GitHub Tools

Most AI pentesting tools stop at the web layer. Darkmoon goes further. Built by professional pentesters, it combines 18 specialized AI agents and 80+ offensive security tools to assess Active Directory, Kubernetes, cloud infrastructure, APIs, CMSs, and networks. Self-hosted, open-source, MITRE-mapped, and designed to deliver evidence-backed findings, attack paths, and publication-ready reports.

The open source observability layer for AI agents built on the Vercel AI SDK. Costs, latency, tokens, distributed traces, evals, and alerts for every generateText / streamText call — in two lines.

AI/ML research moves fast, and the work that matters is split between new papers and the code that implements them. Most search providers omit or misrank key papers, leaving you to review sources by hand without ever being sure you've caught everything. So we built an index for it. Firecrawl's index includes all 3M+ arXiv papers, as well as GitHub artifacts from top research repos, refreshed daily so agents always stay current.

Autonomous AI agents are writing and executing code, but running it on your host server is a massive security risk. Vela (powered by the Aegis runtime) solves this. It’s a policy-driven execution guard that uses Firecracker micro-VMs and HMAC capability tokens to safely run untrusted code. Get structured results, fine-grained filesystem/network restrictions, and a full JSONL audit trail. Open-source, MIT licensed, and built for LangChain/LlamaIndex.

Ditch your scraper. One API gives your code everything it needs from the web: structured JSON, clean markdown, cited research, and browser automation. No browser, LLM, or pipeline for you to run. Use it from the tools you already work in: an MCP server, CLI, Raycast extension, or as an Agent Skill. Grab a key and make your first call in less than three minutes. Mozilla-backed. Your data is never sold, never trained on.

Wario.Style turns any song into a Game Boy-style chiptune, right in your browser. Type a song title and it searches BitMidi for the MIDI, then synthesizes it live through four authentic chiptune channels: two pulse, one wave, one noise. No signup, no server render. Export as WAV or MIDI and share with a link that previews the track. The catalogue runs deep on classics, so throw it something timeless. Can't find it? Upload your own MIDI and hear it in 8-bit.

Soon, more agents than humans will use your product via MCP. Spanly gives you full observability on the MCP server you ship: error rates, session traces, latency, client analytics, deploy alerts. Drop-in CLI or SDK. US & EU data residency. Built for SaaS engineering teams shipping MCP in production, alongside the Datadog, Sentry, or New Relic you already run.

Your growth data is trapped in too many dashboards that don't talk to each other. Infinite pulls GA4, Meta, PostHog, + Stripe into one place on your own machine. Now you can finally ask one question across your whole stack and connect the dots: how traffic, signups and revenue move together. Data is stored locally + never leaves your machine. Open source, bring your own LLM, use Claude or Codex.

A macOS workbench where Claude, Codex, and Hermes run on your specs, research, and Figma files.

Deep Work Plan turns any repo into a harness with the context of your best engineer — so any AI agent codes like your smartest model and can't drift from the plan. Not a chat window it forgets, a spec written into the repo: atomic tasks, acceptance criteria, validation gates, resumable state. Long runs survive context resets; any agent picks up where the last left off. Point an agent at it, walk away, come back to work you can verify. Any agent, any repo, no lock-in. Open Source, MIT.

A native, Docker Desktop-style macOS app for Apple's container CLI. Containers, images, volumes, networks and machines — free and open source.

Tychi is a self-custody wallet built for AI agents with a human REPL on the same keystore. Most agent “wallets” are custodial APIs or read-only tools. Tychi ships two surfaces: tyi-mcp (Cursor, Claude, OpenClaw) and tyi CLI. Keys stay on your machine; signing never leaves it. Policy caps run before every onchain action. Agent-native flow: route → status → fast wallet ops, or chat for balances/sends/payments. Multi-wallet, onboard, gasless routing.

Annota is a secure, FREE Cross Platform local-first offline capable note taking and knowledge management tool. It has an optional Sync system with secure end-to-end encryption for all the data and optional AI Integration. It supports on launch Macbook/iPhone/iPad through App Store and Windows through github releases, I will release on Android later on. Feel free to follow along as I really want it to become a reliable and comfortable writing solution.

Canopy runs parallel Claude Code sessions as tabs in one native macOS window — each in its own git worktree, each its own Claude. Close the app and every session resumes with its conversation intact. One-click "Merge & Finish" handles the merge-and-cleanup dance, a split shell pane lets you run git without interrupting Claude, and an Activity dashboard shows where your tokens actually went. Native SwiftUI, no Electron. macOS 14+, AGPL-3.0. Built by someone who uses it daily.

Bodhiorchard replaces story points, standups, and stale tickets with 12 specialised AI agents. They draft every spec, forecast cycle times with Monte Carlo, and tend your codebase like an orchard. Open-source, self-hosted, Apache 2.0. Runs on Claude Code.

Sklm is a CLI tool that centralizes management of skills (SKILL.md files) for your AI agents. It solves the tension between wanting skills globally available vs. per-project scoped, without polluting your agent's configuration. Multi-agent support - Global store - Registry discovery - Auto-sync

Shelly runs the OpenAI Codex CLI natively on Android — no PC, no Termux, no proot. It pairs a real native terminal with an Agent Chat pane that reads Codex output live and runs fixes with one tap. A home-screen Scouter widget shows quota, cost and rate limits, and lets you fire prompts straight from the home screen. Local LLMs (Qwen3.5 + llama.cpp) supported. Open source, GPLv3. Built entirely by directing AI agents — I don't write the code myself.

Athena is a desktop control surface for AI coding agents with shared project context. Built with Electron, React, and FastAPI, it embeds native terminals for Codex, OpenCode, Claude, and Hermes with Hermes memory integration. Features MCP bridge for cross-platform workspace control, embedded PTY terminals, native session discovery, and more.

Open-source (Apache-2.0) TypeScript SDK for AI agents. A four-tier self-improving memory engine plus the production fundamentals built in — durable runs, enforced cost ceilings, evals in CI, GDPR erasure. Runs on Node, Bun, Deno, and the edge.

YouSaidThat lets you seal any prediction. A market call, a hot take, a thesis — with SHA-256 hashing, AES-256-GCM encryption, and RFC 3161 timestamps. No one can see it until you reveal it. Once you do, anyone can verify you wrote it exactly then, without trusting you or any platform. Built on open cryptographic standards. No accounts needed. Fully auditable. Your proof lives outside any server.

Open-source (MIT) React components for Meta Ray-Ban Display web apps. 44 components + a D-pad focus engine for the 600x600 lens, and built for AI agents: a skill, an MCP server, and llms.txt so Claude/Cursor build it right. Vendor shadcn-style; own the source.