Tools we build

Software we ship from the same hands that run the hosting.

Small, considered tools built alongside the hosting. Free or low-cost, useful on their own, and the same engineering standards apply.

  1. Vanishly
    security

    Zero-knowledge ephemeral secrets sharing.

    A one-time link for one secret. Your browser encrypts it before it leaves the page. The link works once, then destroys itself. The server never sees plaintext, cannot recover the secret, and forgets the rest.

    • Encrypted in your browser

      AES-GCM via Web Crypto, on your device. Vanishly receives ciphertext only, never the key.

    • Single-use, time-bound

      The recipient opens the link once. After that, the link is dead. You also pick an expiry; whichever comes first wins.

    • Server forgets

      Once read or expired, the ciphertext is destroyed. No archive, no audit trail of contents, no recovery path.

    • Zero-knowledge by construction

      The decryption key never reaches the server. It travels in the URL fragment or as a recipient password, both handled entirely client-side. The page integrity hash is published so you can verify the encryption code has not been tampered with.

    Visit Vanishly vanishly.link
  2. Minolith
    developer platform

    Persistent project memory for AI coding agents.

    Turn stateless AI coding tools into stateful, long-running systems. Persistent memory, changelogs, feedback, runbooks, agent orchestration, structured design systems, task coordination, API docs and hosted help centres, all through one API with no local install.

    • Persistent project memory

      A long-running store for agent context, so coding tools stop forgetting between sessions and across machines.

    • One API, no local install

      API-first by construction. No CLI to set up, no local daemon, no per-machine configuration to drift.

    • Coordinated agents

      Task coordination and agent orchestration through the same surface, so multiple agents can work on the same project without stepping on each other.

    • Hosted artefacts

      Changelogs, runbooks, structured design systems, API docs and help centres live behind the same API, ready to read or write.

    Visit Minolith www.minolith.io/
  3. Provenly
    internal operations

    Fleet-wide DMARC observability for hosting operators.

    A DMARC aggregate-report ingestor and dashboard that surfaces per-domain sending health, anomaly patterns and SPF alignment across an entire hosting fleet. Built to turn reactive reputation-incident response into proactive observability. In private use now; a customer-facing service and a public per-domain checker are on the way.

    • Ingests every aggregate report

      Parses inbound DMARC XML across every domain we operate mail for and stores the underlying records in a queryable form.

    • Per-domain history

      A timeline for any customer domain of what mail was sent from where, whether it authenticated, and what receivers did with it. Turns a support conversation about a bounce into a fact-finding one with data.

    • Anomaly surfacing

      New sending sources, volume breaks, SPF misalignment and authentication-failure clustering all surface before they translate into reputation damage on the shared IP.

    • Shaped for a hosting fleet

      Fleet-wide by construction, not per-domain. Alerting is tuned to the patterns a hosting operator cares about, not the tuning parameters a marketing team optimises against.

    Internal tool, used by us
  4. DNSWatch
    internal operations

    Continuous DNS, WHOIS and HTTP diagnosis for every domain we manage.

    Built to take intoDNS further than it can go. DNSWatch continuously records the DNS records, WHOIS data and HTTP response for every domain in our fleet, with full change history. Not an uptime monitor; an operations tool that catches the slow drift, the accidental change, the third-party reconfiguration that quietly breaks email or sites long before anyone notices.

    • Continuous DNS recording

      Every probe captures NS, A/AAAA, MX, TXT, SPF, DMARC, CAA, SRV, CNAME, DS/DNSKEY and PTR against the authoritative zone and public resolvers, so authoritative-vs-cached drift shows immediately.

    • Change history per domain

      Every change to every record is timestamped. We can answer "what changed and when" across years, not just today.

    • WHOIS and HTTP, alongside DNS

      WHOIS is sampled regularly so registrar, contact and expiry changes are visible. The probe also captures the HTTP response chain and status, all on the same record.

    • Built for managed-fleet operations

      Diagnostics in the dialect a hosting operator actually thinks in: registry vs zone NS, SOA serials and timers, MX reverse DNS, SPF presence, DMARC policy, propagation agreement. Designed for the gap intoDNS leaves.

    Internal tool, used by us