2026 · OSINT / DFIR

SafeCircleOps

Built in 5 days to help a friend being stalked: a local-only pipeline that tracks the stalker's online activity to evidence standards — provenance on every finding, fail-closed defaults that never tip off the subject, attribution scoring with negative controls. Report delivered to law enforcement. Deliberately unpublished.

PRIVATE
START HERE Five days, 140 commits, one detective's report A friend was being stalked. I built an investigation tool to evidence standards in five days — and chose never to publish it. Read the full story →
SafeCircleOps screenshot

Overview

A local-only investigation pipeline built in five days to help a friend being stalked. It organizes open-source intelligence to evidence standards: provenance manifests on every finding, fail-closed network defaults, attribution scoring with negative controls. The output is a report a detective can act on. 140 commits, ~22,000 lines, 44% of it tests.

Evidence pipeline
Discover Track Attribution scoring Chain-of-custody manifest Report to law enforcement

Project Design

The design document was audited against the actual tools it would orchestrate before any code existed. That audit found five build-breaking errors and three architectural defects, and every finding became an enforced rule, not a recommendation. Validation was the live case itself: the first real run happened four and a half hours after the first commit, and 24 runs over five days drove every redesign.

Security & ops decisions

Egress control (fail-closed)
OSINT tool wrapper
Egress is enforced per tool wrapper, not trusted to each tool
Proxy enabled but unconfigured → the pipeline refuses to connect
It never silently falls back to a direct connection

Builder notes

Lessons learned

What carried forward

The audit-the-design-before-building gate, and the fail-closed posture that refuses rather than warns. The repository itself stays private, permanently: it holds a real case.

Posts from this project

CASE STUDY

Five days, 140 commits, one detective's report

A friend was being stalked. I built an investigation tool to evidence standards in five days — and chose never to publish it.

JUN 2026 · 5 MIN
"A written rule is a suggestion. A gate is a control."
The operating principle behind every project here. The same bug shipped three times past written rules — and zero times past a CI gate. Deterministic enforcement beats advisory documentation, in agent harnesses and security programs alike.