Skip to content

Projects

Security tooling I designed and shipped end to end — from supply-chain defense to mobile hardening.

SlopGuard

Pre-install supply-chain guard that catches AI-hallucinated, typosquatted and malicious dependencies — zero runtime deps.

Role
Sole author — architecture, detection engine, CLI, CI integrations and SaaS.
Context
Slopsquatting is an emerging supply-chain threat documented in USENIX Security 2025: LLMs frequently recommend `pip install` or `npm install` of packages that do not exist — roughly 20% of AI-suggested packages are hallucinated, with ~38% being near-misses on real package names. Attackers monitor LLM outputs and pre-register those hallucinated names with malicious payloads.

Problem

There was no pre-install interception layer that could deterministically evaluate a package's legitimacy — checking typosquatting distance, publication age, download velocity, OSV threat intelligence and LLM hallucination likelihood — before any code executes on the developer's machine.

Approach

  • 5-layer detection engine (layers 0–4) that scores packages without executing any of their code.
  • Ecosystem-agnostic core with pluggable adapters for PyPI and npm.
  • Multiple frontends covering every integration point: CLI, pre-commit hook, GitHub Action and self-hostable SaaS.
  • Provable anti-false-positive invariant: the opt-in LLM hallucination layer is structurally unable to block a legitimate package on its own.

Impact

  • Catches malicious and hallucinated packages before installation — zero runtime dependencies shipped to consumer environments.
  • Test suite of 2687 collected tests (including parametrized) enforces correctness at every detection layer with a CI gate of ≥90% global coverage and ≥95% on critical paths.
  • 8 import-linter architecture contracts prevent cross-boundary coupling as the codebase grows.
  • SlopGuard CLI blocking four typosquatted PyPI packages, showing Damerau-Levenshtein matches and a suggested exit code 2.
  • SlopGuard CLI scanning a clean manifest — all four dependencies allowed, exit code 0 (no false positives).
  • SlopGuard SaaS scan report for a PyPI manifest — global verdict Blocked (exit 2): 5 dependencies allowed and 2 blocked (a nonexistent/hallucinated package and the 'reqursts' typosquat of requests).
  • SlopGuard scan detail with expanded detection signals — Layer 0 (package absent from PyPI, possible hallucination) and Layer 1 typosquatting (Damerau-Levenshtein distance 1 to 'requests').
  • SlopGuard SaaS scan history — six on-demand scans across PyPI and npm, each with an allow/block summary, total dependency count and ecosystem filtering.
  • SlopGuard SaaS dashboard — quick actions (new scan, history) and an explainer of slopsquatting and the allow / warn / block verdict model for PyPI and npm.
0runtime dependencies
5detection layers
2ecosystems (PyPI + npm)
~96%test coverage
2687tests collected
8architecture contracts
  • Layered scoring with provable anti-false-positive invariantImplementedSecurity
  • OSV.dev threat-intel with fail-closed degradationImplementedSecurity
  • Opt-in LLM hallucination layer, structurally unable to block legitimate packagesImplementedSecurity
  • Deterministic, network-free typosquatting detection (Damerau-Levenshtein + Jaro-Winkler)ImplementedSecurity

Stack

  • Python 3.11+
  • stdlib only
  • mypy strict
  • ruff (bandit)
  • import-linter
  • pytest
  • GitHub Actions
  • CodeQL
  • FastAPI
  • Next.js
  • PostgreSQL
  • Redis

GoatGuard

Flutter mobile client for network monitoring & security, with full TOTP 2FA.

Role
Author — mobile client architecture, auth/2FA flows, state & services.
Context
Small networks — home offices and SMEs — lack an accessible mobile interface to visualize connected assets, link health and security alerts without deploying enterprise-grade NMS infrastructure.

Problem

Existing solutions are either enterprise-tier (expensive, complex) or consumer tools with no security posture visibility. There was no lightweight mobile client that combined real-time network monitoring with hardened authentication.

Approach

  • Network health dashboard with device inventory classified by type (routers, printers, cameras, etc.).
  • Security alert feed with severity levels, including port-scan detection.
  • Full TOTP 2FA flow: QR enrolment, login verification, backup codes and account recovery.
  • JWT stored in OS secure storage (Keystore/Keychain) with a global 401 interceptor for session management.
  • WebSocket architecture with exponential backoff reconnection for real-time data streams.

Impact

  • 14-screen mobile application with 5-tab architecture delivering a complete network security management experience.
  • 3-factor account security (TOTP + backup codes + recovery) backed by OS-level secure storage.
  • Home dashboard: network health score 85/100 with ISP latency, packet loss, jitter and DNS response cards, plus the agent list with live CPU/RAM per device.
  • Top network consumers ranked by bandwidth (Mbps) alongside agent status, updated every 30 seconds over WebSocket.
  • Device inventory with search and filters, split between devices with an installed agent and ARP-only discoveries; sensitive addresses redacted.
  • Device detail: identity (IP/MAC redacted), OS, live CPU and RAM gauges, and network KPIs like speed, latency and TCP retransmissions.
  • Per-device time-series charts (fl_chart): TCP retransmissions with thresholds and hourly bandwidth usage, plus a critical retransmission-spike alert.
  • Security alert feed with severity filters: port-scan detection, unknown device joins, heartbeat loss and unusual outbound connections.
  • 2FA enrolment: one-time recovery code screen (code redacted) shown before TOTP setup, with explicit save confirmation required to continue.
  • Ten single-use backup codes (redacted) generated after TOTP setup, with copy-all action and save confirmation gating access to the dashboard.
  • Settings: notification preferences and security section showing the active JWT session, with sign-out.
6.6Klines of Dart
3account-security factors
20+REST endpoints
14screens (5-tab arch)
  • TOTP 2FA: QR enrolment, login verification, backup & recovery codesImplementedSecurity
  • JWT in OS secure storage (Keystore/Keychain) + global 401 interceptorImplementedSecurity
  • Real-time dashboard architecture (REST + WebSocket)Demo / backend-readyResilience
  • WebSocket reconnection with exponential backoffImplementedResilience
  • Time-series chartsSimulated dataUX
  • Push notificationsSimulated dataUX

Stack

  • Flutter
  • Dart
  • Provider
  • Dio
  • web_socket_channel
  • flutter_secure_storage
  • qr_flutter
  • fl_chart