hey, i'm Wahid, i built trawld.

the short version: i was doing a routine security review at work, caught an anomaly that traced back to a transitive dependency nobody had audited. not the package we installed. something three layers deep. went looking for a tool that just watched silently and flagged it. didn't find one. built trawld instead.

it's fully open source. one install, watches every project on your machine, no config needed.

happy to answer anything:

• how the agent works under the hood

• why i route remediation commands through the heartbeat loop instead of WebSockets

• where this is going next

ask anything, roast it, break it, whatever. i'm here.