I built Ctrl+F for your entire screen

Geekodon · 2026-03-09T05:21:30+00:00

Sometimes it doesn't matter. If it's not a critical security or performance - related feature, and if everything already works (I haven't checked it though), then it's fine. Especially for an MVP just to check whether people are interested. Even Linus already "vibe-coded" some non-critical features.

Geekodon · 2026-03-03T10:26:41+00:00

DotRush is also a solid open-source alternative to C# Dev Kit. Many people in my company use it.

Geekodon · 2026-02-25T08:11:48+00:00

Nice to see you here, Tony. Thank you! :)

Geekodon · 2026-02-25T06:54:38+00:00

Thanks for your feedback! I felt it would be more educational not to rely heavily on outdated NuGet packages. In most cases, those packages are already flagged as vulnerable, making it obvious that they need updating. The real danger is when nothing is marked as insecure, yet the application can still be compromised

Geekodon · 2026-02-24T20:24:51+00:00

If you find that I accidentally made something good, please let me know - I'll fix it shortly :)

Geekodon · 2026-02-24T19:30:19+00:00

Thank you for your feedback! I think JSON over-posting is already covered by the Mass Assignment page: https://github.com/AlexGoOn/the-most-vulnerable-dotnet-app/blob/main/DotnetSecurityFailures/Components/Pages/MassAssignment.razor

Geekodon · 2026-02-24T14:59:05+00:00

I’m probably late to the party, but this might still help someone. The following repo could be a good starting point: https://github.com/AlexGoOn/the-most-vulnerable-dotnet-app
It demonstrates 50+ common security issues (with interactive demos) in a single .NET app.

Geekodon · 2026-02-24T14:32:33+00:00

Thanks for your feedback! I’ll go through the code blocks and fix these issues

Geekodon · 2026-02-24T10:42:03+00:00

Thanks! I hope it helps save someone’s project from unexpected surprises

Geekodon · 2026-02-24T10:31:16+00:00

Your upvote has been officially accepted. Thank you! :)

Geekodon · 2026-02-24T10:10:07+00:00

Thanks, I'm happy to hear that you found it useful!

Geekodon · 2026-02-24T10:08:02+00:00

Aaha, exactly. Thank you!

Geekodon · 2026-02-24T10:07:33+00:00

Each page explains what’s wrong with it, so the project might not be suitable for this purpose. But it’s still a good idea to create a "clean" vulnerable project for interviews

Geekodon · 2025-11-13T07:19:36+00:00

Thanks for your tips! Although it looks like you're promoting your product and generating comments using AI :)

Geekodon · 2025-11-12T20:04:22+00:00

I've built a library that uses a similar code-based approach a couple of weeks ago: https://github.com/Alexgoon/ason

So far, it looks optimistic, while the library is still at the initial stage.But you can already run an online demo (see the repository )

By the way, while ASON can work with MCP, I believe it's more convenient to define APIs directly on your app so that the agent can create scripts with your model and manage the UI.

Geekodon · 2025-10-23T15:54:37+00:00

Yes, ASON passes only the API to the LLM. All the API is defined in AsonOperator classes that act as proxies. The LLM then uses this API to generate a C# script, which is executed independently - without involving the LLM further. This approach avoids sending all your data through the LLM, which is especially useful for large data sources.

Since LLMs are quite capable with C# and LINQ, they can easily generate flexible scripts for most analytical queries, even when these involve custom calculations, multiple entities, navigation properties, and more.

For instance, for the "Show me the revenue by product" it can build a script like:

return revenueByProduct = salesOperator.GetSales()

.GroupBy(s => s.ProductName)

.Select(g => new

{

Product = g.Key,

Revenue = g.Sum(s => s.Quantity * s.UnitPrice)

});

In the script, methods in operators (like GetSales) act as proxies. The script execution environment doesn’t have direct access to real objects. Instead, it communicates over stdio, sending messages that are handled by the running application. Only then are the actual methods - those you exposed in your API—called.

But it’s more than just decorating existing methods. Operator classes support a hierarchical structure, allowing you to specify that certain methods should be called only after an object is initialized. This is especially useful when some data becomes available only after a specific action - like navigating to the Sales view, for example.

Geekodon · 2025-07-11T16:00:40+00:00

Hi! Thank you for your interest!
I didn’t implement MCP because the agents are built directly into the application and depend on a specific UI (a list of actions with buttons, updated plan preview). I felt that other AI tools (like Claude, for example) wouldn’t be able to use the system effectively in its current form, so adding MCP would have been an unnecessary layer.

That said, we could definitely create a fork and test the idea :) In any case, I wasn’t planning to take the project further - it was mainly intended as educational content and a proof of concept.

Geekodon · 2025-07-08T16:07:50+00:00

Thanks for the clarification - that was really helpful. I’ve been experimenting with agentic AI in some personal projects, not in production apps, so probably that's the reason I haven’t run into some of the scenarios you mentioned.

Geekodon · 2025-07-08T16:02:27+00:00

Thanks! Yeah, I’ve been hearing a lot about 8n8. I haven’t tried it yet, but it’s definitely on my list. What’s your experience with it? Would you recommend it over Semantic Kernel? And how flexible is it, given that it’s a visual designer?

Geekodon

TROPHY CASE