open source · security infrastructure

build
paranoid.

The security model is not a constraint on the product — it is the product.

Public infrastructure for anyone serious about their data and users. Principles, tooling, and operating models. Open. No gate. Anyone can use it.

view on github read the principles →
// credential state scanner — live output
$ python3 setup/fastr-cred-scan.py
fastr credential state scanner ────────────────────────────────────────────────────────────────────────────────────── name profile lifecycle verdict action ────────────────────────────────────────────────────────────────────────────────────── [!] github-fastr-pat colby long-lived ACTION_REQUIRED re-generate and re-verify flags: missing_from_keychain, verification_failed [!] github-runparanoid-pat colby one-time ACTION_REQUIRED delete at github.com/settings/tokens flags: stale_one_time_token [~] vercel-token-read colby long-lived PENDING_SETUP security add-generic-password... flags: not_yet_created [~] vercel-token-write colby-admin long-lived PENDING_SETUP security add-generic-password... flags: not_yet_created [~] wifi-hidden-fastr colby long-lived PENDING_SETUP security add-generic-password... flags: not_yet_created
action required: 2 pending: 3 ok: 0 logged: ~/.fastr/logs/2026-03-17.ndjson
// operating principles
01

no phone 2FA. ever.

SMS and authenticator apps are not acceptable for any account that matters. Hardware keys only. No exceptions negotiated at onboarding.

02

no email recovery.

Email is not a recovery path. If a service requires it, find an alternative or build around it. The chain is only as strong as its weakest link.

03

credential state over credential existence.

Don't just ask "is this credential safe?" Ask "is this credential still justified?" One-time tokens die when their purpose is fulfilled.

04

discipline fails. design doesn't.

Profile segmentation, policy enforcement, and audit trails exist so the rules don't depend on anyone remembering to follow them.

05

all repos default to private.

Public only when explicitly decided. Not the other way around. Default posture is closed — opening is a deliberate act.

06

tags are the trigger primitive.

Every security event maps to a tag. Every tag maps to handlers. The system observes its own state and responds — no human memory required.

// tooling
fastr-cred-scan.py
credential state scanner — checks every known credential against its operational justification. flags stale one-time tokens, missing keychain entries, and verification failures.
built
fastr-exec.sh
execution wrapper for osascript — approve-once gate, permanent delete blocked by policy, structured audit log on every action.
built
fastr-dispatcher.py
tag-driven event dispatcher — file watcher, scheduler, and handler registry. fires cred scan and wiki updates on credential events, file changes, and cron.
built
fastr-mac.yaml + apply.sh
declarative mac setup — security hardening, bluetooth off, profile segmentation, homebrew packages, SSH key generation. one command on new mac.
built
binary verifier agent
intercepts every package install, runs codesign, cross-references TeamID against publisher registry. blocks before execution.
backlog #1
defender bot
domain verification on every link before it resolves. menu bar counter. no popups. full screen never interrupted. peace of mind is the product.
backlog #5