I built 7 MCP servers connecting AI agents to security tools: Wazuh, Zeek, Suricata, TheHive, Cortex, MISP, MITRE ATT&CK.
The protocol layer was the easy part. Context design was where the real engineering happened. Security telemetry is noisy. Dumping raw logs into a model gives you vague summaries. Filtering, scoping, & ordering the data before it hits the context window make the analysis actually useful.
Rules don't work on AI agents. My agent pushed to main 12 times despite explicit instructions.
Fix: git pre-push hooks on 39 repos. Agent can't push code to main because git rejects it. No willpower needed.
Also built a self-improving correction pipeline: agent writes its own rules after I correct it. Weekly, recurring corrections get promoted to rule files.
Mechanical enforcement > written instructions.
Built a self-hosted content pipeline because I'm better at building things than talking about them.
Markdown drafts → custom React dashboard with per-platform character limits → n8n workflow automation → Postiz multi-platform publishing.
LinkedIn, X, Bluesky, Mastodon. $0/mo. No SaaS subscriptions. Just open-source tools wired together.
The hardest part of sharing work isn't writing about it. It's doing it consistently.
solomonneas.dev