u/Affectionate_News_57

I'm studying cybersecurity and started building Bastion as a side project because I wanted something more serious than MEE6 or Dyno for security, bots that do moderation but not real threat analysis.

The core is a behavioral risk engine that tracks user actions in real time and escalates sanctions automatically (warn → mute → kick → ban). It also does anti-raid, anti-phishing, alt-account detection, and automated onboarding with captcha.

The thing I focused on that most bots don't have: a proper web dashboard where admins configure everything, full audit logs with context, and sanctions that escalate based on behavior patterns rather than isolated actions.

It's live and free to try. Would love feedback from people who actually moderate large servers, what would make a security bot actually useful for you?

bastion.yaiito.fr

Started this because a friend told me he was building a shell in C. I used shells every day but never really thought about what was happening underneath, so before writing a single line I spent a few weeks reading. The GNU bash source, a lot of blog posts about Unix process groups, the man pages for fork, exec, waitpid, tcsetpgrp. Once I had a rough mental model of how it all fits together I started.

The project ended up as a Cargo workspace with 3 crates:

• shell-core : parser, AST, execution engine, job control, env
• shell-cli : interactive REPL + script execution
• orbisbox : ~40 reimplemented Unix utilities

The hard parts weren't what I expected. Getting fork/exec/dup2 working in Rust is honestly not that bad once you understand the model. What actually took time was job control. Getting tcsetpgrp, WNOHANG and signal propagation right so background jobs don't destroy your terminal state was painful. FD leaks too, fixed with pipe2(O_CLOEXEC) so child processes don't inherit file descriptors they have no business touching. Tilde and $VAR expansion look simple until you realize order of operations matters a lot. Globbing I implemented without a library which was fun.

I also added a small set of cybersecurity oriented builtins: hexview, strx, hashx, finfo. Tools I kept reaching for externally and wanted directly inside the shell.

Scope is intentionally limited to an MVP. Anything the parser can't handle (&&, ||, subshells) gets delegated to bash rather than crashing. Being honest about limitations feels better than pretending they don't exist.

One thing I didn't expect is how much this taught me about Unix in general. Process groups, controlling terminals, signal masks, stuff I knew existed but never had to actually deal with. Now I do.

If I had to redo it I'd add CI from the start, record a demo GIF way earlier, and split my commits more instead of pushing big chunks all at once.

Repo: https://github.com/Jonathan-p-z/Orbis

Happy to answer questions about the internals, especially job control and pipe handling.