Skip to content

Instantly share code, notes, and snippets.

View webstrand's full-sized avatar

webstrand

21 followers · 0 following
View GitHub Profile
@webstrand
webstrand / type-validators-pattern.md
Created March 11, 2026 17:15
A Method for Imposing Arbitrary Parameter Constraints at Function Call Sites

A Method for Imposing Arbitrary Parameter Constraints at Function Call Sites

Without assistance, the only thing TypeScript can prove about an argument is that it is a subtype of the parameter's annotation. Given a function (x: `foo${string}`) => void, the compiler will prove for all call sites that x is always a subtype of `foo${string}` and never an unrelated type. But it cannot prove properties outside of subtyping. It cannot directly prove that a string is exactly 6 characters long, that a string contains no spaces, that a type is non-union, or that a type satisfies many other useful properties.

The technique described here, which I call the type-validator pattern, allows us to teach the compiler to prove arbitrary properties about an argument's type at each call site, rejecting the call site if they do not hold.

An Example

Consider a simple event subscription system. Users subscribe to events by passing a dictionary of event handlers to a subscribe function. The set of valid event

@webstrand
webstrand / load-environ.sh
Last active March 9, 2026 17:46
#!/bin/bash
load-environ() {
local -
set -euo pipefail
if [[ "${1:-}" == "--help" || "${1:-}" == "-h" || -z "${1:-}" ]]; then
cat <<'EOF'
load-environ — import variables from an environ(7) file
@webstrand
webstrand / git-namespace-vendoring.md
Last active March 5, 2026 22:15

Git Namespace Vendoring

A method for vendoring git dependencies into the host repository using git namespaces, so that installation from git remotes resolves using the local git namespaces rather than over the network. This makes installs faster, eliminates dependency on upstream availability, protects against remote force-pushes rewriting history, and protects against link rot rendering a package unbuildable.

The Technique

Git namespaces allow us to treat a prefix under refs/namespaces/<n> as a remote repository root. This enables us to mirror a foreign repository into that prefix on our local repository: head, branches, tags, notes, replacements, and any other refs the remote exposes. The underlying objects (commits, trees, blobs) are deduplicated into the shared object store. Git invoked via git --namespace=<ns> or GIT_NAMESPACE=<ns> treats refs/namespaces/<ns>/ as the ref root for operations against remote URLs.

By configuring git's url.*.insteadOf rules to rewrite a git dependency's re

@webstrand
webstrand / gist:a9937f3b0d77160461221fc5d1b6e287
Created February 19, 2026 16:44
bwrap-cwd.bash
#!/bin/bash
set -euo pipefail
if [ $# -eq 0 ]; then
echo "Usage: $(basename "$0") <command> [args...]" >&2
exit 1
fi
# ── Read-only paths to expose under $HOME ──
# Add or remove entries as needed
@webstrand
webstrand / dom3d.js
Last active February 6, 2026 16:34 — forked from OrionReed/dom3d.js
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@webstrand
webstrand / keepass-ssh-sync.rs
Created November 19, 2025 16:20
Tool for synchronizing keepass repositories over SSH
#!/usr/bin/env -S cargo +nightly -Z script
---
edition = "2024"
[dependencies]
tempfile = "3"
thiserror = "1"
reflink-copy = "0.1"
chrono = "0.4"
---
@webstrand
webstrand / wg0.netdev
Created September 13, 2025 21:40
IPv4 and IPv6 wireguard configuration for Proton VPN, using systemd-networkd
[NetDev]
Name=wg0
Kind=wireguard
[WireGuard]
PrivateKey=[snip]
RouteMetric=1000
# Table and fwmark are arbitrary
RouteTable=73547
FirewallMark=0x11f4b
@webstrand
webstrand / vite-plugin-basic-auth.mts
Created September 9, 2025 18:55
Plugin for adding basic auth to vite
import { type Plugin } from "vite";
import { default as parseBasicAuth, type BasicAuthResult } from "basic-auth";
import { createHash, timingSafeEqual, randomBytes } from "node:crypto";
import { type IncomingMessage } from "node:http";
const HASH_FUNCTION = "sha256";
const HASH_SIZE = createHash(HASH_FUNCTION).digest().length;
const SALT_SIZE = 16;
export type HashedPassword = readonly [hash: Buffer, salt: Buffer];
@webstrand
webstrand / order-preserving-multimap.ts
Last active September 5, 2025 14:42
A multimap that preserves the insertion order of its keys and values
class Multimap<K, V> {
#buckets = new Map<K, Map<V, readonly [K, V]>>();
#order = new Set<readonly [K, V]>();
constructor(from?: Iterable<readonly [K, V]> | null) {
if(from != null) for(const { 0: key, 1: value } of from) {
this.add(key, value);
}
}
static fromHeaders<K, V>(headers: Iterable<{name: K, value: V}>) {
@webstrand
webstrand / input-linux-bug.rs
Last active July 20, 2025 17:47
#!/usr/bin/env -S cargo +nightly -Zscript
---cargo
[dependencies]
futures = "0.3.31"
input-linux = { version = "0.7.1", features = ["codec", "tokio-util-0_7"] }
tokio = { version = "1.46.1", features = ["full"] }
tokio-util = { version = "0.7.15", features = ["full"] }
---