1-day current streak·7-day longest streak
Evgeny Balyakin Developer. I build small tools, usually because I got annoyed by something. Most of what's here is Go, Rust, or TypeScript. A lot of CLIs. SQLite wherever I…
Evgeny Balyakin
Developer. I build small tools, usually because I got annoyed by something.
Most of what's here is Go, Rust, or TypeScript. A lot of CLIs. SQLite wherever I can avoid running a server.

---
Things I've built
aishield — Safety layer for AI coding agents: blocks dangerous shell commands, strips secrets before they reach the agent context, keeps a JSONL audit log. Started this after an agent deleted a directory I hadn't committed yet. Go.
AgentFence — Seatbelt for the moment when "just point Codex at the repo" feels too trusting. Runs the agent in a shadow workspace, keeps .env, Git history, and $HOME out of reach, scans the result, and waits for you to apply the patch. Go.
SSH App Hub — Local control panel for web apps already running on SSH hosts. Finds JupyterLab, TensorBoard, MLflow, Streamlit, Grafana, and code-server on a remote box, then opens them through ordinary OpenSSH tunnels so I can stop memorizing ports. Python.
incident-ci — CI check for incident PRs, because "please fill out the incident notes" should not live in someone's memory. Keeps the Incident Card as Markdown in the repo, validates the YAML, and points GitHub annotations at the file reviewers are already approving. Python.
PgRelay — Transactional outbox and background jobs for Python services already sitting on PostgreSQL. Enqueue work in the same SQLAlchemy transaction as the thing that caused it, then let a small asyncio worker handle retries, leases, dead-letter jobs, and replay. For when a webhook in the request is too flimsy, but adding a separate queue feels like punishment. Python.
refraction — Offline scanner for hostile repository and package text that can derail AI-assisted review: prompt injection, refusal bait, obfuscated payloads, Trojan Source, and manifest tricks. Go.
dataminim — Offline scanner for the awkward database question: what PII and secrets are already in there? Reads PostgreSQL or SQLite metadata, samples bounded values, follows JSON paths, and writes console/JSON/HTML reports without exposing raw data. Go.
pr-audit — Local-first CLI for reviewing large diffs. Finds risky changes hiding in noisy PRs: weakened tests, unsafe code, type suppressions, and secret-like values. TypeScript.
archlint — Architecture drift starts as one harmless import. Define the layers in archlint.yaml; it checks Python, TypeScript, and JavaScript imports for boundary leaks, layer cycles, banned packages, and files that depend on too much. Deterministic CLI, no LLM. TypeScript.
tessera — Publishing CLI for manuscripts that still live in Word or LibreOffice. Keeps named styles as meaning, so poems, letters, epigraphs, and bits of foreign text don't get flattened into "some italics with indentation". Builds EPUB, LaTeX, and PDF from the same DOCX/ODT source. Go.
mergetyp — Mail-merge for PDFs when the template deserves better than a pile of string replacements. Write the layout in Typst, feed it CSV, JSON, or YAML, and get one PDF per record: certificates, invoices, letters, whatever batch paperwork showed up this time. Python.
llmfail — Local proxy that adds failover between LLM providers. Anthropic returning 429s? Falls through to OpenAI or wherever. Mostly just a routing layer, smaller than you'd expect. Go.
smartproxy — Local LLM proxy for the setup that starts with one API key and somehow grows into retry scripts, budget checks, and a cost spreadsheet. Point OpenAI-compatible clients at it and get routing, failover, SQLite telemetry, optional caching, and a terminal dashboard. Go.
querygate — Go middleware and reverse proxy for the awkward HTTP case where a read needs a request body, but POST makes it look like a write. Speaks QUERY, advertises Accept-Query, caches safe body-aware responses, and can bridge older backends through POST. Go.
codebone — CLI and MCP server for giving agents compact code context. Extracts symbols, signatures, and structure with tree-sitter instead of dumping whole files. TypeScript.
ragimg — RAG indexing for the parts of docs that live in images. Reads Markdown/HTML, skips badges and logos, captions useful diagrams/screenshots/charts once, and writes JSONL chunks for the embedding pipeline you already have. Go.
skill-eval-runner — Test runner for SKILL.md files. Spins up a fresh workspace, lets an agent work, then checks what actually happened: files, commands, JSON, exit codes, tokens, and CI reports. Built because "the chat looked right" is not a regression test. TypeScript.
sqliteq — Job queues, pub/sub, and scheduled jobs inside a single SQLite file. No daemon, no Redis. Just a file. Rust.
SteadySend — File transfer for the dull but painful case: one huge file, a flaky network, and a retry that shouldn't start from zero. If the link drops, run the same command again; it resumes from verified chunks. Go.
snapback — Incremental local backups for project folders. Per-file deduplication, SQLite index, and restore by date or file when you need to rewind without thinking about it. Python.
tokmon — Proxy for tracking token usage and costs across Anthropic/OpenAI. If you run a lot of agents you'll want this before the invoice arrives. Go, SQLite.
sudocheck — Linux privilege escalation audit: sudo rules, SUID/SGID binaries, capabilities, GTFOBins cross-reference. Outputs JSON or SARIF. Go.
depshield — Supply-chain check for package managers. One command, works across npm/pip/cargo/etc. Go.
git-pulse — Codebase diagnostics from git history: churn, ownership, dead zones. Rust, TUI.
TubeSift — Search YouTube channels by subtitle content, from the terminal. Full-text index. Python, SQLite.
---
Stack
Go for most backend tooling. Rust when I want small binaries or need the performance. Python for scripting and quick prototypes. SQLite as default storage — you can get surprisingly far without running a server.
-
agentfence ★ PINNED
Go CLI for running AI coding agents in temporary shadow workspaces
Go ★ 3 15d agoExplain → -
flight-devtools ★ PINNED
Security boundary DevTools for React Flight and RSC payloads. Parse streams, inspect server/client exposure, detect secrets, PII, Server Actions, and protocol anomalies in a Chrome DevTools panel.
TypeScript ★ 1 2mo agoExplain → -
llmfail ★ PINNED
A zero-config, drop-in local proxy for LLM APIs. Never let 429 Rate Limits or API downtimes interrupt your AI coding agents (Claude Code, Aider, Cursor) again.
Go ★ 1 2mo agoExplain → -
mergetyp ★ PINNED
CLI mail-merge and batch PDF generator powered by Typst. Generate one PDF per CSV, JSON, or YAML record using real Typst data literals instead of text substitution.
Python ★ 1 22d agoExplain → -
sqliteq ★ PINNED
Zero-polling job queues, pub/sub and cron inside your SQLite file. Uses OS-native file watchers instead of busy loops. Drop-in, no daemon, no Redis.
Rust ★ 0 2mo agoExplain → -
pgrelay ★ PINNED
PostgreSQL-backed transactional outbox and background jobs for Python — no extra broker needed
Python ★ 0 4d agoExplain → -
sovereign-droid
Open infrastructure for verifiable Android supply-chain audits, reproducible builds, AOSP testing, and signed evidence reports.
Python ★ 0 2h agoExplain → -
snapback
Incremental local backups for project folders with per-file deduplication, SQLite indexing, and fast restore by date or file.
Python ★ 0 2d agoExplain → -
homelink-gateway
Домашний интернет на iPhone из любой точки мира — безопасно и без сторонних VPN-сервисов
Go ★ 0 3d agoExplain → -
homelink-ios
No description.
★ 0 4d agoExplain → -
tracemap-pr
Deterministic pull request impact analysis for Python backends using git diff, OpenAPI, coverage, traces, and static analysis
Python ★ 0 6d agoExplain → -
mcp-contract-ci
No description.
★ 0 11d agoExplain → -
queryguard-ci
No description.
★ 0 11d agoExplain → -
balyakin
No description.
★ 0 12d agoExplain → -
ssh-apphub
A local-first UI for discovering and opening web apps running on SSH hosts
Python ★ 0 13d agoExplain → -
contrib-guard
Policy-as-code GitHub App backend for auditable maintainer triage of pull requests and issues.
Python ★ 0 17d agoExplain → -
incident-ci
GitHub Action and CLI for validating Incident Card markdown files in pull requests
Python ★ 0 20d agoExplain → -
cache-proof
CLI tool that proves Redis-backed caches are disposable by running app probes through controlled cache failure scenarios.
Go ★ 0 21d agoExplain → -
role-fence
No description.
★ 0 22d agoExplain → -
fsbench
No description.
Python ★ 0 26d agoExplain → -
querygate
Body-aware Go middleware and reverse proxy for adopting the HTTP QUERY method with conservative caching, Accept-Query discovery, and safe QUERY-to-POST fallback.
Go ★ 0 27d agoExplain → -
refraction
Deterministic offline scanner for repositories and package artifacts, detecting prompt injection, refusal bait, Trojan Source, obfuscation, and supply-chain anti-analysis before AI code review.
Go ★ 0 28d agoExplain → -
dataminim
No description.
Go ★ 0 1mo agoExplain → -
llm-fit
No description.
★ 0 1mo agoExplain → -
ragimg
Turn documentation images into RAG-ready text chunks for any vector database.
Go ★ 0 1mo agoExplain → -
chat-vault
No description.
★ 0 1mo agoExplain → -
tessera
Semantic DOCX/ODT to PDF and EPUB converter for authors and publishers
Go ★ 0 1mo agoExplain → -
archlint
Enforce architectural boundaries in Python, TypeScript, and JavaScript codebases with deterministic YAML rules.
TypeScript ★ 0 1mo agoExplain → -
smartproxy
Local-first OpenAI-compatible LLM proxy with smart routing, failover, SQLite telemetry, budgets, response caching, Anthropic translation, and a terminal dashboard.
Go ★ 0 1mo agoExplain → -
steady-send
Reliable resumable encrypted file transfer CLI for large files over unstable networks
Go ★ 0 1mo agoExplain → -
agent-gate
No description.
★ 0 1mo agoExplain → -
aishield
Local safety layer for AI coding agents: block dangerous commands, mask secrets, filter env vars, and keep JSONL audit logs.
Go ★ 0 1mo agoExplain → -
spendhawk
Local-first SaaS spend intelligence: scan CSV, PDF, EML and Gmail invoices, detect unused subscriptions, duplicate tools, price spikes and renewal risks, and get actionable savings recommendations.
TypeScript ★ 0 2mo agoExplain → -
codebone
Agent-native CLI and MCP server for compact, syntax-aware code context, symbol search, project maps, and secure read-only source code analysis across TypeScript, Python, Go, Rust, and more.
TypeScript ★ 0 2mo agoExplain → -
skill-eval-runner
CLI runner for testing AI coding-agent Skills with sandboxed workspaces, deterministic assertions, provider adapters, and CI-ready reports.
TypeScript ★ 0 2mo agoExplain → -
iac-auditor
No description.
★ 0 2mo agoExplain → -
quack-gate
Secure production gateway and policy pack for DuckDB Quack: TLS, static token auth, query policies, rate limiting, audit logs, and admin metrics.
Go ★ 0 2mo agoExplain → -
pr-audit
Local-first CLI that finds risky changes in large pull requests and AI-assisted code diffs.
TypeScript ★ 0 2mo agoExplain → -
photo-caption
No description.
★ 0 2mo agoExplain → -
cloudfuse
Experimental encrypted virtual cloud disk for macOS/macFUSE, built in TypeScript with chunked storage, encrypted metadata, and WebDAV cloud backends.
TypeScript ★ 0 2mo agoExplain → -
cat-background-replacer
React PWA for replacing cat photo backgrounds with browser segmentation, OpenRouter-generated scenes, local compositing, export, and history.
TypeScript ★ 0 2mo agoExplain → -
forge-link
Self-hosted automation bridge for Forgejo/Gitea webhooks: trigger deploy hooks, external CI, retries, dashboard, and commit statuses.
Go ★ 0 2mo agoExplain → -
dep-doctor
Offline-first CLI and GitHub Action for dependency health checks across npm, Python, Rust, and Go: vulnerabilities, risky scripts, typosquatting, stale packages, licenses, and baseline-aware CI reports.
JavaScript ★ 0 2mo agoExplain → -
sudocheck
Linux privilege escalation audit CLI: scans sudo, SUID/SGID and capabilities, maps findings to GTFOBins, and outputs actionable fixes in terminal, JSON and SARIF.
Go ★ 0 2mo agoExplain → -
depshield
One command to protect all your package managers from supply-chain attacks
Go ★ 0 2mo agoExplain → -
ai-cost-guard
Proxy and dashboard for controlling LLM spend with hard caps, pre-request reservations, and ROI analytics
TypeScript ★ 0 3mo agoExplain → -
llm-bouncer
A transparent failover proxy for LLM APIs. Survive 500s and 429s without changing your code.
Go ★ 0 3mo agoExplain → -
banguard
Never miss a ban threat again. Sleep tight, ship fast.
★ 0 3mo agoExplain → -
agentwall
Local firewall for AI coding assistants
Go ★ 0 3mo agoExplain → -
git-pulse
A CLI utility for rapid codebase diagnostics using git metadata.
Rust ★ 0 3mo agoExplain → -
leakguard
Static analyzer that tracks resource lifecycles across all code paths to find locks, connections, and handles that leak on error paths. Inspired by the 57-year-old bug found in Apollo 11 guidance code.
TypeScript ★ 0 3mo agoExplain → -
TubeSift
A powerful YouTube channel search tool for the terminal.
Python ★ 0 3mo agoExplain → -
homebrew-tubesift
No description.
★ 0 3mo agoExplain → -
apkscan
APK Static Analyzer
Python ★ 0 3mo agoExplain → -
git-sentinel
A CLI tool that intercepts and blocks destructive git commands
Go ★ 0 3mo agoExplain → -
phantom-dep-scan
Catch supply chain attacks before npm install finishes
TypeScript ★ 0 3mo agoExplain → -
tokmon
Transparent local proxy for Anthropic/OpenAI that tracks token usage, estimated cost, and anomalies in a live terminal dashboard.
Go ★ 0 3mo agoExplain → -
pgkernel
PostgreSQL & Linux Kernel Health Checker
Go ★ 0 3mo agoExplain → -
secretless-acme
No description.
Python ★ 0 3mo agoExplain → -
deslopify
A specialized Python static analyzer (linter) designed to detect and clean up AI-generated 'slop', hidden bugs, and architectural anti-patterns left behind by LLMs.
Python ★ 0 4mo agoExplain → -
llm-sanitizer
Safely use AI coding agents with your private codebase. On-the-fly code sanitization via FUSE
Python ★ 0 6mo agoExplain → -
telegram-llm-bot
No description.
Python ★ 0 1y agoExplain → -
architecture-sprint-7
No description.
Shell ★ 0 1y agoExplain → -
uuid32
No description.
Python ★ 0 1y agoExplain → -
architecture-sprint-6
No description.
★ 0 1y agoExplain → -
architecture-sprint-8 ⑂
No description.
★ 0 1y agoExplain → -
architecture-sprint-5 ⑂
No description.
★ 0 1y agoExplain → -
russian-travel
Проект: Путешествие по России
HTML ★ 0 3y agoExplain →
No repos match these filters.