Edit, sign, merge, compress, redact, OCR, fill forms, extract tables, and 30+ more tools — all in the browser, no sign-up. Files never leave your computer. Now with a desktop app (macOS/Windows/Linux) and a CLI/SDK for developers.

Last time this was posted it was in it's infancy, and how I've added a bunch more to it

Reposting because the March thread linked a now-outdated repo, and the project has changed substantially.

VellaVeto is a fail-closed gateway between an AI agent and its MCP tools. Every tool call is evaluated before execution; if evaluation fails for any reason, the call is denied.

Concrete example: under shield mode, a filesystem server trying to read ~/.ssh/id_rsa is denied by default. A list_files /tmp call from the same server is allowed.

What it does not solve: prompt injection, model-level jailbreaks, or supply-chain attacks in server packages. It only controls what crosses the tool-call boundary.

Since March, I added three zero-config protection levels, topology discovery, tamper-evident audit, Consumer Shield, and MCPSEC, an open benchmark for MCP gateways.

The feedback I’d most like:

Is the tool-call boundary the right place to enforce MCP security? Are the MCPSEC attack classes sensible? What important attack classes am I still missing?

I made a simple browser-based tool for stepping through Cookiecutter Django project setup:

https://aisaastemplate.com/tools/django-cookiecutter/

Main reason: I kept repeating the same command-line flow when starting projects, and I’d occasionally mistype inputs or need to backtrack.

This is a small attempt to make that process smoother. It’s free, requires no login, and is meant for anyone who already uses or wants to try Django Cookiecutter.

I’ve been using Django Cookiecutter for a long time, and I’ve bought every edition of Two Scoops of Django, so this came from genuine appreciation for the project.

Feedback is very welcome.