storing user details such as usernames, passwords, or other plaintext identifiers in the database is **your responsibility**. Encryptable gives you the tools—you must use them correctly. [Learn more about secure implementation patterns](https://github.com/WanionTechnologies/Encryptable/blob/main/docs/BEST_PRACTICES.md)

## Performance Benefits

**Traditional Spring Data MongoDB:**
```kotlin
// Query by username = O(log n) index scan
interface UserRepository : MongoRepository<User, String> {
fun findByUsername(username: String): User?
}

// Usage
val user = userRepository.findByUsername("alice") // Index scan on username field
```

**Encryptable (Cryptographic Addressing):**
```kotlin
// Query by secret = O(1) direct ID lookup
interface UserRepository : EncryptableMongoRepository<User>

// Usage
val user = userRepository.findBySecretOrNull(secret) // Direct O(1) ID lookup
```

**Key differences:**
- ❌ Traditional: Query parsing → Index scan → Document fetch
- ✅ Encryptable: ID derivation → Direct document fetch (O(1))

No query parsing. No index scans. No username field needed. Just direct ID-based retrieval.

## Beyond Authentication

This pattern enables:
- **Anonymous file storage** (file_id derived from upload secret)
- **URL shorteners** (short_url derived from creator secret, enabling updates without authentication)
- **Encrypted journals** (entry_id = HKDF(master_secret + date))
- **Zero-knowledge voting** (ballot_id derived from voter secret)

Any system where "possession of secret = ownership of data."

### Practical Example: Deriving Secrets from User Credentials

You can derive secrets from user-provided data:

```kotlin
// User provides: email + password + 2FA code
val email = "nexus@wanion.tech"
val password = "December12th2025"
val twoFactorCode = "123456"

try {
// Derive master secret using HKDF
val userSecret = HKDF.deriveFromEntropy(
entropy = "$email:$password:$twoFactorCode",
source = "UserLogin",
context = "LOGIN_SECRET"
)

// Use master secret to find user entity
val user = userRepository.findBySecretOrNull(userSecret)

when (user) {
// If is null means authentication failed
null -> println("Authentication failed: invalid credentials")
// Successful login
else -> println("Welcome back, user ID: ${user.id}")
}
} finally {
// CRITICAL: Mark for wiping all sensitive strings from memory
// They will be zeroed out at request end.
markForWiping(email, password, twoFactorCode)
}
```

**Benefits:**
- ✅ No passwords stored in database (not even hashes!)
- ✅ 2FA is part of the secret derivation (stronger than traditional 2FA)
- ✅ Each entity type gets its own derived secret
- ✅ Zero-knowledge: server never sees the plaintext credentials

**Important:** Encryptable automatically wipes secrets and decrypted data, but you must manually register user-provided plaintext (password, email, etc.) for clearing to prevent memory dumps from exposing credentials.

---

## From Side Project to Framework

What started as a solution to avoid legal liability for a file upload service turned into something far more significant.
The combination of cryptographic addressing, deterministic cryptography without key storage, and zero-knowledge architecture wasn't just solving my immediate problem—it was solving a fundamental gap in the security ecosystem.

I started calling this side project **Encryptable** and realized it was way *bigger* than I ever could have hoped for.

---

## Implementation Details

**Framework:** Encryptable (Kotlin/Spring Data MongoDB)
**Encryption:** AES-256-GCM (AEAD, authenticated encryption)
**Key Derivation:** HKDF-SHA256 (RFC 5869)
**ID Format:** 22-character Base64URL (128-bit entropy)
**Memory Safety:** Automatic wiping of secrets/decrypted data after each request

## Four Core Innovations

Encryptable introduces **four paradigm-shifting innovations** that have never been combined in a single framework:

### 1. **Cryptographic Addressing**
Entity IDs are cryptographically derived

from secrets using HKDF.
No mapping tables, no username lookups—just pure cryptographic addressing.
This enables O(1) secret-based retrieval and eliminates correlation vectors.

### 2. **Deterministic Cryptography Without Key Storage**
All encryption keys are derived on-demand from user secrets.
Zero keys stored.
The framework operates in a perpetual "keyless" state, making key theft physically impossible.

### 3. **ORM-Like Experience for MongoDB**
Encryptable brings the familiar developer experience of JPA/Hibernate to MongoDB—with encryption built-in. Annotations like `@Encrypt`, `@HKDFId`, and repository patterns that feel native to Spring developers.

### 4. **Automated Memory Hygiene**
All secrets, decrypted data, and intermediate plaintexts are automatically registered for secure wiping at request end.
Thread-local isolation ensures sensitive data never lingers in JVM memory across requests.

> **Deep dive:** [Technical Analysis of Encryptable's Innovations](https://github.com/WanionTechnologies/Encryptable/blob/main/docs/INNOVATIONS.md)

## Limitations & Trade-offs

❌ **Secret loss = permanent data loss** (by design - true zero-knowledge)
❌ **No queries on encrypted fields** (can't search encrypted email)
❌ **Requires users to remember/store secrets** (UX challenge)
❌ **MongoDB only** (current implementation)

> **Full trade-off analysis:** [Understanding Encryptable's Limitations](https://github.com/WanionTechnologies/Encryptable/blob/main/docs/LIMITATIONS.md)

## Documentation

I spent as much time on documentation as coding:

- **51,644 words** across 46 markdown files (AI-assisted, guided by me)
- Cryptographic theory and security analysis
- Compliance considerations (GDPR, HIPAA, etc.)
- Threat models and attack surface analysis
- Best practices

**Some highlights**:
- [Cryptographic Addressing Deep-Dive](https://github.com/WanionTechnologies/Encryptable/blob/main/docs/CRYPTOGRAPHIC_ADDRESSING.md)
- [Security Without Secret](https://github.com/WanionTechnologies/Encryptable/blob/main/docs/SECURITY_WITHOUT_SECRET.md)
- [AI-Made Security Audit](https://github.com/WanionTechnologies/Encryptable/blob/main/docs/AI_SECURITY_AUDIT.md)

## Code Stats

- **2,503 source lines** (surprisingly compact)
- **Kotlin** (learned it specifically for this project after 9 years of Java)
- **4 months** of development (solo)
- **v1.0.0** - Stable release, not alpha/beta

## F.A.Q.

**Q: How is this different from E2EE apps (Signal, ProtonMail)?**
A: Those encrypt *in transit* and *at rest*, but the server still manages keys. Encryptable derives keys on-demand from user secrets, but never stores them. The database contains only encrypted blobs, and keys exist only during the request lifecycle.

**Q: Similar to blockchain addresses?**
A: Conceptually yes (address derived from private key), but without blockchain overhead. This is for traditional databases.

**Q: What about HashiCorp Vault / KMS?**
A: Those are key *management* systems. Encryptable is key *elimination* - no keys stored anywhere, all derived from user secrets on-demand.

## Release Info

- **Date:** December 12th, 2025
- **GitHub:** https://github.com/WanionTechnologies/Encryptable
- **Maven Central:** `tech.wanion:encryptable:1.0.0` and `tech.wanion:encryptable-starter:1.0.0`
- **License:** Apache 2.0
- **Language:** Kotlin (JVM 21+)

## Community Feedback Wanted

I'm releasing this today and would love feedback on:

1. **Security concerns** - Am I missing attack vectors?
2. **Use cases** - What would you build with this?
3. **Porting** - Interest in other languages/databases?
4. **Criticism** - What's wrong with this approach?

I've tried to be radically transparent about limitations. This isn't a silver bullet - it's a tool with specific trade-offs.

## Try It

**GitHub:** https://github.com/WanionTechnologies/Encryptable
**Maven Central:** https://central.sonatype.com/artifact/tech.wanion/encryptable

```kotlin
// build.gradle.kts
dependencies {
implementation("tech.wanion:encryptable:1.0.0")
}
```

Full examples:

[examples/](https://github.com/WanionTechnologies/Encryptable/tree/main/examples)

---

Thanks for reading! This is my first major open-source release, and I'm both excited and terrified to see how the programming community reacts.

**— WanionCane**

https://redd.it/1pkih02
@r_opensource

Turned my personal post-install noscript into a free open-source tool (+180 apps & configs)
https://kaic.me/win-post-install

https://redd.it/1pk8q9j
@r_opensource

Open-sourcing a research tool I built - PRISM for Bayesian hypothesis comparison

Sharing a tool I built for my own research in case it's useful to others.
What it is:
PRISM (Protocol for Rigorous Investigation of Scientific Mechanisms) - a Python framework for comparing multiple hypotheses against scientific evidence using Bayesian methods.
Why I built it:
I needed to decide between competing explanations for a research problem. Each had supporting studies, but I kept cherry-picking based on recency or "gut feel." Wanted something more rigorous.
Features:
Bayesian updating with empirical base-rate priors
Evidence weighting by study design quality
Correlation correction for non-independent evidence
Meta-analysis with heterogeneity assessment
Uncertainty decomposition
Tech:
Python 3.8+
NumPy, SciPy only
~1000 lines
Well-documented (methodology in THEORYOFOPERATION.md)
License: MIT
Looking for:
Users who might find it useful
Contributors with stats/meta-analysis expertise
Feedback on code quality and API design
GitHub: https://github.com/Dr-AneeshJoseph/Prism
Not a company, not monetizing - just a researcher sharing a tool.

https://redd.it/1pklvd0
@r_opensource

SXO: High-performance server-side JSX

SXO is a multi-runtime tool for server-side JSX that runs seamlessly across Node.js, Bun, Deno, and Cloudflare Workers. It also includes SXOUI, a UI library similar to shadcn/ui.

- https://sxoui.com
- https://github.com/gc-victor/sxo

https://redd.it/1pkml26
@r_opensource

My first, small, open source project: MonoBitPainter
https://github.com/xgenium/MonoBitPainter

https://redd.it/1pklwc0
@r_opensource

Open Source in Focus: 4 Tools That Keep Systems Running | The JetBrains Blog
https://blog.jetbrains.com/blog/2025/12/12/open-source-in-focus-4-tools-that-keep-systems-running/

https://redd.it/1pkpb08
@r_opensource

Built an open-source Azure Digital Twins alternative on PostgreSQL + Apache AGE

I created an open-source implementation of Azure Digital Twins APIs using PostgreSQL + Apache AGE. It started as a way to avoid vendor lock-in, but I'm expanding it for broader graph database use cases.

**Why PostgreSQL:**

* Combine with other extensions (pgvector for AI embeddings, PostGIS for spatial data)
* Reliability and existing tooling

**Technical approach:**

* Azure Digital Twins REST API compatibility (use official Azure SDKs)
* Apache AGE for graph queries (Cypher support)
* DTDL schema validation

**Use cases beyond Azure DT:**

* Digital twin infrastructure (IoT, smart cities, industrial systems)
* AI agent knowledge bases (semantic relationships without RDF)
* Complex relationship modeling (organizational hierarchies, dependencies)

**Architecture choices I'm curious about:**

* Built operator pattern instead of CRDs (simpler to extend?)
* REST + Cypher query interfaces (flexibility vs. complexity?)
* PostgreSQL foundation vs. purpose-built graph DB

**GitHub:** [https://github.com/konnektr-io/pg-age-digitaltwins](https://github.com/konnektr-io/pg-age-digitaltwins)
**Hosted:** [https://konnektr.io](https://konnektr.io)

Would love feedback your feedback.

https://redd.it/1pkot9b
@r_opensource

Luego - a minimal read-it-later iOS app

Hey folks! I've been building this read-it-later app for myself and wanted to share it here as it's open-source. https://github.com/esoxjem/Luego

You can also grab it via TestFlight and receive updates as I release them - esoxjem.github.io/Luego/

Previously, I was a big Pocket user but Mozilla decided to shut it down. I switched to Omnivore but that seems to be shutting down as well. I don't feel like paying monthly, so I decided to "home-cook" it, inspired by Robin Sloan.

As everything is happening on device, the best things to read are blog posts and websites that have clean and simple HTMLs - not news sites and others that do a lot of crap.

I'm using it regularly to read and hope you will find it useful too.

Cheers!

https://redd.it/1pkri99
@r_opensource

We got tired of rogue AI agents, so we built Idun, an open source platform for agents governance ⭐️

Hey everyone!

We are four friends, all working in the industry, we kept hitting the same wall:
cool AI agents but zero real governance.

So we built **Idun** **Agent** **Platform**, an open-source control plane to govern all your AI agents in one place, on your infra:

* Self-hosted (VMs / k8s / whatever cloud you trust)
* One place for **agents, environments, keys, configs**
* **Governance**: RBAC, separation of envs, audit trail
* **Observability**: see what each agent did, which tools it called, where it failed
* Model-agnostic (plug different LLM providers, including “sovereign” ones)

Check out our GitHub: [Idun Agent Platform](https://github.com/Idun-Group/idun-agent-platform)

It’s early, but already running in a few real setups, we're looking for feedbacks and just devs' testing our solution, and a few ⭐️ if we do deserve it!

Thank you so much for looking at it everyone!

https://redd.it/1pkts6p
@r_opensource

Axe - A Programming Language with Parallelism as a Core Construct, with no GC, written 100% in itself, able to compile itself in under 1s.
https://github.com/axelang/axe

https://redd.it/1pkwox9
@r_opensource

Looking for tools like Base44 or Lovable that are open source.?

Hello all.

Is there an open source app builder that is using AI, something like Base44 or Lovable?

But with the same level of features?

https://redd.it/1pkxryk
@r_opensource

Chrome extension to create and download gifs and clips out of youtube videos

This is an open source chrome extension that can be used to create and download GIFs and clips from Youtube videos.

Huge thanks to the creator of YoutubeExplode as it is what enables this application to exist.

Known issues:
Currently in the backend the entire video is downloaded first and then the clip is extracted as per inputs. I'm working on this problem, so that only the specific segment required will be downloaded instead of the entire video.

Repo Link: https://github.com/sagv7824/yt-gif-clip

Suggestions and feedback are welcome and appreciated! Thanks!!

https://redd.it/1pl2x32
@r_opensource

TrailBase 0.22: Open, single-executable, SQLite-based Firebase alternative now with multi-DB

TrailBase is an easy to self-host, sub-millisecond, single-executable FireBase alternative. It provides type-safe REST and real-time APIs, WASM runtime, auth & admin UI. Comes with type-safe client libraries for JS/TS, Dart/Flutter, Go, Rust, .Net, Kotlin, Swift and Python. Its WASM runtime allows authoring custom endpoints and SQLite extensions in JS/TS or Rust (with .NET on the way).

Just released v0.22. Some of the highlights since last time posting here include:

Multi-DB support 🎉: record APIs can be backed by \`TABLE\`/\`VIEW\`s of independent DBs.
This can help with physical isolation and offer a path when encountering locking bottlenecks.
Filtered change subnoscriptions.
Mobile-friendly and more polished admin UI.
Kotlin client
Many more improvements, e.g.: WASM execution model & custom SQLite functions, ...

Check out the live demo, our GitHub or our website. TrailBase is only about a year young and rapidly evolving, we'd really appreciate your feedback 🙏

https://redd.it/1pl22j2
@r_opensource

AI Voice Clone with Coqui XTTS-v2

https://github.com/artcore-c/AI-Voice-Clone-with-Coqui-XTTS-v2



https://redd.it/1pl61wr
@r_opensource

Is there a project that can proudly say we are good at naming things?

Most programmers say they are bad at naming things. And since naming things is hard I think they are right, but is there an open source project that can proudly say they are good at naming things? I would like to take a look at some code that has really good names in code, config, project name, etc.

https://redd.it/1pl6d0s
@r_opensource

Bitwave: Is This the Future-Proof Audio Format Developers Need?

# The New Audio Standard: High Fidelity and Dynamic

Bitwave is an ambitious, open-source project aiming to redefine the modern audio file format. The format is built with a robust hybrid architecture utilizing Python for the SDK/CLI and Rust for high-performance core processing. This foundation targets high-fidelity sound, multi-track support, and, crucially, developer ease-of-use, directly addressing the limitations of legacy containers in the immersive audio landscape. Bitwave positions itself as a solution for dynamic content that needs to adapt in real-time.

# Architectural Deep Dive: Spatial and Adaptive

The core .bwx format’s file structure is its true innovation. It mandates distinct blocks for metadata, including a crucial SPATIAL_BLOCK for x, y, z positional data and a META_BLOCK that stores essential information like BPM. This intrinsic inclusion of dynamic and spatial data is key to its "future-proof" claim. This design enables applications like dynamic tempo adjustment and 3D spatial audio playback without relying on external sidecar files, making the content intrinsically self-describing and ready for modern playback engines.

# CLI and SDK: A Complete Tooling Ecosystem

The project delivers a comprehensive toolkit for creators and coders. The Python SDK offers seamless data manipulation via NumPy integration for programmatic workflows. Concurrently, the powerful Command Line Interface (CLI) simplifies complex tasks for power users, supporting operations like analysis (BPM, spectral, fingerprinting), batch processing, format conversion (WAV, FLAC, OGG), and advanced audio effects (reverb, pitch shift). Bitwave is not just a container; it's a complete, modern audio processing pipeline, licensed under MIT and ready for community adoption and contribution.

Check out the project: https://github.com/makalin/Bitwave

https://redd.it/1pldy7x
@r_opensource

Built another Geoguessr alternative
https://geoguesslite.com

https://redd.it/1plf4a8
@r_opensource

The Law of Discoverability - open source software is in desperate need of this principle
https://fishshell.com/docs/current/design.html#the-law-of-discoverability

https://redd.it/1plg6bq
@r_opensource

Golocron - Plug and Play Blogging and Wiki System for Go Backends
https://github.com/cookiengineer/golocron

https://redd.it/1plfoo3
@r_opensource