About DCYFR Labs

DCYFR Labs builds @dcyfr/ai — an open-source AI agent framework with plugin marketplace, delegation system, and 20+ specialist agents. Learn about our mission at the intersection of cybersecurity and modern AI engineering.

DCYFR Labs builds @dcyfr/ai — a portable open-source TypeScript AI agent framework with plugin architecture, multi-provider LLM support, and a security-hardened delegation system. Founded by a cybersecurity architect, we bridge enterprise security practice and modern AI engineering.

Our Philosophy

“Security isn't about saying no, it's about enabling innovation with confidence.”

We believe in building resilient systems that empower teams to move fast without compromising on security. Our approach is practical, human-centric, and focused on real-world constraints rather than theoretical perfection.

What We Focus On

Development & Architecture

Production-grade architecture decisions, server-first rendering, and building systems that scale. We share real experiences from real projects, complete with trade-offs and lessons learned.Explore development articles

Cybersecurity & Defense

Defense-in-depth strategies, practical security hardening, and analysis of real threats and defenses. Security as an enabler, not a bottleneck.Explore security articles

AI & Automation

Augmentation over replacement. We explore practical AI workflows, human-centric automation, and how AI can enhance (not replace) human expertise and creativity.Explore AI articles

How We Work

Real projects, real constraints: We share from actual experience, not ivory tower theory
Practical over academic: Solutions that work in production matter more than perfect architecture diagrams
Transparent trade-offs: Every decision has costs—we discuss them openly
Open source by default: @dcyfr/ai, @dcyfr/ai-cli, @dcyfr/ai-rag, and @dcyfr/ai-code-gen are all published on npm and free to use
Continuous learning: Technology evolves, and so do we

Through our blog and projects, we share knowledge and practical guidance from real production systems — from security architecture to AI agent engineering and open-source framework development.

About DCYFR Labs

Our Philosophy

“Security isn't about saying no, it's about enabling innovation with confidence.”

What We Focus On

Development & Architecture

Cybersecurity & Defense

Defense-in-depth strategies, practical security hardening, and analysis of real threats and defenses. Security as an enabler, not a bottleneck.Explore security articles

AI & Automation

Augmentation over replacement. We explore practical AI workflows, human-centric automation, and how AI can enhance (not replace) human expertise and creativity.Explore AI articles

How We Work

Real projects, real constraints: We share from actual experience, not ivory tower theory
Practical over academic: Solutions that work in production matter more than perfect architecture diagrams
Transparent trade-offs: Every decision has costs—we discuss them openly
Open source by default: @dcyfr/ai, @dcyfr/ai-cli, @dcyfr/ai-rag, and @dcyfr/ai-code-gen are all published on npm and free to use
Continuous learning: Technology evolves, and so do we

Through our blog and projects, we share knowledge and practical guidance from real production systems — from security architecture to AI agent engineering and open-source framework development.

Meet the Team

Author of @dcyfr/ai, a portable open-source AI agent framework on npm, and a human-AI partnership building secure software at scale.

Drew

Founding Architect

Founding Architect and creator of @dcyfr/ai — a portable open-source TypeScript AI agent framework with plugin marketplace, delegation system, and 20+ specialist agents published on npm. Security architect with a decade of experience leading global security programs and secure AI engineering.

DCYFR

AI Lab Assistant

An autonomous agent swarm built on the @dcyfr/ai framework — 20+ specialist agents for security analysis, code generation, architecture review, and delegation-routed task execution. Published on npm and powering DCYFR Labs development.

Latest Badges

25 Total

GIAC Defensible Security Architecture (GDSA)

Issued by Global Information Assurance Certification (GIAC)

Issued May 2025

View Badge

GIAC Strategic Planning, Policy, and Leadership (GSTRT)

Issued by Global Information Assurance Certification (GIAC)

Issued November 2024

View Badge

GIAC Certified Incident Handler (GCIH)

Issued by Global Information Assurance Certification (GIAC)

Issued July 2024

View Badge

View all certifications

Top Skills

9 Skills

In 10 certifications

In 7 certifications

In 7 certifications

In 6 certifications

Application Security5x

In 5 certifications

Behavioral Analytics5x

In 5 certifications

Penetration Testing5x

In 5 certifications

Vulnerability Assessment5x

In 5 certifications

Information Security4x

In 4 certifications

View all skills

Our AI Agent Team

DCYFR is built by a swarm of specialised AI agents, each with deep expertise in a specific engineering domain. Together they handle everything from feature development to security auditing — autonomously and at scale.

Framework

DCYFR

Workspace Orchestrator

The primary workspace agent. Coordinates cross-project work, enforces quality standards, and routes tasks to the right specialist. Serves as the DCYFR subject-matter expert for architecture decisions and cross-package changes.

Cross-project coordinationAgent routingQuality enforcementArchitecture decisions

Engineering

Fullstack Developer

End-to-End Feature Engineer

Implements complete features from database schema through Next.js UI. Handles React Server Components, API routes, Drizzle ORM, and full test coverage — shipping production-ready code in a single pass.

Next.js App RouterDrizzle ORMTypeScriptAPI routesUI components

TypeScript Pro

Type System Specialist

Deep TypeScript expertise: advanced generics, mapped types, conditional types, and strict null-safety. Migrates JavaScript to TypeScript and designs type-safe APIs that prevent entire categories of runtime errors.

Advanced genericsType inferenceStrict modeAPI type safetyMigration

Database Architect

Data Layer Designer

Designs PostgreSQL schemas with Drizzle ORM, creates migrations, and optimises slow queries. Balances normalisation with read performance and ensures referential integrity across the data model.

PostgreSQLDrizzle ORMSchema designQuery optimisationMigrations

Quality

Security Engineer

Security & Vulnerability Specialist

Audits code for OWASP vulnerabilities, performs threat modelling, and hardens authentication and authorisation flows. Enforces TLP classification and reviews dependency risk via automated Dependabot triage.

OWASP auditingThreat modellingAuth hardeningDependency reviewTLP classification

Architecture Reviewer

Design Pattern Validator

Reviews system designs against SOLID principles, identifies coupling risks, and writes Architecture Decision Records (ADRs). Ensures new patterns align with established conventions before implementation begins.

SOLID principlesADR writingDesign patternsCoupling analysisRefactoring plans

Test Engineer

Test Strategy & Coverage

Designs Vitest test suites for unit, integration, and end-to-end scenarios. Achieves ≥99% pass rates, generates coverage reports, and enforces testing conventions so regressions are caught before merge.

VitestUnit testingIntegration testsCoverage reportingTest architecture

Operations

DevOps Engineer

CI/CD & Infrastructure

Manages GitHub Actions workflows, Vercel deployments, and Docker containerisation. Maintains the 30-job automation platform and ensures every commit reaches production safely and verifiably.

GitHub ActionsVercelDockerAutomation platformDeployment pipelines

Performance Profiler

Core Web Vitals Optimiser

Profiles Next.js bundle sizes, optimises images, and eliminates render-blocking resources. Targets Lighthouse scores ≥95 and tracks Core Web Vitals regressions using the Elvis benchmark suite.

Core Web VitalsBundle analysisImage optimisationLighthouseReact profiling

Connect with Us

We'd love to hear from you! Whether you have questions, feedback, or just want to say hello, feel free to reach out through our social channels below.

We're currently available for new projects!

Our calendar is now open! Whether you're looking for advice on secure coding practices, application performance, or architecture, we're here to help.

Booking Page

Meet with us

Twitter/X

DEV

Read our articles on DEV

Connect on LinkedIn

Peerlist

Build on Peerlist

Wellfound

Explore startups on Wellfound

GitHub

View our code

Become a Sponsor

Support open source projects

Credly

View our professional certifications

Goodreads

Read through our bookshelf

Our AI Agent Team

Framework

DCYFR

Workspace Orchestrator

Cross-project coordinationAgent routingQuality enforcementArchitecture decisions

Engineering

Fullstack Developer

End-to-End Feature Engineer

Next.js App RouterDrizzle ORMTypeScriptAPI routesUI components

TypeScript Pro

Type System Specialist

Advanced genericsType inferenceStrict modeAPI type safetyMigration

Database Architect

Data Layer Designer

Designs PostgreSQL schemas with Drizzle ORM, creates migrations, and optimises slow queries. Balances normalisation with read performance and ensures referential integrity across the data model.

PostgreSQLDrizzle ORMSchema designQuery optimisationMigrations

Quality

Security Engineer

Security & Vulnerability Specialist

OWASP auditingThreat modellingAuth hardeningDependency reviewTLP classification

Architecture Reviewer

Design Pattern Validator

SOLID principlesADR writingDesign patternsCoupling analysisRefactoring plans

Test Engineer

Test Strategy & Coverage

VitestUnit testingIntegration testsCoverage reportingTest architecture

Operations

DevOps Engineer

CI/CD & Infrastructure

Manages GitHub Actions workflows, Vercel deployments, and Docker containerisation. Maintains the 30-job automation platform and ensures every commit reaches production safely and verifiably.

GitHub ActionsVercelDockerAutomation platformDeployment pipelines

Performance Profiler

Core Web Vitals Optimiser

Profiles Next.js bundle sizes, optimises images, and eliminates render-blocking resources. Targets Lighthouse scores ≥95 and tracks Core Web Vitals regressions using the Elvis benchmark suite.

Core Web VitalsBundle analysisImage optimisationLighthouseReact profiling