A clipboard tool sees everything. Mine can't phone it home.
The itch
I'm a developer, and I'm a reluctant operations engineer. Those two facts generate a steady trickle of small chores. Fetch a URL from the command line. Ping a host that's acting up. Run a whois or a traceroute. Decode a JWT — I go to jwt.io for that, which is genuinely nice — or pull apart a base64 blob, online or on the command line, all of it fine but none of it quite frictionless.
The loop is always the same. Something looks off, so I search for the right tool, because I never bookmark these things. I open it. I paste my data in. I copy the result back out. Two options, neither great: hand whatever I'm holding to a website that probably has no business seeing it, or assemble a command-line pipeline. The pipeline is the honest answer and I love it, but it's a lot of ceremony for a thirty-second question.
Some background, because it explains the rest. I've been writing software for about forty years, self-taught, mostly low-level languages. These days I work in an AI department on the cloud backend. So I spend my days in the cloud and built a tool whose entire point is that it stays off it.
Years ago I built little-eye.com as a browser-based decoder — paste a string, see what it is. It went essentially unused, including by me. The reason was obvious in hindsight: to use it, you sent your data over the internet. Secure, sure, but it fell over on anything large. So the web version answered the wrong question. Over the last month or two I rebuilt it as a native app. Same domain, different animal.
The constraint is the product
I have a low-grade allergy to "if you don't pay for it, you are the product." I'm not a purist about it. There's a second, quieter problem too: free online tools vanish. The one you relied on last year is a parked domain now, and you're back to searching.
A clipboard tool is the sharpest possible version of this worry. It can see everything you copy — passwords, tokens, customer data, the lot. So "trust me" is worthless. The only thing worth anything is an architecture where the leak can't happen.
That's what Little Eye is. Detection is fully offline and local-only. No telemetry, no accounts. It recognizes around fifty formats — JWTs, URLs, JSON, hex colors, IP addresses, base64, timestamps, NFC tags — entirely on your machine. The features that do touch the network — URL fetch, ping, traceroute, WHOIS, DNS — are clearly marked as such, and the heavy ones only fire when you click. The whole lot can be switched off with a single toggle: flip on privacy mode and every network action disappears from the interface.
And charging money is the point, not a compromise of it. You pay, so you are not the product; there's no other revenue stream that needs your data. Every result still carries a plain copy-to-clipboard path, so when you want the command line, it hands you the value to paste. It isn't trying to replace your shell, just to make the quick look quick.
How it got built
I don't write Swift. I wanted a native app on both macOS and iOS, and when I sat down to start, the thought was simply: with Claude, why would I need to?
The AI wrote the Swift and Go I don't author by hand. I owned the specification, the privacy architecture, and every line that went in. Forty years of building software is the part that makes this not hand-waving: it's the supervision. I write better instructions because I understand what's happening underneath, and I spot trouble fast. Trouble still happens.
The clearest example: early on, larger inputs were slow to detect. The lazy diagnosis is "something isn't using a pointer or a reference." Wrong. The real cause was a computed property — the trimmed text of the clipboard — being recomputed in a dozen places, each pass doing the same work over again. You only catch that quickly if you've internalized how this kind of thing actually goes sideways. I rewrote it to compute once. The panel stopped lagging.
I kept the dependency list almost empty on purpose. Swift and Go both ship strong standard libraries, so most of the time you reach for nothing. The whole app has exactly two third-party dependencies: a YAML parser and a TOML parser. That's the list. The internals have been re-architected a few times, which stayed painless because the dependency surface was almost nothing to break.
Which brings me back to the contradiction: a person who works on cloud AI built a no-cloud tool, with cloud AI. It's less of a contradiction than it looks. The AI is a tool, and it doesn't care what you ask it to make. The distinction that dissolves the rest is build-time versus runtime. The AI saw the source code. It never saw a user's clipboard. The shipped app contains no AI and phones nothing home, and this very website is generated in part from the same detector code that runs in the app.
Will it last?
Fair question for any small tool, and the answer is built into the design. Little Eye is standalone. Once installed, it doesn't contact the website or need it for anything. In normal use the app reaches the network in exactly two places, and both are deliberately built to carry no identity. The first is "Check for updates": an anonymous request that pulls the latest version number and may download a new disk image. It collects nothing about you. The second happens once, the moment you enter a license key — after the key is verified locally, the app sends a single activation ping so I can count roughly how many machines a license runs on. That ping carries a random token generated on first launch (it resets if you reinstall), plus the app and OS version. No name, no email, nothing tied to your hardware, and no IP address is ever stored. Both are best-effort: if you're offline or the server is down, nothing blocks and nothing breaks.
So if I ever stop maintaining it, it keeps working for as long as macOS keeps supporting the frameworks it uses. My honest estimate of the real expiry date is SwiftUI's deprecation cycle, somewhere in the three-to-five-year range. For a tool you pay once for, that's a reasonable horizon.
Little Eye uncomplicates a handful of things and makes them fast: ping or traceroute a site that's gone dark, check whether a JWT has expired and what's inside it, look at where a domain comes from, confirm your DNS records say what you think they say. It's not a replacement for specialized tools. It's a fast first look — enough to tell you whether everything's fine, or whether it's time to dig deeper.