series: Review Bomb
> Your Phone as a Terminal: One Command, One QR Code, No SSH Client
A code review of TermBeam, a Node CLI that shares a local terminal to your phone over a QR code — no SSH, no port forwarding, no static IP.
TAG://#opensource
22 posts tagged #opensource
series: Review Bomb
> htop for Your Git History
A code review of gittop, a Go TUI that turns a dozen git log incantations into a seven-tab dashboard — with a participle-based filter language and braille-rendered charts. I wrote the project's first 22 stats tests and opened the PR.
series: Review Bomb
> What's Actually in Your Docker Image? Reading the Parser That Tells You
A Rust TUI that inspects multi-gigabyte Docker images using 80 MB of RAM where dive chokes. I read the streaming tar-in-tar parser, wrote the project's first 55 unit tests, and got them merged same day.
series: Review Bomb
> When AI Writes Your Firewall, Check the Math
An AI-generated eBPF firewall with 8,500 lines of Rust, an LLM honeypot, and a suspicion scoring bug that made its own behavioral engine useless. I read the code, fixed the math, and wrote it up.
series: Review Bomb
> A Rust TUI for Your UniFi Network That Actually Takes Code Review Seriously
A code review of Unifly, a Rust CLI and TUI dashboard that tames Ubiquiti's split API mess into 27 commands and 10 monitoring screens — plus a contributed NAT update feature.
series: Charlotte MCP
> Anatomy of a GitHub Actions Supply Chain Attack Targeting MCP Repos
A pull request to my MCP server Charlotte led me to uncover a supply chain attack spanning 250+ repos, 64 sockpuppet accounts, and five phases of escalating access — all funneling GitHub OIDC tokens to a single organization.
series: Review Bomb
> Your Artifact Registry Doesn't Need 2 GB of RAM
A deep-dive into Nora, a 32 MB Rust binary that replaces Nexus and Artifactory — serving seven package protocols on under 100 MB of RAM.
series: Charlotte MCP
> I Renamed All 43 Tools in My MCP Server. Here's Why I Did It Now.
Charlotte 0.6.0 ships a breaking change, batch form fills, and lazy browser launch. Plus the story of 7 strangers improving code I wrote alone in February.
> Anthropic Leaked Its Own Source Code and May Not Own It
The Claude Code leak exposed 500,000 lines of source code. The DMCA takedowns that followed may have exposed something worse — that Anthropic can't legally claim copyright over code its own AI wrote.
series: Review Bomb
> Your Encrypted Backups Are Slow Because Encryption Isn't the Bottleneck
A look at Concryptor, a Rust CLI that pipelines io_uring and AES-256-GCM to hit GB/s file encryption on commodity NVMe — and the CI cleanup PR that followed.
series: Review Bomb
> The Blackwall Between Your AI Agent and Your Filesystem
A code review of greywall, a container-free sandbox that isolates AI coding agents with kernel-level enforcement — no Docker required.
series: Review Bomb
> Why Your SFTP Transfer Is Stuck at 2 MB/s (and the Fix Is a Protocol from 1983)
How a 2 MB/s file transfer on localhost exposed a protocol bottleneck in russh-sftp — and why cubic switched to SCP to fix it.
series: Review Bomb
> Finding Blocking Code in Async Rust Without Changing a Single Line
A code review of hud, an eBPF profiler that attaches to running Tokio processes and finds blocking code without recompilation.
series: Review Bomb
> Nobody Reviews Their Agent's Code
A code review of crit, a Go tool that brings PR-style inline review to AI agent output with multi-round feedback loops.
series: Charlotte MCP
> I Let an AI Agent Use My Browser Tool Unsupervised. It Found 3 Bugs in 20 Minutes.
Dogfooding Charlotte MCP by watching an agent struggle through a real task, then fixing everything it hit.
series: Charlotte MCP
> My MCP Server Was 2x Larger Than Playwright. Now It's 136x Smaller.
How I took Charlotte from embarrassingly bloated to the most token-efficient browser MCP server available, and what I learned about building tools for AI agents.
series: Review Bomb
> Your LLM Doesn't Need 200 Lines of Test Output
A code review of tokf, a Rust CLI that compresses terminal output for LLM context windows — with 40 built-in filters and Claude Code integration.
series: Review Bomb
> This CLI Launches Parallel AI Agents. It Didn't Launch on Linux.
A deep-dive into iloom's codebase after its parallel AI agent workflow failed on Linux — and the four issues filed to fix it.
series: Review Bomb
> Your Benchmarks Are Lying to You (And This 148-Star Crate Knows Why)
A code review of Tango, a Rust benchmarking harness that interleaves baseline and candidate runs to eliminate thermal drift and scheduling noise.
series: Review Bomb
> Your RSS Feeds Are Broken and This Rust Tool Fixes Them
A code review of rss-funnel, a Rust-based RSS processing pipeline that filters, merges, and transforms feeds with a YAML config and web UI.
series: Review Bomb
> I Read 9,000 Lines of a Stranger's Mergetool
A code review of ec, a terminal-native 3-way git mergetool in Go that replaces vimdiff with a sane TUI for resolving merge conflicts.
series: Review Bomb
> Your Package Manager's Installer Doesn't Know Fish Exists
A deep-dive into parm, a Go binary package manager for GitHub Releases — and why CLI tool installers keep ignoring fish shell users.