Ask me about Derek
An AI Q&A wired into my resume: the backend runs RAG on Cloudflare Workers AI and answers only from my projects and experience. Ask what I've built or what I'm good at.
How this Q&A resists abuse
A public, unauthenticated LLM endpoint is an attack surface. These guardrails are as much part of the work as the Q&A itself:
-
Grounded in the resume
Designed to answer only from retrieved resume chunks; when something is not in them, it is instructed to say so rather than make things up.
-
Off-topic task refusal
Code writing, translation and other chores are designed to be declined, even when mixed into an otherwise legitimate question.
-
Prompt-injection defenses
Visitor input is fenced and smuggled fence tags are neutralized; chat history is treated as untrusted and sanitized first.
-
Privacy boundaries
Salary, phone and address are off limits; only contact info the owner chose to publish is shared. Q&A logs store no IPs.
-
Rate & cost limits
Daily global and per-IP caps, input length limits, oversized payloads rejected outright, CORS allowlist.
-
Graceful degradation
Clear errors when AI or retrieval fails; query rewriting falls back on timeout; the streaming UI degrades gracefully.