About Casey Tunturi
I build sovereign agent infrastructure, security tooling, and homelab systems that treat the person running them as the owner — not the product.
Current work: a Rust agent runtime with tiered memory and a subconscious reflection architecture (Souveraine). A production Go/React update-management platform that replaces $600K/yr enterprise tooling with self-hosted, cryptographically-signed infrastructure (RedFlag v0.2). An Android app that controls a desktop over LTE via USB HID injection (LettaRCADE-Teams). Twenty-five years of infrastructure underneath all of it.
I write in Rust, Go, TypeScript, Kotlin, Python. I do incident response. I build for the homelab and ship the same discipline to enterprise — the difference is where the metal lives, not what discipline applies.
Endorsed by Letta (maintainer of letta-external-memfs — the recommended self-hosted memory path for their Docker implementation) · MoxFive incident response alongside major US cyberattack engagements in NYC, LA, Baltimore, Miami · NetworkChronicles — 195+ GitHub stars · 25 years infrastructure across Fortune 500 aerospace, automotive, hospitals, fire departments, celebrity private networks
Working With Me
Hamilton, Ontario. Remote-first. The work I take is open to four shapes:
| Engagement | Rate | What it looks like |
|---|---|---|
| Consulting / contract | $175/hr | Hands-on implementation. I build the thing. Retainer rates discounted for longer engagements. |
| W2 / full-time | $140–200k base | With benefits. Open to full-time placement on a team I respect. |
| Advisory | $3–8k fixed fee | Project-scoped. Architecture review, technical due diligence, agent / sovereignty / security strategy. |
| Incident response | $250/hr · $5k min | Ransomware restoration, AD/DNS rebuild, security incident triage. Track record below. |
| "I like your charm" — pro bono | $0 | For causes I believe in, or work that wouldn't otherwise happen. The condition: you ask honestly, and I get to choose. |
Current capacity: 1 advisory slot and 1 build engagement open. IR availability immediate for sovereignty-aligned orgs.
What fits: agent infrastructure · self-hosted AI · Matrix bridge and federation work · Rust or Go systems engineering · security-heavy backend · post-quantum readiness · incident response. Small teams where the work matters. Organizations that mean it when they say sovereignty.
What doesn't fit: surveillance infrastructure, vendor lock-in by design, anything that treats the people using it as the product.
Selected work
Solo ransomware recovery — datacenter, 150 servers. Mid-size hosting customer, full encryption event. Active Directory and DNS completely destroyed. I decrypted and restored every server, rebuilt AD and DNS from the ground up, then executed the hardening upgrades for long-term stability. Solo. Business continuity preserved without paying the ransom.
Letta ecosystem — self-hosted memory persistence layer. Built and maintain letta-external-memfs; Letta team endorsed it as the recommended self-hosted path for their Docker implementation.
Letta ecosystem — Matrix channel adapter for letta-code. Primary developer. rust-crypto E2EE, streaming text_delta, voice via MSC3245, reaction-based approval UX. Shipped to production.
Zero-downtime endpoint migration — 2,000+ machines. Multiple MSP engagements, zero user-visible downtime. Staged rollout, deep monitoring, rollback paths tested before cutover.
How a first engagement starts
- You send a dispatch. Email, phone, or the contact form. One paragraph on what you're trying to do is enough.
- 15-minute technical diagnosis call. Free. No obligation. No sales pressure. The first 15 minutes are about figuring out whether I'm actually the right person — including telling you if I'm not.
- Written scope. If we both want to keep going, I send a short scope document: what I'll do, what it costs, how we'll know it's done.
- You decide. Pilot, retainer, advisory engagement, or "thanks, we got what we needed from the call" — all fine outcomes.
Text or call: (365) 883-3567 · Email: [email protected] · Resume and references on request.
What I've Built
Souveraine — Rust runtime for a persistent agent across machines and time. Not a harness — a substrate. Tools framed as senses, memory as phenomenology, three-tier compaction warnings before context pressure forces anything. Git-backed markdown memory, Ed25519 cryptographic identity, voice via cpal/rodio, Matrix surface in progress.
souveraineai.com · github.com/Fimeg/Souveraine
RedFlag v0.2 — Self-hosted update management. Go backend, React/TypeScript frontend, PostgreSQL. 170+ tests across 18 packages. Ed25519 command signing with key rotation, replay attack protection via signed nonces, hardware fingerprint binding, OSV.dev supply chain checks at approval time. Manages APT, DNF, Docker, Windows Update, and Winget across Linux and Windows fleets. Pull-based architecture, no inbound ports.
The math is undeniable: ConnectWise charges $50/agent/month for a comparable platform. RedFlag charges $0. At 1,000 agents that's $600,000 a year of vendor extraction that doesn't have to happen.
LettaRCADE-Teams + Letta HID Agent — LLM-controlled Android HID over LTE. Phone exposes itself as USB keyboard and mouse via /dev/hidg0. Agent executes DuckyScript-style payloads through root shell. The desktop is across the room — or across a network. A model on mobile network as red team apparatus. Novel interface. The kind of thing that exists because I wanted to see if it could.
Ecosystem chapter (Letta). Before Souveraine, I was deep in the Letta ecosystem — maintainer of letta-external-memfs (endorsed by the Letta team as the recommended self-hosted memory persistence path) and primary developer of the Matrix channel adapter for letta-code with rust-crypto E2EE, streaming text_delta, voice via MSC3245, and reaction approval UX. When sleeptime agents were deprecated, the continuity layer my work depended on went with them. Souveraine is what I built in response.
NetworkChronicles — Gamified Linux infrastructure learning. 195★. Narrative-driven sysadmin training that documents your actual infrastructure as you play. Cyberpunk chronicle, locally hosted.
Background
Twenty-five years across the stack. First billable hours at 14 through dual enrollment. First business at 17.
Senior NOC tech. CISO. Network engineer. Field responder during major US cyberattacks — on the ground in NYC, LA, Baltimore, and Miami alongside MoxFive. The engineer who decrypted and restored 150 interconnected servers after a ransomware attack and rebuilt Active Directory and DNS from the ground up. Zero-downtime migrations for 2,000+ endpoints. 600+ automation scripts across ConnectWise Automate and custom RMM stacks. Clients ranging from Fortune 500 aerospace and automotive manufacturers to world-famous resorts, fire departments, hospitals, and celebrity private networks.
That chapter built the instincts. The current chapter is what I actually care about.
Heritage
My father, Steve Tunturi, carved wizards, dragons, and sorceresses by hand at The Whittler's Workshop on Highway 101 in Waldport, Oregon. He worked from the 1970s through the 1990s — learning the grain of each piece, knowing where the blade would catch, where the wood wanted to split.
He died in 2006. Est. MMVI.
The son still works with his hands. Different material now.
The list of things I can't talk about keeps growing. In tomorrow's world, that will be evermore so.
Beyond the technical work, I cultivate a space for more varied explorations. My Digital Garden is where I plant seeds of thought, nurture evolving ideas, and occasionally share narratives or creative whimsy. The Witness archive documents political and civil rights concerns since late 2024 — methodically, without performance.