Dev-Toolbox

A modular and extensible CLI toolbox for developers, built with Rust. This application provides a collection of tools to streamline common development tasks, from analyzing GitHub repositories to inspecting Unicode characters.

Features

Modular Design: Easily extend the toolbox by adding new tools that implement the Tool trait.
Cross-Platform: Builds and runs on both Windows and Linux.
Global Search: Press Ctrl+F at any time to open the tool search palette.
Mouse and Touchpad Support: Navigate between tabs with a simple click or tap.

Available Tools

Detailed documentation for each tool can be found in the Wiki.

Org Research: Get insights into a GitHub organization's public repositories, including language statistics and license information.
Repo Explorer: Explore the contents of a public GitHub repository, view file details, and see a breakdown of the languages used.
Unicode Inspector: Look up Unicode characters by their code point and view detailed information about them.
Token Inspector: View information about your GitHub Personal Access Token, including its owner, scopes, and remaining rate limits.
Encoder/Decoder: Encode or decode strings using Base64, Hex, or URL encoding.
HTTP Inspector: Perform arbitrary HTTP requests and inspect the response headers and body.
JWT Decoder: Decode JSON Web Tokens to inspect their header and payload.

Getting Started

Prerequisites

Rust: Install Rust
Git: Install Git

Installation and Usage

Option 1: Download Binary (Recommended for Users)

Download the latest pre-built binary for your OS from the Releases page.

Option 2: Build from Source

Clone the repository:

git clone https://github.com/fam007e/dev-toolbox.git
cd dev-toolbox

Build and run:
```
cargo run --release
```

Configuration

1. Secrets (.env)

The application requires a GitHub Personal Access Token to fetch repository and organization data. Create a .env file containing:

GITHUB_TOKEN=your_github_token

You can place this file in:

The current working directory where you run the app.
The OS-specific config directory (see below).

Generate a token here.

2. Application Config (config.toml)

On the first run, the app generates a config.toml in your OS-specific config directory:

Linux: ~/.config/dev-toolbox/
Windows: %AppData%\Roaming\dev-toolbox\

You can modify this file to change database paths or API URLs.

Keyboard:
- Tab: Switch between tool tabs.
- Ctrl+F: Open global search palette.
- Ctrl+Q: Quit the application.
- Ctrl+C: Copy the current status message (bottom left) to the clipboard.
- Arrow Keys, Enter, etc.: Used for interacting with the currently selected tool.
Mouse / Touchpad:
- Click / Tap: Select a tab to switch to that tool.

Project Maintenance

CI/CD: Automated builds, tests, and linting are performed on every PR via GitHub Actions.
Standards: We adhere to strict Rust coding standards (Clippy) and have a comprehensive Code of Conduct.
Security: Our security protocols are detailed in SECURITY.md.
Contributing: See CONTRIBUTING.md for how to add new tools.

Contact

For support or reporting issues, contact email.

Org Research Tool

Gather and search for GitHub organizations.

How to Use

Enter Parent Org (Optional): Specify a parent organization to filter results.
Enter Search Term: Provide a keyword to search for organizations.
Toggle "Allow No Parent": Use Ctrl+A to toggle if a parent is required for the search.
Fetch Data: Press Enter to perform the search via the GitHub API.

The tool will display a list of organizations matching your criteria.

Security Note

This tool automatically validates the scopes of your configured GitHub token. If broad permissions (like repo) are detected, a warning will be displayed recommending the use of fine-grained, read-only tokens for better security.

Keybindings

Up / Down: Switch between input fields (Parent Org, Search Term).
Enter: Fetch organizations from GitHub.
Ctrl+A: Toggle the "Allow No Parent" option.
Ctrl+E: Export result list to org_results.json.

Repo Explorer Tool

Explore repositories owned by a specific GitHub user.

How to Use

Enter GitHub Username: Type the username of the account you want to explore.
Fetch Data: Press Enter to retrieve a list of public repositories.

The tool displays repository details and automatically fetches the latest 5 releases for each repository (if available).

Security Note

Keybindings

Enter: Fetch repositories for the entered user.
Ctrl+E: Export current repository list and release data to repo_results.json.

Unicode Inspector Tool

Look up detailed Unicode character data with instant-start performance.

How to Use

The tool features lazy loading. On the first run, it imports the Unicode database in the background. A "Loading..." screen will appear while this process is active, but subsequent starts are instantaneous.

Enter Text/Input: Type directly to analyze individual graphemes.
Enter Codepoint: Search by a specific hexadecimal code (e.g., 1F60A).
Enter Name: Search by the official Unicode name (e.g., SMILE).

Keybindings

Up / Down: Switch between input fields (Input, Codepoint, Name).
Enter: Analyze the text field.
Ctrl+L: Perform a database lookup using the Codepoint or Name field.
Ctrl+A: Toggle "Sequential Mode" for text analysis.
Ctrl+E: Export current character results to unicode_results.json.

Token Inspector

The Token Inspector tool allows you to view detailed information about the GitHub Personal Access Token (PAT) configured in your .env file.

Usage

Switch to the Token Inspector tab using Tab or the search palette (Ctrl+F).
The tool automatically inspects your token on startup and displays the results.
To re-inspect the token (e.g., after updating your .env file), press Enter.

Information Displayed

Owner Login: The GitHub username associated with the token.
Owner Name: The full name of the user (if public).
Scopes: A list of permission scopes assigned to the token.
- Security Warning: If the token has broad scopes (like repo), a warning will be displayed recommending the use of fine-grained tokens with read-only access.
Rate Limit: The number of remaining core API requests for the current hour.
Reset In: The time remaining until the rate limit resets.

Keyboard Shortcuts

Enter: Re-inspect the configured GitHub token.

Back to Wiki | Back to README

Encoder/Decoder

The Encoder/Decoder tool provides a quick way to convert strings between various encoding formats.

Usage

Switch to the Encoder/Decoder tab using Tab or the search palette (Ctrl+F).
Select the desired Mode (Encode or Decode) and Format (Base64, Hex, or URL).
Type your input into the Input field. The Result updates in real-time as you type.

Keyboard Shortcuts

Ctrl+M: Toggle between Encode and Decode modes.
Ctrl+T: Toggle between encoding formats (Base64, Hex, URL).
Backspace: Remove the last character from the input.
Any Character: Append the character to the input.

Back to Wiki | Back to README

HTTP Inspector

The HTTP Inspector tool allows you to perform arbitrary HTTP requests and inspect the response status, headers, and body.

Usage

Switch to the HTTP Inspector tab using Tab or the search palette (Ctrl+F).
Select the HTTP Method (GET, POST, PUT, DELETE).
Type the URL you wish to request.
Press Enter to send the request.

Response Details

Status: The HTTP status code of the response (e.g., 200 OK, 404 Not Found).
Headers: A list of headers returned by the server.
Body: The response body text. For performance and memory safety, bodies longer than 10,000 characters are truncated.

Keyboard Shortcuts

Ctrl+M: Cycle through HTTP methods (GET, POST, PUT, DELETE).
Enter: Send the HTTP request.
Backspace: Remove the last character from the URL.
Any Character: Append the character to the URL.

Back to Wiki | Back to README

JWT Decoder Tool

Decode JSON Web Tokens (JWT) into human-readable JSON.

How to Use

Paste JWT: Paste the full token (header.payload.signature) into the input field.
Decode: Press Enter to parse the Base64-encoded segments.

The tool displays the Header and Payload as structured JSON objects.

Keybindings

Enter: Decode the current input.
Backspace: Delete characters from the input field.

Dev-Toolbox Wiki

This wiki provides additional documentation for the Dev-Toolbox application.

Tool-Specific Documentation

Contributing to Dev-Toolbox

We welcome contributions to the Dev-Toolbox! This guide will help you get started with adding new tools or improving existing ones.

Getting Started

Fork the repository on GitHub.
Clone your fork locally.
Create a new branch for your feature or bugfix.

Development Environment

Rust: Ensure you have the latest stable Rust version installed.
SQLite: The project uses rusqlite with the bundled feature, but you may need libsqlite3-dev on Linux for CI consistency.
Format & Lint:
- Run cargo fmt to format code.
- Run cargo clippy -- -D warnings to check for common mistakes.

Creating a New Tool

All tools must implement the Tool trait.

Implement the Trait:

#![allow(unused)]
fn main() {
impl Tool for MyTool {
    fn name(&self) -> &'static str { "My Tool" }
    fn render(&self, f: &mut Frame, area: Rect) { ... }
    fn handle_input(
        &mut self,
        key: KeyEvent,
    ) -> ToolFuture<'_> {
        Box::pin(async move {
            Ok("Success".into())
        })
    }
}
}

Configuration: Use the Config struct to avoid hardcoding paths.
Lazy Loading: If your tool requires heavy data loading, use tokio::spawn to load data in the background and show a loading state in render.

CI Pipeline

Every Pull Request triggers a CI pipeline that runs:

cargo build
cargo test
cargo fmt --check
cargo clippy
Spellcheck (typos)

Please ensure all checks pass before requesting a review.

Submitting Your Contribution

Commit your changes with a clear and descriptive message.
Push to your fork.
Create a Pull Request against the main branch.

Security Policy

Supported Versions

Currently, only the latest version of Dev-Toolbox is supported with security updates.

Reporting a Vulnerability

We take the security of this project seriously. If you believe you have found a security vulnerability, please do not open a public issue. Instead, please report it via email to the project maintainers.

Security Features in Use

This project employs several security-focused Rust crates to protect sensitive information:

secrecy: Used to wrap sensitive tokens (like GitHub API tokens) to prevent accidental logging or exposure.
zeroize: Ensures that sensitive data is securely wiped from memory when it is no longer needed.
https-only: All networking through reqwest is configured to enforce HTTPS.
Token Scope Inspection: Integrated validation of GitHub token scopes (x-oauth-scopes) to warn users when broad or dangerous permissions (e.g., full repo access) are detected.

Credentials

Never commit your .env file or any other files containing real secrets. This project includes a .gitignore that excludes common secret files.

Changelog

All notable changes to this project will be documented in this file.

[v2026.4.26] - 2026-04-26

Features (Phase 3)

Global Search Palette: Integrated Ctrl+F search interface for instant navigation between tools.
Token Inspector: New tool for viewing authenticated GitHub token details, owner information, and rate limits.
Encoder/Decoder: New utility supporting Base64, Hex, and URL encoding/decoding.
HTTP Request Inspector: Generic TUI for making arbitrary HTTP requests with header and body inspection.
Dynamic Tool Loading: Tools now support asynchronous background initialization (e.g., Token Inspector auto-check).

Modernization & Security

Security Hardening: Centralized GitHub scope validation with strict exact-match logic.
UI Safety: Replaced brittle layout indexing with named dynamic constraints to prevent panics.
Connection Pooling: Shifted to a shared reqwest::Client with per-request authentication scheme (Bearer).
Test Robustness: Resolved race conditions in secret-loading tests using serial_test.
CI/CD Pinning: All GitHub actions pinned to immutable SHAs for maximum supply-chain security.
Strict Code Quality: Achieved 100% Clippy compliance across the entire codebase.

Performance

Optimized Response Handling: Added 10,000-character truncation to HTTP bodies for memory and rendering efficiency.
Dependency Pruning: Leaner Tokio feature set to reduce binary size and compilation time.

Documentation & DX

Documentation Site: Automated mdBook deployment to GitHub Pages via CI.
Shortcut Audit: Synchronized and documented all global and tool-specific keyboard navigation.
Architectural Cleanup: Simplified tool implementation using the unified ToolFuture type alias.

[v2026.02.28] - 2026-02-28

Features

Modular TUI Architecture: A flexible system for adding developer tools using the Tool trait.
Org Research: Get insights into GitHub organizations, language statistics, and public repositories.
Repo Explorer: Explore GitHub users' public repositories and their latest releases.
Unicode Inspector: Instant-start, lazy-loading lookup for Unicode characters, names, and hex points.
JWT Decoder: Decode JSON Web Tokens into structured JSON objects.
Asynchronous Engine: Powered by tokio and async-trait for non-blocking I/O.
Persistent Storage: SQLite-based caching for faster performance across sessions.
Configuration System: OS-specific config and cache directory support (config.toml).

Security & CI/CD

Hardenened CI/CD: All GitHub Actions pinned to immutable commit SHAs with strict top-level permissions.
Automated Releases: Cross-platform binaries (Linux & Windows) built and uploaded automatically on version tags.
CodeQL Integration: Advanced security scanning enabled for Rust and GitHub Actions.
Credential Protection: Uses secrecy and zeroize crates to protect GitHub API tokens.
Flexible Secret Loading: Supports .env files in both current working directories and OS configuration folders.

Documentation

Comprehensive Wiki and tool-specific guides.
Updated README with professional installation and configuration options.

Contributor Covenant Code of Conduct

Our Pledge

In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.

Our Standards

Examples of behavior that contributes to creating a positive environment include:

Using welcoming and inclusive language
Being respectful of differing viewpoints and experiences
Gracefully accepting constructive criticism
Focusing on what is best for the community
Showing empathy towards other community members

Examples of unacceptable behavior by participants include:

The use of sexualized language or imagery and unwelcome sexual attention or advances
Trolling, insulting/derogatory comments, and personal or political attacks
Public or private harassment
Publishing others' private information, such as a physical or electronic address, without explicit permission
Other conduct which could reasonably be considered inappropriate in a professional setting

Our Responsibilities

Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.

Scope

This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.

Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at email. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident.

Dev-Toolbox Documentation