Member of Technical Staff at Ona working on Cloud Development Environments and agents.

Automations
Built automation system for triggering actions based on workspace lifecycle events (e.g., running tasks on workspace start, executing scripts on prebuild completion).

Single Sign-On
Implemented SSO integration enabling enterprise customers to use their identity providers for authentication.

Source Control Providers
Integrated GitLab, Bitbucket, and Azure DevOps as source control providers, enabling users to connect repositories from multiple platforms.

Billing System
Built billing infrastructure for usage-based pricing and subscription management.

github.com/furisto/construct

API-first, multi-agent coding assistant. Built for engineers who want programmatic control over their AI workflows.

Key features:

• Code-based tool calling via JavaScript (hundreds of tool calls in a single turn)
• Full API access via gRPC
• Multiple specialized agents (plan, edit, quick) with custom agent support
• Full terminal experience with interactive TUI
• Multi-provider support (Anthropic, more coming)

7.1k★ • github.com/youki-dev/youki • CNCF Sandbox project

OCI-compliant container runtime written in Rust. Alternative to runc (Docker) and crun (Red Hat). Docker delegates container creation to runtimes like youki, which handle namespaces, cgroups, and filesystem isolation.

Early core contributor. Key work included:

• WebAssembly workload support
• cgroups v2 implementation
• Command-line interface
• Library API (embeddable runtime)
• Rootless containers
• Systemd resource control integration

View all contributions →

6M downloads • github.com/youki-dev/oci-spec-rs

Rust implementation of OCI specifications. Wrote the initial image spec implementation and contributed heavily to the runtime spec. Used by containerd, Kubewarden, and others.

13.5k★ • github.com/gitpod-io/gitpod

Kubernetes Controller (ws-manager-mk2)
Built Kubernetes controller managing workspace lifecycle for Gitpod's SaaS platform. Replaced gRPC-based state management with CRD-based architecture. Decoupled workspace lifecycle from pod lifecycle, enabling restarts without service interruption. Improved reliability from 99.9% to 99.99%.

Workspace Classes
Implemented resource tiering system enabling customers to select differently sized workspaces based on computational needs.

DDoS Protection
Initiated and implemented rate limiting using nftables to prevent abuse. Used token bucket algorithm to limit connection attempts while allowing existing connections to continue. Reduced on-call alerts by 34%.

Pressure Stall Information (PSI)
Implemented scraping of Linux PSI metrics to diagnose performance issues in customer workspaces. Enables troubleshooting resource contention (CPU, memory, I/O pressure).