Camilo Valderruten

Staff DevOps Engineer at NerdWallet · AI Platform · Infrastructure

A working notebook

I ship production AI agents on the infrastructure I own: MCP servers, agent skills, a regulated RIA product, and the AWS platform 33 teams run on. I also know when to retire what I built.

[email protected] · LinkedIn

Years at NerdWallet: VI
Production AI systems: 5
AWS accounts: 77
Jarvis auto-resolve: ~25%

§ I

Now

I own NerdWallet's AI platform layer: productionized meta-mcp (24-tool MCP server for Meta Ads), built Advisor Check for the RIA line, designed the org skills repo and MCP catalog, and shipped the Editorial Fact Checker and Intercom Classifier. Jarvis was our first agent; I retired it in June 2026 once the org stack caught up.

I rolled out Claude company-wide ($5.2K/mo Bedrock replaced with a governed ~$2K cap), deploy Langfuse for agent observability, and work directly with the CEO and Engineering Director on AI strategy.

The substrate is still mine: 77 AWS accounts on Transit Gateway, EKS, Terraform, CI/CD. On personal time I build Faultline, a Go agent runtime and Kubernetes operator. Platform and agents are one job, not two.

§ II

Selected work

Shipped at NerdWallet and on personal time.

Jarvis

Retired Jun 2026

NerdWallet's first production AI agent. MCP + LangGraph on Slack, wired to PagerDuty and OpsLevel, auto-resolved ~25% of #infra-help tickets. Passed security review and Red Team. Deliberately decommissioned once the org-wide Claude + MCP platform made a bespoke agent redundant.

▸~25% auto-resolution
▸Security + Red Team
▸Build → sunset

MCP, LangGraph, Claude, Slack, PagerDuty.

Read the write-up →

Advisor Check

In production

Compliance-aware AI for NerdWallet's registered investment advisor line. 907-test Jest suite, Playwright e2e, Cloudflare Workers with Okta OIDC. Legal-compliance skill with SEC/FINRA checkpoints from counsel review.

▸907 Jest tests
▸RIA live product
▸Counsel-reviewed skills

TypeScript, Cloudflare, Okta, MCP, Playwright.

Read the write-up →

meta-mcp

In production

24-tool TypeScript MCP server for the Meta Ads API, used org-wide through Claude. Refactored OAuth to stateless JWE tokens and moved from ECS Fargate to scale-to-zero Lambda. CDK deploy via GitHub Actions OIDC.

▸24 MCP tools
▸ECS → Lambda
▸Org-wide adoption

MCP, TypeScript, Lambda, CDK, OAuth.

Read the write-up →

Skills Platform + MCP Catalog

In production

Org-wide agent skills repo (teams/<team>/<skill>, CODEOWNERS, embedding-similarity CI) plus the MCP onboarding decision tree and connector catalog every NerdWallet employee uses to wire Claude to internal systems.

▸500+ engineers
▸Per-team CODEOWNERS
▸MCP catalog

MCP, Skills, Governance, Platform.

Internal Fact Checker

In production

Editorial AI tool with NerdWallet's Editorial team. Extracts claims from articles, gathers evidence with grounded Gemini search, returns verdicts with suggested edits. V1.1 with 50+ editors onboarded.

▸50+ editors
▸Grounded RAG
▸Active feedback loop

FastAPI, LangGraph, Gemini, Vertex AI, pgvector.

Intercom Fin Classifier

In production

DBSCAN clustering over OpenAI embeddings of 26K Zendesk escalations into 20 actionable bug clusters. Surfaced 8 production bugs in 4 months, one missed for 107 days. Demoed to the CPO.

▸26K tickets
▸8 bugs surfaced
▸20 clusters

DBSCAN, OpenAI embeddings, Jira, Confluence, GitHub.

NerdWallet AWS Networking Platform

In production

Transit Gateway hub-and-spoke across three regions, IPAM-driven CIDR management, self-service account provisioning. Grew from 5 accounts / 2 teams to 77 accounts / 33 teams.

▸77 AWS accounts
▸33 teams
▸2,849 peering avoided

Transit Gateway, IPAM, Route 53 Resolver, EKS, Terraform.

Read the write-up →

Faultline

Personal project

Go AI agent runtime and Kubernetes operator: FaultlineAgent/FaultlineLLM CRDs, fleet UI, allowlist-only MCP tool security, OAuth DCR for HTTP MCP servers. Built solo with strict TDD.

▸Go operator
▸MCP allowlists
▸CRD-based agents

Go, Kubernetes, MCP, Operator.

Read the write-up →

§ III

Career arc

2026

Staff DevOps Engineer · NerdWallet

Shipped Advisor Check for the RIA line, productionized meta-mcp, designed the org skills platform and MCP catalog. Retired Jarvis once the company-wide Claude stack superseded it. Still own AWS networking (77 accounts) and advise the CEO and Engineering Director on AI.
Apr 2025

Promoted to Staff DevOps Engineer · NerdWallet

Shifted the focus toward AI agents and AI platform work while continuing to own core infrastructure. Started building the agents that now run company-wide.
2022

AWS Solutions Architect & HashiCorp Terraform certifications

HashiCorp Certified: Terraform Associate (July 2022). AWS Certified Solutions Architect – Associate (September 2022).
Mar 2021

Senior DevOps Engineer · NerdWallet

Redesigned NerdWallet's networking from VPC peering to AWS Transit Gateway and built the self-service AWS account platform still in use today. Led the ECS → Kubernetes migration with reusable Helm charts, CRDs, and Argo controllers. Drove toolchain modernization across Jenkins, Artifactory (Docker, npm, Go, PHP, Helm), OIDC for dev AWS accounts, and IMDSv1 removal. Early work on AI tooling governance (Copilot Business rollout, Cursor SCIM, Copilot PR Review) grew into the broader AI platform.
Jul 2020

DevOps Software Engineer II · NerdWallet

Joined the Infrastructure team. AWS, Terraform, and CI/CD work across the engineering org.
2018 – 2020

Site Reliability Engineer · Divio Technologies

Kept production systems reliable for a multi-cloud platform serving thousands of customers worldwide. Migrated infrastructure to Kubernetes across AWS, GCP, and Azure. Paired with developers on code review and CI/CD pipelines for pre-production testing.
2018

B.S., University of Southern California

Graduated USC (2014–2018). Leadership roles in Phi Delta Theta and Trojan Model United Nations, including Under-Secretary General and later Technology Director General.
2015 – 2017

Software Engineer · Ponder Products

Early engineering role while at USC. Led design and documentation of a Python REST API for a microservices platform serving 100K+ users. Docker-packaged services on AWS, with Elasticsearch, Consul, and Terraform in the daily toolbox.

Education & credentials

AWS Solutions Architect – Associate Amazon Web Services · 2022
HashiCorp Certified: Terraform Associate HashiCorp · 2022
B.S., University of Southern California 2014 – 2018
Languages English · Spanish · Italian (working)

§ IV

How I work

i. Ship early, put it in front of real users, iterate from what they actually do.
ii. Human-alongside-AI over full autonomy. The interesting work is in the workflow.
iii. Stability and simplicity beat architectural cleverness, every time.
iv. Developer experience is product work. Treat it that way.

§ V

Stack

Cloud: AWS · GCP (Vertex) · Cloudflare
Infra as code: Terraform · CDK
Orchestration: Kubernetes · EKS · Helm · ArgoCD
CI / CD: GitHub Actions · Jenkins
AI: LangGraph · MCP · Claude · Gemini · OpenAI · Langfuse · RAG
Data: PostgreSQL · pgvector · Redis · Embeddings · DBSCAN
Languages: Python · Go · TypeScript · Bash
Observability: Datadog · Coralogix · Langfuse

§ VI

Correspondence

The surest way to reach me is email: [email protected]. I also read messages on LinkedIn.

Set in Instrument Serif and Inter. Built with Astro. Hosted on Cloudflare Pages.