VERTEXELITE

Production software, AI infrastructure, security-aware automation.

VertexElite builds public platforms and private internal systems — web applications, MCP tooling, cloud operations, monitoring, and applied security research. Built for real-world operations.

11+
Production platforms
220K+
Users served
25+
Self-hosted services
<1.5s
Median page load

Private production systems

The work behind the NDA.

Beyond the public portfolio, VertexElite designs and maintains private production systems across AI infrastructure, MCP tooling, security automation, deployment operations, monitoring and internal control platforms.

Private AI & MCP Infrastructure

Custom MCP gateways, AI-agent tool routing, permission boundaries, audit logging, internal automation workflows and secure agent operations.

Security Automation & Detection

Detection pipelines, vulnerability triage, security dashboards, alert routing, infrastructure monitoring and applied research tooling.

Operations Control Platforms

Deployment dashboards, health checks, uptime monitoring, backup visibility, incident workflows and production observability systems.

Redacted Client Systems

Closed-source production platforms, admin portals, APIs, dashboards, business automation systems and internal tools maintained under private review.

Some systems are private, client-protected or internal-only — full details are available through private review or NDA. Publicly, we share redacted architecture summaries, security research and selected case studies.

Security research

A software + security engineering studio.

Security is a first-class discipline here, not an afterthought. VertexElite runs a coordinated vulnerability-disclosure practice and builds detection and hardening into every system it ships.

AI Coding-Agent Security

Threat models and guardrails for autonomous coding agents — permission boundaries, sandboxing and abuse prevention.

MCP Trust Boundaries

Securing Model Context Protocol deployments: tool allow-listing, audit logging and context-injection defense.

Supply-Chain Detection

Detecting malicious packages and impersonation campaigns targeting developer toolchains.

Infrastructure Hardening

TPM-bound keys, zero-trust networking, default-deny firewalls and compartmentalized environments.

Selected disclosures

VES-JL-2026-001

Bluetooth audio SoC — firmware-authentication weakness

Protocol and OTA analysis of a widely-deployed Bluetooth audio chip family, affecting tens of millions of devices. Coordinated disclosure to vendors, BT-SIG and MITRE in progress.

VES-AIC-2026-001

Wi-Fi/BT SoC — firmware integrity gap

Source-level analysis of a USB Wi-Fi/BT controller firmware-download path with no signature enforcement. Coordinated disclosure in progress.

Operational details and redacted reports are shared only through responsible-disclosure channels or private review.

What we build

From React Server Components down to the firmware.

A full-stack practice that owns every layer — product, data, infrastructure, AI and security.

01

Production Web Platforms

Multi-tenant SaaS, portals and transactional apps in Next.js / React.

02

AI & MCP Infrastructure

LLM orchestration, MCP gateways, agent tooling and retrieval over private data.

03

Security Automation

Detection pipelines, vulnerability triage, dashboards and applied research tooling.

04

Cloud Operations

Self-hosted estates on Proxmox behind Cloudflare Zero Trust — no exposed origins.

05

Internal Dashboards

Operations, monitoring, observability and incident-workflow control panels.

06

Mobile Applications

Cross-platform apps that share the same backend and design language.

07

Legacy Modernization

Migrating ageing stacks to modern, maintainable, observable systems.

Frontend

Next.jsReactTypeScriptTailwind

Backend & data

Node.jsPostgreSQLMariaDBSurrealDB

Infrastructure

Proxmox / LXCCloudflare Zero TrustDockerLinux

AI

LLM orchestrationMCPRAGAgentic loops

Case studies

How the work actually ships.

Problem to outcome — the engineering behind a platform, not just a screenshot.

Crittiks

Visit live

Problem

Independent repair businesses juggle tickets, inventory, billing and customer comms across disconnected tools, losing time and revenue.

Solution

A unified, AI-assisted operating system that runs the whole shop — with an agentic action layer that automates routine workflows end to end.

Production features

  • Ticketing & Kanban workflow
  • Inventory & billing
  • OAuth sign-in
  • Analytics & internal messaging
  • File management & webhooks
  • Layered security model

Stack

Next.jsSurrealDBAI agentsCloudflareDocker

Outcome

Flagship product on self-hosted infrastructure; model-tiered AI deployed to production.

Founder & Lead Engineer

Nirmal Liyon

Self-taught engineer from Sri Lanka. Fifteen years repairing Apple hardware before turning that obsession with how things work into a full-stack engineering practice.

  • Co-founder & Head of Development, 6SILO
  • 11+ production platforms in active use
  • Self-hosted infrastructure, owned end to end
  • Published coordinated security research

I founded VertexElite to build web platforms that handle real users and real money — and then built a portfolio of them, public and private. The same curiosity that took me inside MacBooks now takes me down to the firmware of the chips in everyday devices.

I work close to the metal on both ends: from React Server Components and multi-tenant data models, to a self-hosted Proxmox estate fronted by Cloudflare Zero Trust, to coordinated security research on consumer silicon.

FAQ

Questions, answered.

Can I see the private / client systems?

Closed-source and client-protected systems are available through private review or under NDA. Publicly we share redacted architecture summaries, security research and live case studies.

Where are you based, and do you work with global clients?

Based in Colombo, Sri Lanka, working with clients worldwide. English is the primary working language.

Do you do security work as well as development?

Yes. VertexElite is a software + security engineering practice — we build production platforms and run a coordinated vulnerability-disclosure practice.

What does your stack look like?

Next.js / React / TypeScript on the front; Node with PostgreSQL, MariaDB and SurrealDB on the back; self-hosted on Proxmox behind Cloudflare Zero Trust; LLM/MCP systems on top.

How do we start?

Email directly — no middlemen. We scope the work, agree on outcomes and ship.

Contact

Let's build something that ships.

Have a platform to build, an idea to validate, or a system to harden? Reach out directly — no middlemen, fast replies.