Personal lab - based in India

A small lab. Many things shipped.

VineLabs is where I publish my open-source side projects: CLI tools, web apps, browser extensions, AI agents, platform plugins, and the occasional design system. Open by default. Self-host friendly. No telemetry games.

See the lab View on GitHub

Disciplines: 6+
Open by default: 100%
Started: 2025

~/vaultctl

$ vaultctl ls

NAME TYPE SHARED

aws-prod login team

stripe-keys api team

cloudflare token personal

$ vaultctl get stripe-keys --json

{
  "name": "stripe-keys",
  "value": "sk_live_******",
  "updated": "2026-05-08"
}

$ _

zero-knowledge - decrypt happens locally connected

What comes out of the lab

Some shipped. Some growing. Some in the soil.

1

CLI tools

Single-binary tools that respect your terminal.
1

Web apps

Self-hostable, audit-friendly web software.
1

Browser extensions

MV3 extensions for Chrome, Firefox, Edge.
soon

AI agents

Pragmatic agents and SDK glue. No hype.
1

Platform extensions

Plugins for Shopware, TYPO3, WordPress, more.
soon

Design systems

Tokens, components, docs you can copy.

Lab work

Tools you can read, run, and own.

Every release ships with full source, signed binaries, and a self-host path. No managed-only feature gates, no telemetry sneaks.

All on GitHub

vaultctl

Self-hosted, zero-knowledge password vault

Beta

Single Go binary serves the API and embedded React SPA. Browser extension and CLI talk to the same server. Argon2id + AES-256-GCM happen in the browser, the extension, or the CLI - the server has no decrypt path.

Zero-knowledge by construction - server cannot decrypt
One ~45MB distroless image, embedded SPA, embedded migrations
Multi-user, RBAC, RSA-OAEP wrap with Ed25519 signature pinning
Signed releases, CycloneDX SBOM, SLSA L3 provenance


        go install github.com/vinelabs-de/vaultctl/cmd/server@latest

xrechnung-kit

EN 16931 / XRechnung 3.0 compliant e-invoicing for PHP

Stable

Turns a typed PHP value object into a KoSIT-strict valid XRechnung 3.0 / EN 16931 XML document. Validates in memory before writing, quarantines invalid output, stays out of your way. Framework-agnostic core with adapters for Laravel, Symfony, CakePHP, Laminas, Shopware, TYPO3 and WordPress.

Standard, partial, deposit, credit and cancellation document types
KoSIT Schematron validation as an opt-in dev dependency
First-class adapters for the major PHP frameworks
Platform integrations for Shopware, TYPO3, WordPress, Contenido


        composer require vinelabs-de/xrechnung-kit-core

AGPL / MIT Open licenses
EN 16931 XRechnung 3.0 strict
SLSA L3 Provenance attested
Self-host Run it on your own metal

How I build

The lab runs on four ground rules.

These are not slogans. They show up in every README, every release, and every line of code.

Self-host first

Single binary, single image, single compose file. Deploy where it makes sense for you.

Source you can audit

Permissive or copyleft, never source-available. The threat model lives in the repo, not the marketing page.

Supply chain hardened

Signed releases, SBOMs, SLSA L3 provenance where it applies. You should be able to verify what you run.

No telemetry tax

Nothing phones home. If a project ever needs usage data, it is opt-in and the README spells out what is collected.

Spotted a bug? Have a question? Want to say hi?

The fastest way to talk about the projects is on GitHub - issues for bugs, discussions for questions. For everything else, email works too.

Open an issue info@vinelabs.de

General + feedback: info@vinelabs.de; Read by a real person, not a queue
Project help: support@vinelabs.de; See help guidelines
Open source: github.com/vinelabs-de; Issues, PRs, discussions, releases