I'm a software engineer based in India. I work across the full stack — shipping production AI systems for clients, and contributing fixes to the open-source tools the ML and agent ecosystem runs on.

• 🔧 I find correctness bugs, silent failures, and security holes in production codebases and fix them
• 🤖 I build AI-native products — pipelines, agents, verification systems, clinical tooling
• 🌏 Open to full-time remote roles in Backend, Applied AI, and Full Stack Engineering

I contribute to the internals of tools I use — compiler stacks, agent runtimes, LLM frameworks. Here's what I've shipped:

karpathy/autoresearch — AI agent framework, 50k ⭐

• PR #17 — Self-healing error recovery: agent parses its own stack traces and resumes from OOM/syntax failures without stopping. Contributed within hours of the repo going public. Shopify's CEO ran it overnight and got 53% faster rendering from 93 automated commits.
• PR #16 — Eliminated ~4GB of persistent VRAM overhead per run by switching tanh to native bfloat16 — headroom that matters on a single H100 running 100+ experiments overnight.

googleworkspace/cli — Official Google repo, Rust, 20k ⭐ in 2 weeks

• PR #500 — Eliminated a TOCTOU race condition in atomic writes: OAuth tokens were briefly world-readable between creation and permission enforcement. Enforced 0o600 atomically at creation, closing the leak window for ~21,000 users.
• PR #506 — Google Meet integration for calendar +insert with deterministic requestId hashing — eliminates duplicate Meet links on API retries.
• PR #542 — Fixed silent auth failure: token directory errors were swallowed, credentials silently never persisted while auth appeared to succeed.
• PR #537 — Identified indefinite client hangs on DNS/TCP/TLS handshakes; maintainer rebased and shipped directly as #608, crediting this PR by name.
• PR #502 — Built a Gmail +read helper abstracting MIME tree walking and base64 decoding for clean text extraction, with terminal injection sanitization and JSON output. Maintainer adapted it directly into the merged rollup #526.

NVIDIA/NemoClaw — NVIDIA agent security stack, 15k ⭐

• PR #187 — Enforced 0o600 on openclaw.json during migration — session and routing config was world-readable by default. Propagated into 3 downstream forks within 13 hours of merge.
• PR #186 — chmod 600 on .env at sandbox startup — closed the exposure window before any agent process reads secrets.
• PR #174 — chmod 600 on remote .env post-SCP during deploy() — different attack surface from #186, both were unpatched.
• PR #177 — Added SHA-256 checksum verification for external binary downloads with per-architecture hashes, version pinning, and gh attestation fallback. Maintainer noted this approach is strictly stronger than the competing PR. Approved, pending merge.
• PR #171 — Refactored docker and curl invocations from shell strings to argv arrays, eliminating shell injection vectors across local inference and sandbox flows.
• PR #172 — Identified API key environment pollution leaking across child processes in NemoClaw. Fix was superseded by a stronger architectural solution (#675) that removed the key from the sandbox entirely via gateway-side credential injection — referenced directly in the superseding PR.

pytorch/pytorch — C++ & Python compiler stack, 63% of global model training

• PR #169128 — Fixed silent data corruption in Inductor C++ kernels: OpenMP + OpenCV together silently produce wrong training outputs. No error thrown. Affects 63% of global model training.
• PR #169786 / #169126 / #169788 — torch.compile crashes on nested autograd, Conv+BatchNorm FX graph failures, silent index_select out-of-bounds corruption — across ~1.57B pip installs.

langchain-ai/langchain & langgraph — LLM frameworks, used by Replit, Uber, LinkedIn, GitLab

• PR #6509 — Fixed validation crash blocking Generic type hint injection in LangGraph — unblocked ToolRuntime[Context] patterns in typed agent pipelines.
• PR #34046 / #34053 / #34114 — Fixed silent tool-calling failures across Mistral, Groq, and Ollama. TypeErrors that caused agent workflows to silently stop on provider switch. ~500k developers monthly.

kubernetes/kubernetes — Go, 5.6M developers, 3M+ production clusters

• PR #135460 — Modernizing the Device Resource Allocation (DRA) API: migrating DeviceTaint and AllocatedDeviceStatus to declarative API markers across ~3M production clusters.

• 🏆 3rd Place — Splunk Global Hackathon 2025 out of 1,200+ entries — OPA security add-on for real-time threat detection and privilege escalation auditing
• ⚡ Celer AI — voice-to-text pipeline for clinicians, medical report generation from 15 minutes to 40 seconds (95% reduction