A security lab disguised as a command center.
SkynetProxy is a static-first AI security lab: part threat feed console, part product validation surface, part nostalgic terminal playground, and part notebook for practical AI operations.
Project brief
Practical AI security experiments, shipped as public surfaces.
The site combines a live-style intelligence feed, analyst tool previews, customer honeypot demos, AI field notes, and retro terminal modes. The architecture is intentionally simple today: static build, JSON data, browser-side interaction, and a CDN edge. That keeps the lab easy to ship while the product direction gets sharper.
Current architecture
Static intelligence lab
Static command center
Astro builds the public command center, feed console, tools directory, blog pages, and project routes into static production output.
Feed runtime
Client-side JavaScript loads mock, generated CISA-style, and honeypot-style JSON feeds, then applies source switching, severity filters, search, sort, unread state, and freshness indicators in the browser.
Preview tools
IOC correlation, alert summarization, prompt hardening, customer honeypot, and threat brief pages are deterministic preview experiences for product validation.
Static deployment
The built site is published as static files to object storage and served through a CDN with cache rules for HTML and hashed assets.
Production direction
Telemetry product plane
Customer collectors
The honeypot preview sketches a future model where customer-managed collectors emit telemetry snapshots from controlled segments.
Durable event plane
Production telemetry would need authenticated ingestion, tenant isolation, durable storage, retention policy, audit trails, and replayable event history.
AI-assisted triage
AI output should summarize suspicious behavior and operator actions while remaining advisory, reviewable, and clearly subordinate to human judgment.
Case workflow
A production system would connect triage, alert routing, incident notes, status changes, and reviewer decisions instead of stopping at a preview card.
Feed architecture
The feed is data-driven without becoming a backend yet.
SkynetProxy gets a lot of mileage from static JSON and browser-side orchestration. The command center can demonstrate sorting, severity views, source switching, freshness, and copyable indicators without exposing real ingestion APIs or customer data in the public preview.
| Surface | Role in the system |
|---|---|
| Mock feed | Local demo entries for design, filtering, and UI behavior. |
| Generated feed | A scheduled process refreshes a public JSON feed from external advisory-style data. |
| Honeypot source | A pluggable JSON source models customer collector telemetry and health metadata. |
| Browser state | Source choice, unread counts, view preferences, and CVE lookups stay client-side. |
| Legacy modes | Nostalgia terminal pages ship as static experiences outside the Astro layout. |
Operator loop
Signal, triage, explain, review.
01
Signal
Static and generated feeds create realistic security events to inspect.
02
Triage
Preview tools summarize, correlate, and harden workflows without touching real customer systems.
03
Explain
The interface exposes context, severity, source, confidence, and caveats for operator review.
04
Evolve
Future production work adds authenticated ingestion, storage, tenant boundaries, and incident workflow.