<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Tahira Muhammad</title>
    <description>The latest articles on DEV Community by Tahira Muhammad (@tahiram32).</description>
    <link>https://dev.to/tahiram32</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4022018%2F3afd8e03-073a-4932-8c86-cef59274e93b.jpg</url>
      <title>DEV Community: Tahira Muhammad</title>
      <link>https://dev.to/tahiram32</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/tahiram32"/>
    <language>en</language>
    <item>
      <title>I got tired of breaking downstream code, so I built an AI CLI that fixes it for me.</title>
      <dc:creator>Tahira Muhammad</dc:creator>
      <pubDate>Fri, 10 Jul 2026 00:34:36 +0000</pubDate>
      <link>https://dev.to/tahiram32/i-got-tired-of-breaking-downstream-code-so-i-built-an-ai-cli-that-fixes-it-for-me-3k80</link>
      <guid>https://dev.to/tahiram32/i-got-tired-of-breaking-downstream-code-so-i-built-an-ai-cli-that-fixes-it-for-me-3k80</guid>
      <description>&lt;p&gt;If you maintain any kind of open source library or internal API, you already know the headache you merge a simple PR, cut a new release and suddenly three downstream projects crash because you changed a config key. &lt;/p&gt;

&lt;p&gt;We’ve all been there. I got sick of doing this so I decided to solve it permanently.&lt;br&gt;&lt;br&gt;
                                                                                                                                I built &lt;strong&gt;&lt;a href="https://github.com/Tahiram32/breakguard" rel="noopener noreferrer"&gt;BreakGuard&lt;/a&gt;&lt;/strong&gt;.  &lt;/p&gt;

&lt;p&gt;It's a stupidly fast zero-dependency CLI (and GitHub Action) that scans your PRs and tells you exactly what you are about to break before you hit merge.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Key Features&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;It tells you exactly who you broke:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Run &lt;code&gt;breakguard --format html&lt;/code&gt; and it spits out a visual node-graph showing exactly which downstream apps are going to crash because of your PR.&lt;/p&gt;

&lt;p&gt;**It fixes their code for you:&lt;/p&gt;

&lt;p&gt;If you broke an API run &lt;code&gt;breakguard --auto-fix-downstream&lt;/code&gt;. It uses AI to clone their repos, rewrite their outdated function calls to match your new API and opens PRs to fix their code automatically.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;It’s incredibly easy to use:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I hate memorizing CLI flags. If you just type &lt;code&gt;breakguard&lt;/code&gt; in your terminal it opens an interactive arrow key wizard that holds your hand through the whole process.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;It doesn't hide in CI logs:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;If you run it as a GitHub Action it doesn't just fail silently. It injects a massive Markdown report directly into the GitHub UI so reviewers can clearly see the migration notes.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;No Bloat&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Zero Dependencies:&lt;/strong&gt; Pure Python. No massive Docker containers or node modules to install.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Understands your code:&lt;/strong&gt; It natively parses Python, Go, and TypeScript ASTs to detect renamed functions, deleted classes and changed arguments.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Smart Deprecations:&lt;/strong&gt; If you actually used &lt;a class="mentioned-user" href="https://dev.to/deprecated"&gt;@deprecated&lt;/a&gt; tags properly it knows not to yell at you.&lt;/p&gt;

&lt;p&gt;I built this so I could ship code faster without worrying about angry bug reports. &lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Check it out on GitHub:&lt;/strong&gt; &lt;a href="https://github.com/Tahiram32/breakguard" rel="noopener noreferrer"&gt;https://github.com/Tahiram32/breakguard&lt;/a&gt;&lt;/p&gt;

</description>
      <category>opensource</category>
      <category>python</category>
      <category>github</category>
      <category>programming</category>
    </item>
    <item>
      <title>I got tired of slow and bloated CI pipelines. so I built a zero dependency tool that replaces 20+ of them</title>
      <dc:creator>Tahira Muhammad</dc:creator>
      <pubDate>Thu, 09 Jul 2026 15:34:40 +0000</pubDate>
      <link>https://dev.to/tahiram32/i-got-tired-of-slow-and-bloated-ci-pipelines-so-i-built-a-zero-dependency-tool-that-replaces-20-3lho</link>
      <guid>https://dev.to/tahiram32/i-got-tired-of-slow-and-bloated-ci-pipelines-so-i-built-a-zero-dependency-tool-that-replaces-20-3lho</guid>
      <description>&lt;p&gt;If you've worked on a modern codebase you know the pain. You push a small Pull Request and then you wait.&lt;br&gt;&lt;br&gt;
                                                                                                                                  You wait for SonarQube to spin up a JVM container. You wait for Snyk to download 500MB of data. You wait for Black, Flake8, and Bandit to format your code. A 2 line code change suddenly turns into a 15minute coffee break that burns through your GitHub Actions billing.                                                                                   &lt;/p&gt;

&lt;p&gt;I got completely sick of this. I didn't want to install 20 different services, manage 20 different API tokens, and pay $50/month per developer just to know if my code was secure.                                                                      &lt;/p&gt;

&lt;p&gt;So, I built &lt;strong&gt;&lt;a href="https://github.com/Tahiram32/ciforge" rel="noopener noreferrer"&gt;CI Forge&lt;/a&gt;&lt;/strong&gt;.                                                              &lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What is CI Forge&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;CI Forge is a single, incredibly fast, "zero-dependency" Python CLI that replaces almost your entire CI/CD toolchain. You don't need to install Docker. You don't need a JVM. It runs purely on standard libraries and completes its scans in milliseconds.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Here is what it does out of the box:&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Instant Security Scanning (Powered by Google)&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Most free security scanners are outdated and miss dangerous bugs. CI Forge is directly plugged into Google’s live vulnerability database. This means the second a new security threat is discovered on the internet, CI Forge already knows about it. It instantly finds dangerous code in Python, JavaScript, C++, and Rust without requiring any complicated setup or heavy installations.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;AI That Actually Fixes Your Code&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Telling a developer they have a vulnerability is annoying. Fixing it for them is magic. If you run CI Forge with the auto-fix flag, the tool uses AI to rewrite the broken code for you. But instead of blindly guessing it double checks its own work to guarantee the fix won't crash your app. Once it is sure the code is safe it automatically opens a Pull Request on GitHub for you to review.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;It Never Breaks Your Build&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Nothing is more frustrating than a security tool crashing and bringing down your entire deployment pipeline. CI Forge is built with a massive safety net. If the tool itself ever has an error or goes offline it simply steps out of the way. It will never block your team from launching their code to production.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;The Developer Security Hub&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;If you manage multiple projects or open source libraries, checking every single one for security flaws is a huge waste of time. I just launched the CI Forge Cloud dashboard to fix this. Just add a single flag when you run the tool and it instantly beams all of your security alerts and wasted cloud costs into one web dashboard. Whether you're working solo or running a massive team you can now see the health of all your codebases in one place.&lt;/p&gt;

&lt;p&gt;Try it out in 5 seconds. If you have Python installed, you can scan your codebase locally right now:&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;`pip install ciforge-cli`

`python -m ciforge.cli --repo . --vuln-scan --dead-code`
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;

&lt;p&gt;If you are an open source maintainer, an indie hacker, or just someone who hates bloated CI pipelines I built this for you.   &lt;/p&gt;

&lt;p&gt;I'd love for you to check out the repository. drop a ⭐️ if you like the vision, and tell me what features you'd like to see next!&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;a href="https://github.com/Tahiram32/ciforge" rel="noopener noreferrer"&gt;GitHub: Tahiram32/ciforge&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;

</description>
      <category>opensource</category>
      <category>python</category>
      <category>devops</category>
      <category>github</category>
    </item>
  </channel>
</rss>
