Creator of DevBoxOS, VaultSync, Aegis, and StegaShare. Focused on Rust, Go, TypeScript, and production-grade developer tooling.
I build production-grade open-source infrastructure β embedded runtimes, sync engines, authorization systems, and developer tools β mostly in Rust, Go, and TypeScript. When I'm not designing systems, I'm building full-stack web apps with the MERN stack.
π DevBoxOS β Universal Development Sandbox
Spin up fully configured, reproducible development environments with a single command.
A local-first dev environment manager. Define your entire stack in devbox.yml, run devbox start, and everything is wired up β dependency resolution, health checks, hot reload, snapshots, and encrypted secrets.
- Go + gRPC architecture: CLI β Engine daemon β Docker API
- Auto-detects Node, Go, Rust, Python, Java, Ruby, PHP, PostgreSQL, MySQL, Redis, MongoDB
- Encrypted secrets via
age(X25519 + ChaCha20-Poly1305) - Snapshots: save, export, import, and restore full environment state
- Docker Compose import/export, CI workflow generation, real-time resource monitoring
- 16 releases shipped; cross-platform (Windows, macOS, Linux)
Go Docker gRPC DevTools CLI Infrastructure
π VaultSync β Local-First Sync Runtime with E2EE
Conflict-free, end-to-end encrypted, infrastructure-agnostic synchronization for the local-first era.
An embedded sync engine that makes apps work instantly offline, sync automatically when online, and feel 0ms fast β because every read/write hits a local database, never a server.
- CRDT-native (Yrs): LWW-Register, PN-Counter, OR-Set, rich text β conflicts are impossible
- Zero-trust E2EE: coordinator never sees plaintext; X25519 + ChaCha20-Poly1305 encryption
- Multi-tab safety: leader election via
BroadcastChannel+navigator.locks, heartbeat crash recovery - Infrastructure-agnostic: Coordinator is a Rust trait β plug in Postgres, Redis, Cloudflare DO, or your own
- React hooks (
useQuery,useSyncStatus), OpenTelemetry, Prometheus metrics
Rust WASM TypeScript CRDTs Local-First E2EE Offline-First
π Aegis β Embedded ReBAC Authorization Runtime
Authorization should feel like a library, not infrastructure.
An embedded, relationship-based authorization (ReBAC) engine inspired by Google Zanzibar and SpiceDB β but built to run inside your application process with zero separate infrastructure. Think SQLite, but for permissions.
- Rust core with NAPI (Node.js), PyO3 (Python), and CGo (Go) bindings
- Recursive graph traversal with cycle detection and parallel sibling evaluation
- YAML-defined permission schemas with hot-reload and version tracking
- Revision-based snapshot isolation β every mutation produces a monotonic revision token
- SQLite (WAL), PostgreSQL, MySQL, and RocksDB storage backends
- Full audit trail, explain API, GDPR compliance, multi-tenancy
Rust TypeScript Go Python ReBAC Authorization Embedded Systems
π StegaShare β Professional Steganography Tool
Hide any file inside an ordinary image β entirely on your device.
A cross-platform steganography app that hides any file (PDF, ZIP, DOCX) inside a carrier image using AES-256-GCM encryption and LSB pixel manipulation. Runs in the browser, on desktop, and on mobile.
- Rust core (
stega-core) with WASM bridge for browser and Tauri IPC for desktop - AES-256-GCM + PBKDF2-SHA256 (200,000 iterations, random 96-bit salt + IV)
- LSB pixel steganography: 1 bit per RGB channel per pixel
- Zero-knowledge: all operations run locally, no network calls ever
- Next.js 16 + React 19 frontend with Zustand state; Android/iOS via Tauri v2
Rust WebAssembly Next.js Tauri Cryptography Security


