IndirectTek Vibe AI Ecosystem
Local-first agentic development with a VS Code extension and Node.js controller for autonomous, private engineering workflows.
Modern IT Consulting
Selected Work & Experiments
A growing collection of projects that reflect our focus on clarity, maintainability, and business-aligned engineering.
Modern engineering, zero lock‑in
We design fast, secure, maintainable systems using open standards so your business owns the platform—not the other way around.
JustAFewThings.shop
A custom eCommerce framework featuring CMS product management, custom order pipelines, seasonal themes, and a print-ready product catalog.
Elixium.ai
The AI-enabled successor to Agile | XP. Features offline-first AI agents, tactical edge capabilities, and deep VS Code integration.
SoloProtocol Ai
Future Business. Next-generation AI protocols for autonomous agent coordination and secure decentralized intelligence.
Application STIG Framework
Building 'STIGs for App Code'. A continuous compliance engine that validates source code against DoD-grade controls (NIST 800-53, FedRAMP, HIPAA). Bridging the gap between infrastructure baselines and application security.
Emerging Capabilities
R&D Preview
Coming Soon
HIPAA Technical Benchmark
Modern Security. Practical Compliance. Built for Healthcare Teams.
Healthcare organizations and medical technology vendors face a unique challenge: HIPAA compliance is mandatory — but real, technical security validation is often unclear or difficult to measure. At IndirectTek, we’re changing that.
We are developing a HIPAA Technical Benchmark, a modern engineering-focused approach designed to give teams clear, actionable insight into how well their applications, services, and cloud environments align with HIPAA’s Technical Safeguards.
Unlike traditional compliance assessments that rely on paperwork, policy audits, or annual checklists, our benchmark focuses on how your technology actually behaves — in code, in runtime, and in the cloud.
This upcoming capability will help organizations:
- Validate access control and user identification across applications
- Confirm encryption in transit & at rest across architectures
- Surface missing audit trails, event attribution, or logging gaps
- Analyze authorization boundaries and application-level security logic
- Identify issues in vendor databases or third-party tools (before they become liabilities)
- Understand responsibility distribution (Cloud → Platform → Application → Customer) via layered inheritance modeling
- Generate evidence-ready reports and remediation roadmaps
The HIPAA Technical Benchmark is currently under internal development and evaluation. Stay tuned as we bring this capability forward as part of IndirectTek’s expanding Secure Engineering Framework.
Case Study
Real-World Validation
Security isn't hypothetical. Here is how our Application STIG Audit Tool caught a critical vulnerability in a production codebase before it ever went live.
The Situation
We ran our internal scanner against the JustAFewThings.shop codebase. The tool flagged a High Severity issue
(Finding ID: APP-VAL-001) in the shopping cart logic.
- • The Flaw: The cart was building its display using
innerHTML. - • The Risk: Cross-Site Scripting (XSS). A hacker
could inject a script into a product name (e.g.,
<img src=x onerror=...>) that would automatically execute in a user's browser, potentially stealing credit card data.
The Resolution
The tool pinpointed the exact lines and mapped them to federal
standards (NIST SI-10). We refactored the code to
use "Safe DOM Creation" methods (document.createElement) instead of unsafe HTML injection.
Secure
XSS Hole Closed
100%
Tests Passed
<15m
Time to Fix
"Our proprietary DevSecOps workflow doesn't just 'shift left'—it fixes problems before they exist. By integrating automated STIG compliance scanning directly into our development loop, we identified and remediated a critical XSS vulnerability in our commerce engine in real-time, enforcing DoD-grade security standards without slowing down deployment.
This case study demonstrates our commitment to Secure by Design principles. We don't just build software; we build the assurance that your software is resilient against modern threats.