Skip to content
View anasm266's full-sized avatar
4 followers · 0 following

Achievements

Achievement: YOLOAchievement: Pull Shark

Achievements

Achievement: YOLOAchievement: Pull Shark

Highlights

  • Pro

Block or report anasm266

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
anasm266/README.md
Observable systems banner

Anas

I build developer and security systems that make hidden software behavior observable.

Static analysis. Runtime tracing. Durable backends. Real-time UX. AI-assisted developer workflows.

GitHub Typing Race any-map on npm apibump on crates.io

Work I keep coming back to


any-map | apibump
installsentry | sentinelflow
appledger | glint
typing-race

Stack

Product surfaces

TypeScript React Vite Tailwind CSS Tauri 		Backends and platforms

Node.js Fastify PostgreSQL Cloudflare Workers Durable Objects 		Systems and verification

Rust C Sharp Python Playwright GitHub Actions

Selected systems

typing-race

Share-link multiplayer typing races with server-owned room state, synchronized countdowns, live cursor/WPM updates, spectator mode, rematches, reconnect handling, and public analytics.

Why it matters: it is a small product that exercises real-time systems work instead of stopping at a local typing timer.

React Cloudflare Workers D1 k6

Live app | Analytics | Status

any-map

Static flow analysis for TypeScript any. It builds a type-flow graph, traces where any originates, ranks blast radius, supports branch diffs, emits JSON/DOT/SARIF, and can run as a PR gate.

Why it matters: it moves type cleanup from raw counts to fix-order evidence.

TypeScript Graph analysis SARIF npm

npm | v2.0.0 | Design notes

InstallSentry

Replays JavaScript package installs in a temporary sandbox and records lifecycle scripts, filesystem access, network calls, fake secret canary exposure, attribution confidence, dependency graph paths, HTML reports, JSON, and SARIF.

Why it matters: it asks what a lockfile actually did during install, not just whether a CVE database knows about it.

Node.js npm Security SARIF

Repo | Threat model | Comparison

SentinelFlow

Dependency-risk control plane for GitHub repositories: OAuth, GitHub App installation flow, webhook verification, PostgreSQL-backed jobs, policy evaluation, audit logs, GitHub checks, dashboard views, and signed outbound webhooks.

Why it matters: it turns dependency scanning into a backend workflow with persistence, review, replay, and auditability.

Fastify PostgreSQL React GitHub App

Repo | Demo | API docs

glint

Windows tray overlay for live AI coding sessions across Codex Desktop, Cursor, and Claude Code. It normalizes hook events into session state, activity feeds, done summaries, file diffs, and quick focus actions.

Why it matters: it treats agent work as something observable, interruptible, and reviewable from the desktop.

Rust Tauri React Windows

Repo | Hover panel behavior

AppLedger

Windows app activity recorder that turns a session into a report: files touched, child processes, command lines, network endpoints, sensitive path access, startup persistence, attribution confidence, and cleanup scripts.

Why it matters: ProcMon shows events; AppLedger explains a session.

C Sharp Windows SQLite PowerShell

Repo

Visual snapshots

typing-race racer flow demo
typing-race
share-link real-time race flow 		InstallSentry report screenshot
InstallSentry
install-time behavior report 		ApiBump pull request comment screenshot
ApiBump
semantic API diff PR comment

Smaller tools and validation work

  • apibump - Rust CLI and GitHub Action for semantic public API breakage checks in Python packages. Dogfooded against forks of itsdangerous, PyJWT, referencing, and tomlkit, with sticky PR comments and SemVer recommendations.
  • typescript-eslint contribution - fixed a false positive in no-unnecessary-type-assertion.
  • refined-github contribution - restored esc-to-cancel behavior on pull request pages.

Current focus

  • Developer tools that explain source, spread, and fix priority.
  • Supply-chain security workflows with runtime evidence and durable audit trails.
  • Desktop observability for AI coding sessions and local app behavior.
  • Applied AI systems with grounded retrieval, strict schemas, evals, and clear failure handling.
  • Robotics foundations through simulation, perception, and control.

Pinned Loading

  1. typing-race typing-race Public

    Frictionless real-time 2-player typing race. Share a link, race within 10s. Built on Cloudflare Workers + Durable Objects.

    TypeScript 5

  2. any-map any-map Public

    Static flow analysis for TypeScript any types. Finds the few sources responsible for most of your type erosion, ranks them by blast radius, and visualizes the infection graph.

    TypeScript 2

  3. installsentry installsentry Public

    Supply-chain visibility for npm: trace install-time lifecycle scripts, file/network access, and canary secret reads; map results onto package-lock with HTML reports and optional SARIF for CI.

    TypeScript 2

  4. apibump apibump Public

    Rust CLI and GitHub Action for semantic public API breakage checks

    Rust

  5. appledger appledger Public

    Windows app activity recorder for file, process, network, and registry attribution.

    C#

  6. glint glint Public

    Windows tray overlay for live Codex Desktop sessions

    Rust