> Your Phone as a Terminal: One Command, One QR Code, No SSH Client
A code review of TermBeam, a Node CLI that shares a local terminal to your phone over a QR code — no SSH, no port forwarding, no static IP.
BLOG://INDEX
Project notes, design thinking, speculative ideas.
> htop for Your Git History
A code review of gittop, a Go TUI that turns a dozen git log incantations into a seven-tab dashboard — with a participle-based filter language and braille-rendered charts. I wrote the project's first 22 stats tests and opened the PR.
> What's Actually in Your Docker Image? Reading the Parser That Tells You
A Rust TUI that inspects multi-gigabyte Docker images using 80 MB of RAM where dive chokes. I read the streaming tar-in-tar parser, wrote the project's first 55 unit tests, and got them merged same day.
> When AI Writes Your Firewall, Check the Math
An AI-generated eBPF firewall with 8,500 lines of Rust, an LLM honeypot, and a suspicion scoring bug that made its own behavioral engine useless. I read the code, fixed the math, and wrote it up.
> A Rust TUI for Your UniFi Network That Actually Takes Code Review Seriously
A code review of Unifly, a Rust CLI and TUI dashboard that tames Ubiquiti's split API mess into 27 commands and 10 monitoring screens — plus a contributed NAT update feature.
> Anatomy of a GitHub Actions Supply Chain Attack Targeting MCP Repos
A pull request to my MCP server Charlotte led me to uncover a supply chain attack spanning 250+ repos, 64 sockpuppet accounts, and five phases of escalating access — all funneling GitHub OIDC tokens to a single organization.
> Your Artifact Registry Doesn't Need 2 GB of RAM
A deep-dive into Nora, a 32 MB Rust binary that replaces Nexus and Artifactory — serving seven package protocols on under 100 MB of RAM.
> I Renamed All 43 Tools in My MCP Server. Here's Why I Did It Now.
Charlotte 0.6.0 ships a breaking change, batch form fills, and lazy browser launch. Plus the story of 7 strangers improving code I wrote alone in February.
> Your System Is Not a State Machine
State machines can't describe agentic AI systems. The state space is too vast, the behavior isn't stochastic, and the flowchart is a lie. What replaces it?
> Anthropic Leaked Its Own Source Code and May Not Own It
The Claude Code leak exposed 500,000 lines of source code. The DMCA takedowns that followed may have exposed something worse — that Anthropic can't legally claim copyright over code its own AI wrote.
> Your Encrypted Backups Are Slow Because Encryption Isn't the Bottleneck
A look at Concryptor, a Rust CLI that pipelines io_uring and AES-256-GCM to hit GB/s file encryption on commodity NVMe — and the CI cleanup PR that followed.
> The Blackwall Between Your AI Agent and Your Filesystem
A code review of greywall, a container-free sandbox that isolates AI coding agents with kernel-level enforcement — no Docker required.
> Why Your SFTP Transfer Is Stuck at 2 MB/s (and the Fix Is a Protocol from 1983)
How a 2 MB/s file transfer on localhost exposed a protocol bottleneck in russh-sftp — and why cubic switched to SCP to fix it.
> Finding Blocking Code in Async Rust Without Changing a Single Line
A code review of hud, an eBPF profiler that attaches to running Tokio processes and finds blocking code without recompilation.
> Nobody Reviews Their Agent's Code
A code review of crit, a Go tool that brings PR-style inline review to AI agent output with multi-round feedback loops.
> Secrets, Agents, and .env Files
Your AI agent can read your environment variables. It can also commit them. Here's how to make sure it doesn't.
> Stop Letting Agents Push to Main
Your AI coding agent is one bad prompt away from force-pushing to production. Here's the five-minute fix.
> I Let an AI Agent Use My Browser Tool Unsupervised. It Found 3 Bugs in 20 Minutes.
Dogfooding Charlotte MCP by watching an agent struggle through a real task, then fixing everything it hit.
> My MCP Server Was 2x Larger Than Playwright. Now It's 136x Smaller.
How I took Charlotte from embarrassingly bloated to the most token-efficient browser MCP server available, and what I learned about building tools for AI agents.
> Your LLM Doesn't Need 200 Lines of Test Output
A code review of tokf, a Rust CLI that compresses terminal output for LLM context windows — with 40 built-in filters and Claude Code integration.
> This CLI Launches Parallel AI Agents. It Didn't Launch on Linux.
A deep-dive into iloom's codebase after its parallel AI agent workflow failed on Linux — and the four issues filed to fix it.
> Your Benchmarks Are Lying to You (And This 148-Star Crate Knows Why)
A code review of Tango, a Rust benchmarking harness that interleaves baseline and candidate runs to eliminate thermal drift and scheduling noise.
> Your RSS Feeds Are Broken and This Rust Tool Fixes Them
A code review of rss-funnel, a Rust-based RSS processing pipeline that filters, merges, and transforms feeds with a YAML config and web UI.
> I Read 9,000 Lines of a Stranger's Mergetool
A code review of ec, a terminal-native 3-way git mergetool in Go that replaces vimdiff with a sane TUI for resolving merge conflicts.
> Your Package Manager's Installer Doesn't Know Fish Exists
A deep-dive into parm, a Go binary package manager for GitHub Releases — and why CLI tool installers keep ignoring fish shell users.