Vite plugin that reimplements the Next.js API surface — deploy anywhere.

Related contents:

• How we rebuilt Next.js with AI in one week @ Cloudflare.

OS for z80 calculators

KnightOS is a third-party operating system for TI calculators. It provides a passable Unix-like system for calculators. KnightOS is built on top of the KnightOS kernel.

• KnightOS @ GitHub.

The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking, CAN-bus and IPv4 and IPv6 networks reconnaissance and MITM attacks.

bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, CAN-bus, wireless HID devices and Ethernet networks.

• bettercap @ GitHub.

Universal Sandbox Infrastructure for AI Applications.

Securely run commands, filesystems, code interpreters, browsers, and developer tools in isolated runtime environments.

OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.

• OpenSandbox @ GitHub.

The Open Container Initiative is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes.

Established in June 2015 by Docker and other leaders in the container industry, the OCI currently contains three specifications: the Runtime Specification (runtime-spec), the Image Specification (image-spec) and the Distribution Specification (distribution-spec). The Runtime Specification outlines how to run a “filesystem bundle” that is unpacked on disk. At a high-level an OCI implementation would download an OCI Image then unpack that image into an OCI Runtime filesystem bundle. At this point the OCI Runtime Bundle would be run by an OCI Runtime.

Related contents:

• GitOps architecture, patterns and anti-patterns @ Platform Engineering.

Take Back Control of DevOps.

Configuration as data lets you see what will happen before it happens.

Related contents:

• GitOps architecture, patterns and anti-patterns @ Platform Engineering.

Get Better at Getting Better.

DORA is the largest and longest running research program of its kind, that seeks to understand the capabilities that drive software delivery and operations performance. DORA helps teams apply those capabilities, leading to better organizational performance.

Related contents:

• DORA’s software delivery performance metrics @ DORA.
• GitOps architecture, patterns and anti-patterns @ Platform Engineering.

The free and open source React Native vibe coding IDE Text to mobile apps in seconds Ask chat anything, and turn your words into iOS, Android and web apps at the same time.

The React Native Vibe Code SDK lets you build text to mobile & web apps in seconds. A full suite of packages to run your your own vibe coding features or platform.

• React Native Vibe Code @ GitHub.

Symfony bundle to isolate your app's doctrine database tests and improve the test performance.

This bundle provides features that help you run your Symfony-framework-based App's testsuite more efficiently with isolated tests.

It provides a StaticDriver that will wrap your originally configured Driver class (like DBAL\Driver\PDOMysql\Driver) and keeps a database connection statically in the current php process.

Related contents:

• Testing - Resetting the Database Automatically Before each Test @ Symfony documentation.
• Speed-up database refreshing in PHPUnit tests @ Locastic.

Incus-based container management with native KDE/Plasma integration. A distrobox-like tool using Incus as the container/VM backend, designed for KDE Linux.

Related contents:

• Episode 656: Why KDE Linux Surprised Us @ Linux Unplugged.

A self-hosted control plane for Nebula overlay networks.

• Nebula Commander @ GitHub.

Related contents:

• Episode 656: Why KDE Linux Surprised Us @ Linux Unplugged.

a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems.

Tinyproxy is a small, efficient HTTP/SSL proxy daemon released under the GNU General Public License. Tinyproxy is very useful in a small network setting, where a larger proxy would either be too resource intensive, or a security risk. One of the key features of Tinyproxy is the buffering connection concept. In effect, Tinyproxy will buffer a high speed response from a server, and then relay it to a client at the highest speed the client will accept. This feature greatly reduces the problems with sluggishness on the Internet. If you are sharing an Internet connection with a small network, and you only want to allow HTTP requests to be allowed, then Tinyproxy is a great tool for the network administrator.

• Tinyproxy @ GitHub.

Related contents:

• Episode 656: Why KDE Linux Surprised Us @ Linux Unplugged.

An open-source desktop application to create and manage application launchers (.desktop files) on GNOME-based Linux systems.

• Launcher Studio @ GitHub.

Related contents:

• Episode 656: Why KDE Linux Surprised Us @ Linux Unplugged.

An executable to convert SOCKS5 proxy into HTTP proxy.

Related contents:

• Episode 656: Why KDE Linux Surprised Us @ Linux Unplugged.

CredSweeper is an advanced credential detection tool designed to identify exposed credentials such as passwords, API keys, tokens, and other sensitive information across source code, configuration files, documents, and binary assets. CredSweeper scans regular files, embedded data in containers, and files added in Git commits. The tool combines pattern-based detection, machine learning–based validation, and deep file inspection to deliver comprehensive and accurate security scanning for modern codebases and repositories.

Related contents:

• #66 @ Erreur 403 :fr:.

CredData (Credential Dataset) is a set of files including credentials in open source projects. CredData includes suspicious lines with manual review results and more information such as credential types for each suspicious line.

CredData can be used to develop new tools or improve existing tools. Furthermore, using the benchmark result of the CredData, users can choose a proper tool among open source credential scanning tools according to their use case. We sincerely hope that CredData will help minimize credential leaks.

Related contents:

• #66 @ Erreur 403 :fr:.

Extensible MacOS system telemetry generator.

MacNoise is an extensible and modular macOS system telemetry generation framework. It generates real system events (network connections, file writes, process spawns, plist mutations, TCC permission probes, and more) so security teams can validate that their EDR, SIEM, and firewall tooling detects what it is supposed to detect.

Related contents:

• Introducing MacNoise! @ 0xv1n.
• #66 @ Erreur 403 :fr:.

Boot-to-Breach red team lab on AWS. Mythic, Sliver, and Havoc C2 behind a production-style Apache redirector. Deployed via Terraform.

Related contents:

• #66 @ Erreur 403 :fr:.

mquire, a play on the memory and inquire words, is a memory querying tool inspired by osquery.

Zero-dependency Linux memory forensics PoC — leverages kernel-embedded BTF and kallsyms for type-aware memory analysis without external debug info.

Related contents:

• mquire: Linux memory forensics without external dependencies @ The Trail of Bits Blog.
• #66 @ Erreur 403 :fr:.

Network monitoring tool that maps process-to-network connections, identifies cloud providers, and detects beaconing activity. Zero-flag agent binary for deployment, aggregation server, offline ASN lookup.

Related contents:

• #66 @ Erreur 403 :fr:.

Python character encoding detector.

Related contents:

• Relicensing with AI-assisted rewrite @ Tuan-Anh Tran.

Bringing stdlibs of other programming languages to TypeScript for fun.

Locutus is ~500 TypeScript implementations of standard library functions from PHP, Go, Python, Ruby, C, and more. Each function is individually importable and tree-shakeable.

Most of these started as rainy Sunday afternoon puzzles. Some are genuinely useful. Some are just fun to write. All of them are a way to learn how different languages solve the same problems.

• Locutus @ GitHub.

OpenAPI to TypeScript in seconds.

Generate production-ready SDKs and validators from your OpenAPI spec. Used by Vercel, OpenCode, and PayPal.

🌀 OpenAPI to TypeScript codegen. Production-ready SDKs, Zod schemas, TanStack Query hooks, and 20+ plugins. Used by Vercel, OpenCode, and PayPal.

• Hey API's OpenAPI TypeScript @ GitHub.

Related contents:

• Life's too short to hand-write API types: OpenAPI-driven React @ Evil Martians.

one command-line tool for Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, and more. Dynamically built from Google Discovery Service. Includes AI agent skills.

One CLI for all of Google Workspace — built for humans and AI agents. Drive, Gmail, Calendar, and every Workspace API. Zero boilerplate. Structured JSON output. 40+ agent skills included.

gws doesn't ship a static list of commands. It reads Google's own Discovery Service at runtime and builds its entire command surface dynamically. When Google Workspace adds an API endpoint or method, gws picks it up automatically.

Related contents:

• You Need to Rewrite Your CLI for AI Agents @ Justin Poehnelt.
• Episode 661: Sink Your Claws In @ Linux Unplugged.

The version control system for AI agents. Embeddable version control system for AI agents.

Lix is a version control system that can be imported as a library. Use it to, for example, enable human-in-the-loop workflows for AI agents like diffs and reviews.

• Lix @ GitHub.

Spinners for use in the terminal

Extract Dominant Colors from Images. Go CLI, REST API & JavaScript Library.

Extract dominant colors from images using k-means clustering. A fast, cross-platform CLI tool that extracts dominant colors from images using k-means clustering.

• Swatchify @ GitHub.

The Monster Terminal UI Kernel for Rust.

Minimal, high-performance terminal UI kernel with diff-based rendering, inline mode, and RAII terminal cleanup.

• FrankenTUI @ GitHub.

Lightweight, composable MCP framework for TypeScript.

A small, fetch-first implementation of the Model Context Protocol (MCP) server APIs.

mcp-lite is a ground-up rewrite of the TypeScript MCP SDK. It keeps only the pieces you need to stand up a server: JSON-RPC handling, typed tool definitions, and an HTTP + SSE transport that works anywhere Request and Response are available (Node, Bun, Cloudflare Workers, Deno, Supabase Edge Functions, browsers with Service Workers).

• mcp-lite @ GitHub.

🛰 Monitor how many tokens your code and configs consume in AI tools. Set budgets and get alerts when limits are hit.

Token Limit helps you monitor how many tokens your AI context files consume. Set token budgets for your prompts, documentation, and configs, then get alerts when limits are exceeded.

Keep your AI costs predictable and avoid hitting context window limits that break your applications.

Ship Faster With Catalyst. Next.js Starter Kit.

A modern, full-stack Next.js starter kit with authentication, payments, database, and everything you need to build your next project.

• Catalyst @ GitHub.

Build your retro component library

A set of 8-bit styled components and a code distribution platform. Works with your favorite frameworks. Open Source. Open Code.

• 8bitcn/ui @ GitHub.

Looking for inspiration? Browse our curated collection of HTML UI components ready to drop into your next project.

a delightful & open source framework for Zsh.

🙃 A delightful community-driven (with 2,400+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python, etc), 140+ themes to spice up your morning, and an auto-update tool that makes it easy to keep up with the latest updates from the community.

• Oh My Zsh @ GitHub.

Related contents:

• You probably don't need Oh My Zsh @ Artem Golubin.

Zsh is a shell designed for interactive use, although it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh; many original features were added.

• ZSH homepage.

Related contents:

• You probably don't need Oh My Zsh @ Artem Golubin.

Launched in 2016, the HTTP Observatory enhances web security by analyzing compliance with best security practices. It has provided insights to over 6.9 million websites through 47 million scans.

Related contents:

• De F à A+ sur HTTP Observatory : sécuriser les headers de mon blog Hugo @ Zwindler's Reflection :fr:.

A tool for analyzing the size of compiled Go binaries, offering cross-platform support, detailed breakdowns, and multiple output formats.

• go-size-analyzer @ GitHub.

Related contents:

• How we reduced the size of our Agent Go binaries by up to 77% @ Datadog.

Lightning-Fast RL for LLM Reasoning and Agents. Made Simple & Flexible.

AReaL is an open-source fully asynchronous reinforcement learning training system for large reasoning and agentic models, developed by members from Tsinghua IIIS and the AReaL Team at Ant Group. Built upon the open-source project ReaLHF, we are fully committed to open-source principles by providing the training details, data, and infrastructure required to reproduce our results, along with the models themselves. AReaL aims to help everyone build their own AI agents easily and affordably. Our team loves milk tea because it's delicious, customizable, and affordable—we hope you enjoy our project just as much as you'd enjoy real milk tea. Cheers!

• AReaL @ GitHub.

Memory Management Kit for Agents - Remember Me, Refine Me.

🧠 ReMe is a memory management framework built for AI agents, offering both file-based and vector-based memory systems.

It addresses two core problems of agent memory: limited context windows (early information gets truncated or lost during long conversations) and stateless sessions (new conversations cannot inherit history and always start from scratch).

ReMe gives agents real memory — old conversations are automatically condensed, important information is persisted, and the next conversation can recall it automatically.

Cartero (Spanish for "postman") is a content aggregation and distribution bot written in Go.

A personal content aggregator that filters multiple news sources for quality and relevance into a single, high-signal feed.

I enjoy reading tech news on HackerNews, Lobsters, and hundreds of RSS feeds I’ve curated over the years. However, they often have too much content, and not all of it matches my interests. So, I built Cartero—a personal curator that aggregates content from different sources, filters it based on my interests and quality, and pushes it into a single feed.

Open Source Data Labeling.

The most flexible data labeling platform to fine-tune LLMs, prepare training data, or evaluate AI systems. Label Studio is a multi-type data labeling and annotation tool with standardized output format. Label Studio is an open source data labeling tool. It lets you label data types like audio, text, images, videos, and time series with a simple and straightforward UI and export to various model formats. It can be used to prepare raw data or improve existing training data to get more accurate ML models.

• Label Studio @ GitHub.

Cloud native batch scheduling system for compute-intensive workloads.

Volcano is a Kubernetes-native batch scheduling system, extending and enhancing the capabilities of the standard kube-scheduler. It provides a comprehensive set of features specifically designed to manage and optimize various batch and elastic workloads, including Artificial Intelligence (AI) / machine learning (ML) / deep learning (DL), bioinformatics / genomics, and other "Big Data" applications.

• Volcano @ GitHub.

runn ( means "Run N". is pronounced /rʌ́n én/. ) is a package/tool for running operations following a scenario.

Key features of runn are:

• As a tool for scenario based testing.

• As a test helper package for the Go language.

• As a tool for workflow automation.

• Support HTTP request, gRPC request, DB query, Chrome DevTools Protocol, and SSH/Local command execution

• OpenAPI Document-like syntax for HTTP request testing.

• Single binary = CI-Friendly.

• runn @ GitHub.

A toolkit to run Ray applications on Kubernetes.

KubeRay is a powerful, open-source Kubernetes operator that simplifies the deployment and management of Ray applications on Kubernetes.

Scale Machine Learning & AI Computing.

Ray is an AI compute engine. Ray consists of a core distributed runtime and a set of AI Libraries for accelerating ML workloads.

• Ray @ GitHub.

Threat Designer is a GenerativeAI application designed to automate and streamline the threat modeling process for secure system design.

Threat Designer is an AI-driven agent that automates and streamlines the threat modeling process for secure system design. Harnessing the power of large language models (LLMs), it analyzes system architectures, identifies potential security threats, and generates detailed threat models—empowering developers and security professionals to incorporate security from the earliest stages of development.

Unified Security Platform from Code to Runtime.

Protect against malicious code installed via npm, yarn, pnpm, npx, and pnpx with Aikido Safe Chain. Free to use, no tokens required.

• Aikido Safe Chain @ GitHub.

How to design, build, and operate AI agents for infrastructure teams — safely. 13 chapters covering architecture, sandboxing, credentials, change control, observability, and more.

AI agents can write IaC, fix compliance findings, detect drift, review PRs, and respond to incidents — all autonomously. But autonomy without guardrails is a liability. Agents that can terraform apply can also terraform destroy. Agents that read configs can leak secrets. Agents that loop can burn budgets.

This guide covers every architectural decision you need to make when building infrastructure agents — with real patterns, code snippets, multiple alternatives, and the risk framework to evaluate your choices.

Intelligent Query Result Caching for PostgreSQL

Leverage vector embeddings to cache and retrieve query results based on semantic similarity.

• Semantic Caching in PostgreSQL: A Hands-On Guide to pg_semantic_cache @ pgEdge.

The Ultimate Information Gathering Toolkit. A Python-based toolkit for Information Gathering & Reconnaissance.

Argus is an all-in-one, Python-powered toolkit designed to streamline the process of information gathering and reconnaissance. It brings together a clean, intuitive interface and a wide range of reliable modules, allowing analysts to efficiently assess networks, web applications, and security environments with consistency and precision.

Security-first diagramming for teams.

Bring your storage to our online tool, or save locally with the desktop app.

• diagrams.net.
• draw.io @ GitHub.

Related contents:

• Draw.io MCP server @ GitHub.
• Draw.io MCP for Diagram Generation: Why It’s Worth Using @ Thomas Thornton Blog.

A project to reject AI agents via AGENTS.md. This project provides the context and instructions to AI agents that their presence is unwelcome.

Related contents:

• no-agents.md - Le fichier qui dit non aux IA dans votre code @ Korben :fr:.

Catch cloud waste before it ships. Shift-left cloud hygiene engine for AWS and Azure. Catch waste in CI - read-only, deterministic, zero telemetry.

Like tfsec for Terraform or trivy for containers — CleanCloud finds orphaned resources in AWS and Azure and enforces hygiene gates in your CI/CD pipeline before waste reaches production.

• CleanCloud @ GitHub.

Related contents:

• CleanCloud - Le nettoyeur cloud qui ne casse rien @ Korben :fr:.

Motion is a highly configurable program that monitor video signals from many types of cameras and depending upon how they are configured, perform actions when movement is detected.

• Motion @ GitHub.

Related contents:

• Motion - L'outil Linux pour gérer toutes vos caméras de surveillance @ Korben :fr:.

Make Your Images Crystal Clear.

Transform blurry, low-resolution images into stunning high-definition quality with AI.

• HiPixel @ GitHub.

Related contents:

• HiPixel - L'upscaling IA natif sur Mac @ Korben :fr:.

Edit videos, right in your browser

An AI-native, open-source video editor and free alternative to CapCut. No uploads, no tracking — your media stays on your device.

• Cutia @ GitHub.

Related contents:

• Cutia - Montage vidéo open source, direct dans le navigateur @ Korben :fr:.

Run Classic Windows & DOS Programs in Your Browser. 💾 Run classic Windows & DOS executables in the browser — an x86 emulator + Win32/Win16/DOS API layer built from scratch in TypeScript

• RetroTick @ GitHub.

Related contents:

• RetroTick - Vos vieux .exe qui tournent dans le navigateur @ Korben :fr:.

Constrict compresses your videos to your chosen file size — useful for uploading to services with specific file size limits. No more relying on online services for video compression, or the manual trial-and-error of re-encoding at various bitrates yourself.

Related contents:

• Constrict - Vos vidéos pile à la bonne taille @ Korben :fr:.

Let your AI go full send. Your home directory stays home.

Run Claude Code, Codex, or any AI coding agent in "yolo mode" without nuking your home directory.

Related contents:

• Yolobox - Lâchez vos agents IA sauvages sans flinguer votre home @ Korben :fr:.

macOS menu bar app that exposes Apple's on-device Foundation Models as an OpenAI-compatible local API. Zero cloud. Zero dependencies.

• Perspective Intelligence Web (Community Edition) @ GitHub.

Related contents:

• Perspective Intelligence - L'IA de votre Mac sort de sa cage @ Korben :fr:.