IRONFEAST LABS

Engineering Reliability in Complex Systems.

Ironfeast Labs is the research and development arm of Ironfeast.tv. We specialize in software supply chain security, declarative infrastructure, and the intersection of media production workflows with cloud-native engineering.

๐Ÿ”ฌ CURRENT RESEARCH: PROJECT CARVEL-NIXIFY

Status: National Science Foundation (NSF) Phase I Project Pitch

The Challenge: The "Last Mile" of Software Integrity โ€” While Nix provides the gold standard for reproducible builds (bit-for-bit identical binary artifacts), and Carvel offers a modular suite for declarative Kubernetes deployments, these two powerful ecosystems are not natively compatible. This creates a gap where provenance and integrity are often lost before deployment.

The Innovation: We are developing a framework to bridge this gap, enabling End-to-End Verifiable Kubernetes Deployments. By integrating Nixโ€™s integrity guarantees into the standard Carvel GitOps workflow, we aim to solve the "last-mile" problem that currently prevents high-assurance sectors from adopting reproducible builds in production.

Technical Objectives:

  • Trusted Builder Integration: Extending kbld to utilize Nix as a hermetic builder, eliminating sources of non-determinism in OCI container images.
  • Cryptographic Attestation: Generating formal in-toto attestations for every build, signed via Sigstore (cosign) to prove authenticity and unforgeability.
  • Deployment-Time Enforcement: Developing a wrapper for kapp that enforces strict security policies, blocking deployments if cryptographic signatures fail verification.

This project pursues foundational research into verifiability and trust in complex software artifacts, aligning with SLSA Level 4 standards.

๐Ÿ‘จโ€๐Ÿ’ป OPEN SOURCE & LEADERSHIP

Principal Investigator: Joรฃo Pereira โ€” Core Engineer & Contributor, Carvel Project Team

Our research is grounded in deep architectural insight. As a confirmed engineer on the Carvel project team, the Principal Investigator brings intrinsic knowledge of the toolchain required to execute complex, cross-ecosystem integrations.

Code Repositories & Contributions:

  • Active Engineering: github.com/joaopapereira โ€” Contributions to the Carvel suite (ytt, kapp, kbld) and upstream Kubernetes tooling.
  • Labs Projects: github.com/ironfeast-media โ€” The future home of the Carvel-Nixify framework and open-source media automation tools.

๐Ÿค ENGINEERING SERVICES & CONTRACTING

Ironfeast Labs offers specialized engineering contracting for organizations seeking to modernize their delivery pipelines or solve complex infrastructure challenges. We bring the same "Systemic Mastery" viewed in our simulations to your production environment.

Core Competencies:

  • Kubernetes & GitOps: Design and implementation of modular deployment chains using Carvel or Helm.
  • Supply Chain Security: Implementation of SLSA frameworks, signing pipelines (Sigstore), and artifact verification.
  • Reproducible Builds: Consulting on migrating build systems to Nix for deterministic outcomes.
  • Workflow Automation: Leveraging AI-assisted tooling (Copilot/LLMs) to refactor legacy codebases and optimize developer velocity.

Collaboration Model: We engage in high-impact, short-to-medium-term contracts to architecture critical infrastructure or develop proof-of-concept integrations for high-assurance environments.

[Contact for Contracting Inquiries] | [View Technical Blog]