security review of Server Actions, API surfaces, and authentication-sensitive flows.

Technical Background

Languages: TypeScript, JavaScript, Python, Java, C, C++, C#, PHP Frontend: Next.js, React, Astro, Tailwind CSS, App Router, SSR, React Server Components Backend and Data: Node.js, Prisma, PostgreSQL, Better Auth, REST APIs, Server Actions AI-Assisted Development: Claude Code, OpenAI Codex, GPT-based coding workflows, Gemini API, OpenRouter Infrastructure: Docker, Git, Linux/VPS, Vercel, AWS S3, Coolify, Hetzner Security: Zero-Trust RBAC, authorization-boundary review, API security, Server Action security, secret handling, structural security audits

Academic Background

B.Sc. Software Engineering, Politécnico Grancolombiano Expected graduation: 2027 GPA: 4.59 / 5.0

My academic interests include software architecture, secure software engineering, databases, algorithms, verification, and the reliability of AI-assisted development environments.

Contact

Email: daniel.ca.pe207@gmail.com GitHub: github.com/danielcadev Portfolio: mitiqueteonline.com · conociendocolombia.com · b2b.tripeuropa.com

Popular repositories Loading

  1. cms-nova-template cms-nova-template Public

    TypeScript 1

  2. danielcadev danielcadev Public

  3. cms-nova cms-nova Public

    JavaScript