Divyesh P K | Cloud & Security Engineer

Hi, I'm Divyesh P K.Cloud & Security Engineer building secure and scalable systems.

I design and operate secure and scalable systems.

Focusing on infrastructure, automation, and security at scale.

About

I am Divyesh P K, a Cloud and Security Engineer with a strong focus on designing, deploying, and operating resilient infrastructure at scale. My background spans both traditional network engineering and modern cloud-native architectures.

Rather than building generic software, I thrive on the complexities of system design—automating away toil, securing the software supply chain, and ensuring that platforms can withstand failure without compromising data integrity or availability.

I'm constantly exploring the trade-offs between zero-trust security postures and developer velocity, aiming to build environments that are both impenetrable by default and seamless to use.

Featured Systems

Deep dives into recent architecture and technical decisions.

Go-HostGitHub ↗

GoDNS

The Problem

A lightweight DNS server written in Go — with domain blocking, allowlisting, per-client rate limiting, and query logging.

Key Decisions

  • DNS Forwarding - Proxies queries to an upstream DNS server (defaults to 1.1.1.1:53)
  • Domain Blocking — Blocks domains listed in blocked_domains with an NXDOMAIN response
  • Domain Allowlisting — Explicitly permit domains via allow_domains, bypassing the blocklist
  • Per-Client Rate Limiting — Caps each client IP at 10 requests per minute to prevent abuse
  • Query Logging - Logs every query with its domain, client IP, and resolution status (Success, Blocked, Rate Limited)
  • Zero Dependencies - Pure Go standard library, no heavy frameworks

Challenges

Implementing DNS-over-TCP and graceful shutdown while handling UDP/TCP concurrency.

Outcome

Built a type-safe, concurrent DNS server in Go with features like domain filtering, rate limiting, and logging.

Incognito PromptGitHub ↗

Browser ExtensionPrivacyJavaScriptManifest V3

The Problem

A privacy-first browser extension that strips sensitive data (file paths, project names, PII) from text prompts before they reach LLMs like ChatGPT, Claude, and Gemini.

Key Decisions

  • 100% Local Processing — All sanitization happens in-browser via JavaScript; zero data leaves the machine
  • Paste Interception — Registers a capture-phase paste listener across 8 LLM domains to sanitize before the site's own handler fires
  • Path Stripping — Detects Unix/macOS and Windows file paths via regex and replaces them with a configurable placeholder (e.g.,[LOCAL_PATH])
  • Custom Matchlist — Users can define specific words, project names, or codenames to be redacted to [REDACTED]
  • Targeted Activation — Two modes: universal (all supported domains) or site-specific (user-selectable whitelist)
  • DOM Agnostic — Uses document-level event capture (not CSS selectors) so it survives LLM DOM changes
  • Synchronous Settings Cache — chrome.storage is read once and cached so the paste handler has zero async gap, preventing race conditions with downstream handlers
  • Manifest V3 — Full adherence to Chromium MV3 with a service worker background script

Challenges

Intercepting paste events in the capture phase before the host LLM's handler runs, while preserving web URLs (so path regex doesn't mangle them) and supporting both native inputs and contentEditable elements across diverse LLM UIs.

Outcome

Built a zero-dependency, privacy-hardened Chrome extension that strips internal paths and sensitive keywords from pasted prompts across all major LLM platforms, with a clean options UI and roadmap to full PII redaction.

MarkletGitHub ↗

Browser ExtensionJavaScriptDOM

The Problem

A privacy-first browser extension that lets users save and revisit exact text snippets from any webpage — with cross-DOM-node text matching, temporary visual highlighting, and full bookmark management.

Key Decisions

  • Dual Manifest Split — Separate manifests for Chrome (MV3 with service worker) and Firefox (MV2) to support both browser families during the MV3 transition
  • Cross-Node Text Matching — Builds a combined normalized string across all DOM text nodes with a position mapping, enabling exact range selection even when text spans multiple HTML elements
  • Temporary Visual Highlight — Matched text gets a gold (#e2c97e) highlight via surroundContents that fades out over 1.5 seconds and is removed after 2 seconds
  • Jump-Back Navigation — Clicks a bookmark, if on the source page scrolls and highlights; if on a different page, navigates there first, waits for load, then finds and highlights the text
  • Local-First Storage — All bookmarks persisted in chrome.storage.local under a single markletBookmarks key; no external servers, analytics, or tracking
  • Right-Click Saving — Select text on any page, right-click 'Save to Marklet', and it's stored with text, URL, title, favicon, and timestamp
  • Real-Time Search — Filters bookmarks by keyword with matched text highlighted in blue accent marks
  • Dark Glassmorphism UI — Dark-themed 360x500 popup with translucent surfaces, gradient accents, smooth animations, and toast notifications

Challenges

Implementing cross-node text matching that handles whitespace normalization and non-breaking spaces while mapping normalized positions back to raw DOM offsets for precise range creation.

Outcome

Built a polished, privacy-focused browser extension with a sophisticated DOM text-matching engine, dual-browser support, and a modern dark-themed UI — all data stored locally with zero external dependencies.

Latest Articles

Technical deep dives, engineering notes, and thoughts on system reliability.

Visit Blog

Mini Apps & Tools

Small utilities built to solve specific problems.

Connect

Designed and built for scale. © 2026 Divyesh P K.