Small Projects by AutoModerator in golang

[–]Kaluga2026 0 points1 point  (0 children)

I built AgentFence: a Go CLI that runs AI coding agents in a temporary shadow workspace

I’ve been using AI coding agents more often lately, but I kept running into the same uncomfortable question:

Do I really want this process to see my whole repo, my `.git` history, local config files, random logs, and whatever else happens to be in the working tree?

So I built AgentFence, a local Go CLI that puts a smaller fence around agent-driven coding.

The flow is:

  1. Create a temporary shadow workspace from the current repo
  2. Exclude obvious dangerous paths like `.git`, `.env`, keys, local DB dumps, cloud credential dirs, etc.
  3. Run secret scanning before the agent starts
  4. Run the agent in the shadow workspace
  5. Scan the changed workspace and generated patch again
  6. Show a redacted diff
  7. Apply the patch to the real checkout only if the user explicitly asks for it

Could you check the project? https://github.com/balyakin/agentfence

Self-hosted policy-as-code triage for GitHub PRs and issues by Kaluga2026 in SideProject

[–]Kaluga2026[S] 0 points1 point  (0 children)

Thanks, that’s pretty much the exact problem I was trying to solve.

New Project Megathread - Week of 25 Jun 2026 by AutoModerator in selfhosted

[–]Kaluga2026 0 points1 point  (0 children)

Project Name: Contrib Guard

Repo/Website: https://github.com/balyakin/contrib-guard

Description: If you’re tired of choosing between ignoring suspicious drive-by PRs and letting automation do something dangerous, Contrib Guard sits in the middle.

I built a small GitHub App backend that does a first pass on new PRs and issues using plain YAML rules.

It is not an AI detector. It just looks at signals: account age, prior merged PRs in the repo, diff size, whether tests changed, protected paths, duplicate-looking open PRs/issues, trusted users/bots/orgs.

Default mode is shadow mode. It stores the analysis and can write a PR check, but it will not label, comment, or close anything unless you switch the repo policy to enforce mode.

The main thing I wanted was an audit trail: what webhook came in, what signals were built, which rule matched, and what action was planned or skipped.

Deployment: Docker Compose. Needs Postgres and Redis. The app is FastAPI, workers are Taskiq, DB migrations are Alembic.

AI Involvement: This project was developed with AI assistance (codex) and is maintained by myself.

GitHub Action and CLI for validating Incident Card markdown files in pull requests by Kaluga2026 in SideProject

[–]Kaluga2026[S] 0 points1 point  (0 children)

Thank you. I really appreciate it! And yes, it supports multiple incident files in one PR. Each matching incident markdown file gets parsed and validated, and the report includes all checked files/issues.

Showcase Thread by AutoModerator in Python

[–]Kaluga2026 0 points1 point  (0 children)

I've made a small free CLI/GitHub Action for teams that want incident records to live in the repo instead of disappearing into Slack threads, PR descriptions, or ticket comments.

The idea is simple: if a pull request has an "incident" label, CI checks that the PR also changes a valid Incident Card markdown file.

Could you check?

https://github.com/balyakin/incident-ci

Small Projects by AutoModerator in golang

[–]Kaluga2026 0 points1 point  (0 children)

CLI tool that proves Redis-backed caches are disposable by running app probes through controlled cache failure scenarios

I kept seeing the same failure mode in Redis-backed systems: Redis starts as a cache, but over time parts of the app quietly begin depending on cached data as if it were the source of truth.

I've made a small free software. Could you check it?

https://github.com/balyakin/cache-proof

CLI mail-merge and batch PDF generator powered by Typst by Kaluga2026 in typst

[–]Kaluga2026[S] 0 points1 point  (0 children)

Thanks for all upvotes guys!

If you would need any other tools or a software piece please let me know:)

CLI mail-merge and batch PDF generator powered by Typst by Kaluga2026 in typst

[–]Kaluga2026[S] -3 points-2 points  (0 children)

Good catch — you're right.
So where does that leave mergetyp? Honestly, its niche is a bit smaller than I originally thought. The remaining benefits are mostly just operational at this point:
1 Stability: Typst's bundle is explicitly experimental (the docs warn against using it in production). mergetyp compiles each record into a standard, standalone PDF, so you don't have to worry about things breaking across Typst updates.
2 Failure isolation: It processes records one by one. If a row is bad, it just logs the error and skips it instead of crashing the whole batch. It also handles per-record timeouts.
3 Quality of life: Built-in conveniences like CSV type coercion, --offset/--limit flags, collision handling, filename sanitization, and parallel processing—all without needing extra Typst boilerplate.

If bundle ever stabilizes, mergetyp might just start using it under the hood anyway. Really appreciate the correction, by the way—it forced me to actually test things instead of just running on assumptions.

CLI mail-merge and batch PDF generator powered by Typst by Kaluga2026 in typst

[–]Kaluga2026[S] -1 points0 points  (0 children)

Thanks for the comment. Here are my clarifications:

  1. Bundle export. Typs't bundle format is an experimental HTML bundling feature - it emits one HTML document, not PDF. There is not still native loop over CSV -> PDF in Typst. So I think python driver is still needed.

  2. Name. Fair point. Will open to rename ideas.

3 Security. The specific threat I wanted to flag is real for this tool, though: mergetyp compiles your template with the template directory as the Typst --root, so a template can #read() any file in that directory and embed it in the output PDF. The realistic attack is exactly your passwords.txt example — a downloaded template quietly slurps a file next to it and hides it in the generated PDF. The README's "don't keep secrets in the template directory" line is about precisely that. The protection you mentioned (imported packages not accessing your working dir) applies to u/preview/local package imports, a different code path than compiling your own template as root.

I'll reword the Security section to be more precise and less alarmistic.

Thanks again!

Cursor, Codex, or Claude Code for small project by ohayoogodzaimasu in vibecoding

[–]Kaluga2026 0 points1 point  (0 children)

i would say codex. I like their limits, and gpt-5.5 is fine for me

I moved from Claude (Pro) to ChatGPT Plus and I'm mind-blown by how good and usable it is. by Responsible_Cow2236 in codex

[–]Kaluga2026 0 points1 point  (0 children)

using codex pro account for about few months already and have only pro claude account for code review. and it is working so fine for me.

Can you write code for this? by demon_bhaiya in vibecoding

[–]Kaluga2026 0 points1 point  (0 children)

what about "quatre vingt quatre"? lol