In a sea of cookie-cutter portfolio templates, I built something different. As someone transitioning from critical infrastructure security (Level 1 Trauma Centers) to offensive security, I wanted a portfolio that demonstrates what I actually do every day: work in terminals.
This isn't just a showcase—it's a proof of concept. It demonstrates:
- Systems thinking through architecture design
- Security mindset through implementation choices
- Technical depth through 2,700+ lines of production code
- Attention to detail through comprehensive testing
The terminal is my native environment. This portfolio proves it.
|
|
|
|
# Visit the live demo
https://TLimoges33.github.io/Portfolio_Terminal_Limoges.exe/
# Or run locally
git clone https://github.com/TLimoges33/Portfolio_Terminal_Limoges.exe.git
cd Portfolio_Terminal_Limoges.exe
npm install
npm run serve
# Open http://localhost:8000help # See all 25+ commands
whoami # Professional background
experience # 5+ years critical infrastructure
projects # Technical portfolio
certs # Certification roadmap
security # Security implementation report
synos # Syn_OS Linux distribution (18k+ lines C)
advisor # AI career guidance┌─────────────────────────────────────────────────────────────┐
│ PRESENTATION LAYER │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ xterm.js Terminal Emulator │ │
│ │ • FitAddon (responsive) • Custom theme engine │ │
│ │ • ANSI color support • Keyboard shortcuts │ │
│ └─────────────────────────────────────────────────────┘ │
├─────────────────────────────────────────────────────────────┤
│ APPLICATION LAYER │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────────┐ │
│ │ Command │ │ Input │ │ Session │ │
│ │ Parser │ │ Handler │ │ Manager │ │
│ │ • Tokenizer │ │ • History │ │ • localStorage │ │
│ │ • Router │ │ • Autocomplete│ │ • Analytics │ │
│ └──────────────┘ └──────────────┘ └──────────────────┘ │
├─────────────────────────────────────────────────────────────┤
│ SERVICE LAYER │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────────┐ │
│ │ AI Advisor │ │ GitHub API │ │ Blog Module │ │
│ │ • Rule-based │ │ • Live data │ │ • Substack │ │
│ │ • HF API opt │ │ • Caching │ │ • RSS parsing │ │
│ └──────────────┘ └──────────────┘ └──────────────────┘ │
├─────────────────────────────────────────────────────────────┤
│ INFRASTRUCTURE │
│ Service Worker (PWA) │ Web Vitals │ Error Boundaries │
└─────────────────────────────────────────────────────────────┘
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | Vanilla JavaScript | Zero framework overhead, maximum control |
| Terminal | xterm.js | Industry-standard terminal emulation |
| Testing | Vitest + Playwright | Unit + E2E coverage |
| PWA | Service Workers | Offline-first architecture |
| CI/CD | GitHub Actions | Automated testing & deployment |
| Hosting | GitHub Pages | Free, reliable, CDN-backed |
This portfolio practices what it preaches. Security isn't an afterthought—it's the foundation.
Content-Security-Policy:
default-src 'self';
script-src 'self' 'unsafe-inline' cdn.jsdelivr.net;
style-src 'self' 'unsafe-inline' cdn.jsdelivr.net;
connect-src 'self' api-inference.huggingface.co;
frame-ancestors 'none';
| Protection | Implementation | Status |
|---|---|---|
| XSS Prevention | CSP + Input sanitization | ✅ |
| Injection Attacks | Command whitelisting, no eval() | ✅ |
| Clickjacking | frame-ancestors 'none' | ✅ |
| HTTPS | Enforced via Service Worker | ✅ |
| Dependency Security | Minimal deps, CDN integrity | ✅ |
- ✅ 35 security-specific tests passing
- ✅ No XSS vulnerabilities
- ✅ No CSRF attack surface
- ✅ OWASP Top 10 compliant
- ✅ Security score: 9.5/10
npm test # 73 tests passing
npm run test:e2e # End-to-end with Playwright
npm run test:security # Security-specific suite| Suite | Tests | Coverage |
|---|---|---|
| Security | 35 | CSP, XSS, sanitization |
| Commands | 25 | All core functionality |
| Terminal | 13 | Input, history, autocomplete |
| Metric | Score |
|---|---|
| First Contentful Paint | <1s |
| Time to Interactive | <2s (first), <0.5s (cached) |
| Lighthouse Performance | 95+ |
| Bundle Size | 116KB (uncompressed) |
|
Cybersecurity Professional | Aspiring Red Team Operator
Certification Roadmap:
|
A custom Linux distribution built for MSSP operations:
Run |
portfolio-terminal/
├── index.html # PWA entry point
├── manifest.json # PWA configuration
├── sw.js # Service worker
├── css/style.css # Terminal styling (4KB)
├── js/
│ ├── main.js # Core application (1,927 lines)
│ ├── ai-advisor-simple.js # AI advisor logic
│ ├── modules/ # Feature modules
│ └── utils/ # Utility functions
├── tests/
│ ├── security.test.js # Security test suite
│ ├── commands.test.js # Command tests
│ └── e2e-commands.spec.js # E2E tests
└── documentation/ # 15+ technical guides
// 1. Define in js/data/commands.json
{
"mycommand": {
"description": "Does something cool",
"usage": "mycommand [args]"
}
}
// 2. Implement in main.js
const commandExecutors = {
mycommand: (term, args) => {
term.writeln("Output goes here");
}
};
// 3. Add tests
it('mycommand should work', () => {
const output = executeCommand('mycommand');
expect(output).toContain('expected result');
});npm run serve # Local development server
npm test # Run all tests
npm run test:e2e # Playwright E2E tests
npm run lint # ESLint check
npm run lint:fix # Auto-fix issues
npm run lighthouse # Performance auditThis is a static site—no build step required. Deploy these files:
index.html, manifest.json, sw.js, robots.txt, sitemap.xml
css/, js/, assets/
| Platform | Setup | Notes |
|---|---|---|
| GitHub Pages | Push to gh-pages branch |
Free, automatic |
| Netlify | Connect repo | Free tier, auto-deploy |
| Vercel | Import project | Edge optimized |
| Cloudflare Pages | Connect repo | Global CDN |
Looking for opportunities in:
- Penetration Testing
- Red Team Operations
- Security Engineering
- Vulnerability Research
Run hireme in the terminal for contact information.
MIT License - See LICENSE for details.
