AI engineering, autonomous coding systems, IP intelligence, and network security research
Open-source tools for AI-assisted software engineering, auditable agent automation, network intelligence, threat research, routing analysis, and operational security.
- Autonomous coding agents, mission orchestration, and AI-assisted development workflows
- Auditable automation with explicit scope, policy, evidence, replay, and human review
- IP, CIDR, and ASN enrichment with provenance and confidence scoring
- BGP, RPKI, ROA, RIR, WHOIS, and geofeed analysis
- VPN, proxy, Tor, crawler, cloud, CDN, and hosting intelligence
- GeoIP/MMDB compilation, validation, patching, and deployment
- Reproducible datasets for SIEM, fraud detection, OSINT, and network operations
- Static dashboards and GitHub-native publishing workflows
| Project | Description |
|---|---|
| Agent-Mission-Control | Local control plane for autonomous coding agents. It turns development tasks into contract-scoped missions with explicit file boundaries, command policy, evidence capture, scope ledgers, replayable event logs, and review-ready reports. Designed for controlled, auditable AI-assisted programming with Codex, Claude Code, and similar agents. |
This is an expanding project direction focused on practical AI automation: agent orchestration, coding workflows, tool control, reproducibility, safety boundaries, and verifiable software delivery.
| Project | Description |
|---|---|
| IP-Knowledge-Layer | Open enrichment layer for CIDR, ASN, cloud, CDN, crawler, Tor, and VPN context with source provenance and confidence. |
| IPxray | Offline IP, CIDR, and ASN resolver with provenance, freshness, and explainable infrastructure context. |
| ASNforge | Reproducible ASN and prefix-origin intelligence compiler for enrichment, routing analytics, and security pipelines. |
| ASN-Signal-Graph | ASN-level aggregation of VPN overlap, Tor visibility, public-feed exposure, and defensive network signals. |
| ASN-Karma | ASN risk pipeline that aggregates hostile infrastructure evidence and publishes scored operational datasets. |
| BlackRoute | Security intelligence pipeline for hostile IP infrastructure, abuse feeds, anonymizers, and attack telemetry. |
| BogonForge | Reproducible compiler for IANA and RFC special-use IP and ASN policy. |
| RIR-SQL-Forge | Builds local ownership and abuse-contact databases from public RPSL data in SQLite, DuckDB, Parquet, and CSV. |
| Cloud-Egress-IP-Ranges | Daily cloud, CDN, PaaS, CI/CD, serverless, and hosting egress ranges with metadata, diffs, and security exports. |
| Sat-geoip | Satellite-internet intelligence from operator GeoIP feeds, PoP mappings, BGP, RIR/RPKI evidence, and history. |
| DNS-Threat-Intelligence-dataset | Legal OSINT pipeline for collecting, normalizing, enriching, scoring, and publishing DNS threat intelligence. |
| Project | Description |
|---|---|
| RouteSentinel | Daily route-security snapshot analyzer for BGP RIB dumps and RPKI VRP datasets. |
| GeoFeed-Harvester | Discovers and validates RFC 8805 geofeeds, preserves provenance, and checks BGP visibility. |
| GeoForge | Compiles a consensus GeoIP database from public geolocation, geofeed, RIR, and WHOIS sources. |
| Project | Description |
|---|---|
| MMDBForge | Developer toolkit for inspecting, validating, diffing, and explaining MaxMind DB files. |
| MMDBbridge | Schema-driven CSV-to-MMDB and MMDB-to-CSV bridge for custom IP intelligence datasets. |
| MMDBpatch | Declarative YAML patching with dry-run diffs and reproducible MMDB overlays. |
| MMDB-WatchTower | Production updater with verification, smoke tests, atomic swaps, rollback, and Prometheus metrics. |
| Project | Description |
|---|---|
| CrawlerScope | Interactive IP intelligence dashboard for search crawlers, AI bots, scanners, and user-triggered fetchers. |
| AI-Crawler-Blocklist | Verified AI crawler IP ranges, user-agent rules, robots.txt controls, and deployment-ready firewall snippets. |
| Tor-Radar | Hourly public Tor relay snapshots and a browser-only interactive intelligence dashboard. |
| Hisense-VIDAA-DNS-Clean-TV-Blocklist | DNS blocklist for reducing telemetry, promotions, and unwanted VIDAA TV services. |
| Project | Description |
|---|---|
| PrefixLint | CI-native linter and normalizer for blocklists, allowlists, CIDR feeds, ipset, nftables, and network policy data. |
| PrefixCloak | Prefix-preserving IPv4/IPv6 sanitizer that keeps subnet-level log and SIEM analytics useful. |
| Project | Description |
|---|---|
| VPN-Infrastructure-Intelligence-Lab | Aggregate VPN infrastructure dataset and dashboard for provider, country, ASN, relationship, and hosting analysis. |
These repositories remain public as historical datasets and research artifacts.
| Project | Description |
|---|---|
| VPN-Infrastructure-Atlas | Interactive atlas of aggregate VPN provider footprints by country, ASN, and hosting network. |
| ASN-VPN-Network-Intelligence | Historical VPN infrastructure collector outputs published as aggregate CSV datasets. |
| vpn-provider-overlap-intelligence | Historical analysis of VPN provider overlap across IPs, prefixes, ASNs, and hosting networks. |
development objective
-> explicit mission contract and scope
-> agent execution with command and file policy
-> evidence, event logs, and scope ledger
-> automated verification and replay
-> human review and controlled delivery
public network sources
-> collection and normalization
-> CIDR and ASN attribution
-> BGP, RPKI, RIR, WHOIS, and geofeed validation
-> cloud, hosting, VPN, Tor, crawler, and threat signals
-> provenance and confidence scoring
-> CSV, JSONL, Parquet, SQLite, DuckDB, MMDB, dashboards, and APIs
Languages: Go Python JavaScript HTML
AI engineering: Coding Agents Agent Orchestration Tool Policies Evaluation Evidence Capture Workflow Automation
Formats: CSV JSON JSONL Parquet SQLite DuckDB MMDB CIDR
Network data: ASN BGP RPKI ROA RIR RPSL WHOIS GeoIP GeoFeed
Infrastructure signals: VPN Proxy Tor Crawler Cloud CDN Hosting Scanner Reputation
| Principle | Practice |
|---|---|
| Reproducibility | Deterministic builds and auditable inputs |
| Controlled autonomy | Explicit scope and policy for agent-driven work |
| Verifiable delivery | Evidence, replay, tests, and human-reviewable reports |
| Source transparency | Provenance, freshness, and confidence remain visible |
| Operational utility | Outputs are designed for local lookup and security pipelines |
| Static delivery | Prefer portable artifacts, GitHub Pages, and backend-free dashboards |
| Defensive scope | Publish infrastructure intelligence without exposing sensitive raw inventories |
Relevant areas include autonomous coding systems, agent orchestration, AI development workflows, auditable automation, IP intelligence datasets, ASN and routing analytics, VPN and Tor infrastructure research, crawler visibility, GeoIP/MMDB quality engineering, RPKI/BGP measurements, fraud detection, and SIEM enrichment.
Licensing varies by repository and upstream source constraints. Code is generally released under Apache-2.0 or MIT; generated datasets commonly use CC0-1.0. Refer to each repository's license and source documentation.