explain-my-curl is a local-first CLI for understanding what a curl command is doing across DNS, TLS, and HTTP.

GitHub Repo: https://github.com/akgitrepos/toolmisusebench

ToolMisuseBench is a deterministic, offline benchmark dataset for evaluating tool-using agents under realistic failure conditions, including schema misuse, execution failures, interface drift, and recovery under budget constraints.

This dataset is intended for reproducible evaluation of agent tool-use behavior, not for training a general-purpose language model.

Built this because I wanted a practical way to run untrusted plugins with explicit, auditable limits instead of ad-hoc checks.

What it does today: - Enforces CPU fuel, wall-clock timeout, and memory limits - Enforces file/network policies (path + host/port allowlists, byte/connection budgets) - Emits structured allow/deny events with rule_id, reason_code, and context - Includes sandbox explain, policy lint, and policy templates (strict, balanced, dev) - Includes hardening tests + benchmark harness

Quickest way to try: - ./scripts/usage_run.sh - (or ./scripts/phase5_show_hn_demo.sh for a shorter walkthrough)

Repo includes: - Threat model: docs/threat-model.md - Benchmarks: docs/benchmarks.md

Known limitations: - App-layer sandbox (not kernel isolation) - Capability-mediated host imports right now, not full syscall interception

I’d especially love feedback on: 1) policy schema ergonomics, 2) missing capability operations, 3) abuse cases I should add to the regression suite.

Built a small regex engine in Rust and would love feedback from people who’ve implemented/search-optimized regex before.

- Thompson NFA core (no recursive backtracking engine) - Bounded lazy transition cache for repeated scans - v1 supports: literals, ., concat, |, * + ?, grouping, classes/ranges, \d \w \s \t \n, ^ $ - APIs: compile, is_match, find_first, find_all - Contract-style conformance tests + microbenchmarks included

Repo: https://github.com/akgitrepos/regex-engine-rust

Curious where you’d take it next: captures first, Unicode semantics, or deeper DFA optimization?