Josh Sisto builds secure software, automation, and self-hosted AI.

Cybersecurity-minded full-stack developer. This page is a live demo of that work — a gated local-LLM chat, real-time visitor-recon receipts, browser-side PGP, and published cryptographic identity.

Live demo: browser signal check → PHP gate → streamed AI.

The human check and chat run on JavaScript. With it off, reach Josh through the published identity links below — security.txt lists his contact address.

Solve the check below to reveal it.

Built like a portfolio piece

What this page is quietly flexing

Streaming AI, fenced in

A same-origin PHP proxy gates every request, rate-limits abuse, clamps history, and streams tokens without exposing the LAN model.

Recon with receipts

IP, VPN flags, user agent, TLS, timezone, screen, and privacy headers are surfaced transparently instead of being hidden in logs.

Crypto-native contact

The page publishes identity material and encrypts sensitive messages to Josh's PGP key in the browser.

Operator habits

The public gag is backed by documented nginx routing, runbooks, challenge logic, and defensive defaults.

Selected work

Public projects

sisto.xyz

An identity & crypto playground — keys, signatures, and web-native crypto experiments.

joshsisto.com — this page

The site you're reading: a gated local-LLM proxy, live visitor-recon receipts, browser fingerprinting, and in-browser PGP — built, deployed, and self-hosted end to end. More projects are in the works; email for an early look.

Verify it's really me

Don't take a chatbot's word for it — here's my published cryptographic identity.

Send an encrypted message

Encrypted in your browser with my PGP key — the plaintext never leaves this page. You send me the ciphertext.

Public-key crypto, hands-on

Verify my signature, then learn how it works by doing it — keys are generated and used entirely in your browser. Nothing is uploaded.

A keypair is a public key you hand out and a private key you guard. The public key locks (encrypts) and checks signatures ; the private key unlocks (decrypts) and signs . Try each piece below.

1 My key & fingerprint

The very key the encrypt box above uses. A fingerprint is a short hash of a public key — compare it across sources (this page, my pgp.txt , a keyserver) to be sure a key is really mine.

2 Verify a signed message

Paste a PGP clear-signed message — if it checks out, the signer's private key made it and not one byte changed. Hit the button for a statement I signed with my key (proof it's really me), or verify one you make in steps 3–4.

Use a different signer's public key

3 Make your own keypair

Generated in your browser — nothing leaves this page. Guard the private key and its passphrase; the public key is yours to share.

4 Sign & verify with your key

Sign with your private key; anyone verifies with your public key. (Generate a keypair in step 3 first.)

5 Encrypt & decrypt (round-trip)

Encrypt to your public key, then decrypt with your private key + passphrase. This is exactly what the “Send an encrypted message” box does with my key — only the private key can open it.