You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Adrien ValckeAV

Adrien Valcke

Senior Backend NestJS · DevSecOps · AI Integration

€800/day
Paris, FR
8-15 years

Average response time: 1 hour

About Adrien

Backend engineer who builds end to end: NestJS backends, hardened CI/CD, DevSecOps from commit to deploy, and AI agent tooling.

I build systems where the application and the delivery path are designed together. My pipelines use SHA-pinned actions, SBOMs, keyless Sigstore provenance, and blocking security gates. The stack is public and dogfooded on a production-grade NestJS invoice service.

Current public work:
• invoice-demo-service.coroboros.com: NestJS 11 + Fastify + MongoDB, OpenAPI-first REST API, lifecycle state machine, Pino logs, API tests against the built container.
• coroboros/ci + security/ci: reusable GitHub Actions and GitLab CI with supply-chain gates, trivy-gated images, OIDC/npm provenance, and canonical secret/advisory rulesets.
• skillward: Rust scanner for untrusted agent skills, fusing nine offline scanners into one CI verdict.
• agent-skills + scrybe: open-source skills for Claude Code and compatible agents; scrybe is an offline Whisper CLI in Rust.
• mcllrealestate.com: multilingual real-estate platform on Next.js 16, Cloudflare Workers, Neon Postgres, Drizzle, MapLibre, and Pipedrive.

I use Claude Code and Codex daily, under strict controls. I also build the tooling, rules, and scanners that make agent-assisted development safer.

10+ years backend. Open to freelance, remote France / EU or hybrid.

github.com/coroboros · gitlab.com/coroboros
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km)

Experience

  • Coroboros
    Founder & Principal Engineer
    DIGITAL AND IT
    January 2025 - Today (1 year and 6 months)
    Paris, France
    Coroboros is the tech and AI studio I founded to build software and secure the path it travels.

    I design and ship websites, applications, agentic systems, automations, and generative AI workflows. Delivery is hardened by default: SHA-pinned actions, SBOMs, keyless Sigstore provenance, container scanning, secret scanning, and blocking security gates.

    Selected work:
    • mcllrealestate.com — luxury real-estate platform in four languages (EN / FR / TH / ZH), built end to end: product positioning, brand direction, logo and palette choices, design system, UX, copy/brand voice, architecture, implementation, compliance, deployment, and handover. Next.js 16, React 19, Cloudflare Workers, Neon Postgres, Drizzle, multilingual search, self-hosted MapLibre maps, Cloudflare Access admin, and Pipedrive CRM integration. GDPR, Thai PDPA, and EAA accessibility compliant.
    • invoice-demo-service.coroboros.com — production-grade NestJS + Fastify + MongoDB microservice. OpenAPI-first REST API, lifecycle state machine, Pino logs, API tests against the built container, trivy-gated image, signed provenance, and blocking release gates.
    • Open source and agent tooling — skillward audits untrusted agent skills before install; shellscan finds shell hidden in repos, GitLab CI, and GitHub Actions YAML; agent-skills ships open-source skills for Claude Code and compatible agents; scrybe is an offline Whisper CLI in Rust.

    Stack:
    Backend: TypeScript, Node.js, NestJS, Fastify, REST / OpenAPI, Neon Postgres + Drizzle, MongoDB + Mongoose, Zod.
    Frontend: Next.js, React, Astro, TanStack Start, Tailwind.
    Edge & infra: Cloudflare Workers, R2, KV, Durable Objects, Containers, Workers AI, Docker, microservices.
    Security: supply-chain security, cosign / Sigstore, SBOMs, osv-scanner, gitleaks, trivy.
    AI & agentic: Anthropic / Claude ecosystem, MCP, Claude Code, Codex.
    Tooling: Biome, Vitest, Playwright, pnpm.
    Supply Chain Security CI/CD DevSecOps intelligence artificielle Cloudflare
  • Open Source Projects
    Open Source Developer & Maintainer
    SOFTWARE PUBLISHING
    September 2015 - Today (10 years and 10 months)
    Paris, France
    Long-running open-source work across Node.js, TypeScript, Rust, CI/security, and agent tooling. Started with small zero-dependency Node.js libraries and contributions; now focused on maintained packages, CLIs, and reusable security tooling under Coroboros.

    Current maintained work:
    • @coroboros/uri — RFC-3986 URI toolkit for Node.js: IDN, IPv6 zone identifiers, Sitemap URLs, strict validation, and zero dependencies.
    • @coroboros/sparkline — zero-dependency SVG sparkline generator for Node.js with precision controls and accessibility metadata.
    • @coroboros/location-timezone — country, capital, city, ANSI state, and IANA timezone lookups with ~40,000 city coordinates and O(1) indexes.
    • @coroboros/clone and @coroboros/pdf-cleaner — prototype-aware deep clone / freeze, plus local PDF metadata and link stripping.
    • skillward, shellscan, and scrybe — CLIs for untrusted agent-skill scanning, shell and CI script linting, and offline Whisper transcription.
    • agent-skills — open-source skills for Claude Code and compatible agents.

    Earlier work:
    • Contributions to barcode, json-schema-faker, and openapi-mock-express-middleware.
    • Legacy Node.js utilities for chromatic logging, MIME types, URI parsing, sparklines, S3 helpers, object helpers, and ESLint setup.

    Standards: TypeScript strict, Node.js 22, ESM/CJS packages, Vitest, Biome, pnpm, Rust, GitHub Actions, GitLab CI, OIDC/npm provenance, signed releases, SBOMs, and security gates.
    CI/CD Rust Open Source Software Typescript Node.js
  • Cyberspeed
    DevOps & Full-Stack Delivery Engineer
    SOFTWARE PUBLISHING
    June 2024 - December 2024 (6 months)
    Dubai - United Arab Emirates
    DevOps and full-stack delivery role for a Dubai company running sensitive, self-hosted web platforms with distributed development teams.

    I reviewed and onboarded code produced across Vietnam and Dubai, checked implementation quality, brand consistency, deployment readiness, and production behavior, then shipped it to company-controlled servers without relying on managed cloud infrastructure.

    The work sat between code review, release engineering, server operations, and hands-on fixes.

    I configured Linux servers with the ops team, installed runtimes and dependencies, hardened access and deployment surfaces, tuned PM2 process management, checked logs, validated live releases, and handled rollback / fix-forward situations when production behavior diverged from the expected result.

    Around 30% of the role was direct development and remediation: fixing Vue / TypeScript frontends, Express backends, deployment scripts, runtime configuration, and integration issues before or after release.

    The environment had strict data-governance and infrastructure-control constraints. That made the work less about consuming cloud services and more about understanding the full chain: code ownership, server access, runtime behavior, security posture, release discipline, and operational verification.

    Stack: Linux servers, PM2, Node.js, Express, Vue, TypeScript, Vitest, Volta, Git, deployment scripts, server configuration, logs, access control, release checks.
    Vue.js DevOps Revue de code Linux Node.js

Recommendations

Be the first to recommend Adrien

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • CSS3 Des applications ultra-rapides avec
    CSS3 Des applications ultra-rapides avec
  • Simplifiez vos développements JavaScript
    jQuery
    Simplifiez vos développements JavaScript

Categories