Show HN for March 23, 2026

Hi all, I'm Peter at Staff Engineer and Mozilla.ai and I want to share our idea for a standard for shared agent learning, conceptually it seemed to fit easily in my mental model as a Stack Overflow for agents.

The project is trying to see if we can get agents (any agent, any model) to propose 'knowledge units' (KUs) as a standard schema based on gotchas it runs into during use, and proactively query for existing KUs in order to get insights which it can verify and confirm if they prove useful.

It's currently very much a PoC with a more lofty proposal in the repo, we're trying to iterate from local use, up to team level, and ideally eventually have some kind of public commons.

At the team level (see our Docker compose example) and your coding agent configured to point to the API address for the team to send KUs there instead - where they can be reviewed by a human in the loop (HITL) via a UI in the browser, before they're allowed to appear in queries by other agents in your team.

We're learning a lot even from using it locally on various repos internally, not just in the kind of KUs it generates, but also from a UX perspective on trying to make it easy to get using it and approving KUs in the browser dashboard. There are bigger, complex problems to solve in the future around data privacy, governance etc. but for now we're super focussed on getting something that people can see some value from really quickly in their day-to-day.

Tech stack:

* Skills - markdown

* Local Python MCP server (FastMCP) - managing a local SQLite knowledge store

* Optional team API (FastAPI, Docker) for sharing knowledge across an org

* Installs as a Claude Code plugin or OpenCode MCP server

* Local-first by default; your knowledge stays on your machine unless you opt into team sync by setting the address in config

* OSS (Apache 2.0 licensed)

Here's an example of something which seemed straight forward, when asking Claude Code to write a GitHub action it often used actions that were multiple major versions out of date because of its training data. In this case I told the agent what I saw when I reviewed the GitHub action YAML file it created and it proposed the knowledge unit to be persisted. Next time in a completely different repo using OpenCode and an OpenAI model, the cq skill was used up front before it started the task and it got the information about the gotcha on major versions in training data and checked GitHub proactively, using the correct, latest major versions. It then confirmed the KU, increasing the confidence score.

I guess some folks might say: well there's a CLAUDE.md in your repo, or in ~/.claude/ but we're looking further than that, we want this to be available to all agents, to all models, and maybe more importantly we don't want to stuff AGENTS.md or CLAUDE.md with loads of rules that lead to unpredictable behaviour, this is targetted information on a particular task and seems a lot more useful.

Right now it can be installed locally as a plugin for Claude Code and OpenCode:

claude plugin marketplace add mozilla-ai/cq claude plugin install cq

This allows you to capture data in your local ~/.cq/local.db (the data doesn't get sent anywhere else).

We'd love feedback on this, the repo is open and public - so GitHub issues are welcome. We've posted on some of our social media platforms with a link to the blog post (below) so feel free to reply to us if you found it useful, or ran into friction, we want to make this something that's accessible to everyone.

Blog post with the full story: https://blog.mozilla.ai/cq-stack-overflow-for-agents/ GitHub repo: https://github.com/mozilla-ai/cq

Thanks again for your time.

This project launches multiple independent programs into a single shared virtual address space, while still behaving like separate processes (independent binaries, globals, and lifetimes). When threadprocs share their address space, pointers are valid across them with no code changes for well-behaved Linux binaries.

Unlike threads, each threadproc is a standalone and semi-isolated process. Unlike dlopen-based plugin systems, threadprocs run traditional executables with a `main()` function. Unlike POSIX processes, pointers remain valid across threadprocs because they share the same address space.

This means that idiomatic pointer-based data structures like `std::string` or `std::unordered_map` can be passed between threadprocs and accessed directly (with the usual data race considerations).

This accomplishes a programming model somewhere between pthreads and multi-process shared memory IPC.

The implementation relies on directing ASLR and virtual address layout at load time and implementing a user-space analogue of `exec()`, as well as careful manipulation of threadproc file descriptors, signals, etc. It is implemented entirely in unprivileged user space code: <https://github.com/jer-irl/threadprocs/blob/main/docs/02-imp...>.

There is a simple demo demonstrating “cross-threadproc” memory dereferencing at <https://github.com/jer-irl/threadprocs/tree/main?tab=readme-...>, including a high-level diagram.

This is relevant to systems of multiple processes with shared memory (often ring buffers or flat tables). These designs often require serialization or copying, and tend away from idiomatic C++ or Rust data structures. Pointer-based data structures cannot be passed directly.

There are significant limitations and edge cases, and it’s not clear this is a practical model, but the project explores a way to relax traditional process memory boundaries while still structuring a system as independently launched components.

I analyzed two orderings of the 64 I Ching hexagrams and found the permutation cycle decomposition between them is [52, 10, 2] with zero fixed points. Nobody has done this kind of analysis before and this cycle type has not been reported in the literature. You can verify it yourself.

Just wanted to share with HN a simple/minimal open source Python library that generates SVG files visualizing two dimensional data and distributions, in case others find it useful or interesting.

I wrote it as a fun project, mostly because I found that the standard libraries in Python generated unnecessarily large SVG files. One nice property is that I can configure the visuals through CSS, which allows me to support dark/light mode browser settings. The graphs are specified as JSON files (the repository includes a few examples).

It supports scatterplots, line plots, histograms, and box plots, and I collected examples here: https://github.com/alefore/mini_svg/blob/main/examples/READM...

I did this mostly for the graphs in an article in my blog (https://alejo.ch/3jj).

Would love to hear opinions. :-)

I built this because I wanted my own directory of public companies running bug bounty programs — where I could see their infrastructure in one place and have a real idea of where to start poking holes.

Neobotnet collects intel data from companies on HackerOne and Bugcrowd — subdomains, DNS records, web servers with status codes, indexed/crawled URLs, JS files, and exposed secrets/paths (still building this last part). The data is already there when you need it. No scans to run.

Currently tracking 41 companies, 63,878 web servers, and 1.8M+ URLs.

Long term I want to expand this to startups that depend on cloud infrastructure so they can see what's publicly accessible.

Made a free sample with Capital One's data (and other companies) so you can see what it looks like without signing up: https://freerecon.com

Original Page: https://neobotnet.com

Feedback very welcome.

We posted a couple of months ago and you all seemed to like what we're putting together. Since then we've added a lot!

-Editorial articles -Explore cities by filter -Saved & Grouped comparisons -Many more data points and higher quality data

Hey guys, I needed a way to convert Code, CSV, and Markdown snippets to shareable images so I built this over the weekend. It all runs locally in the browser using a few lines of jQuery. Nothing fancy.

Sharing in case someone else might find it useful!

I built Burn Room — a self-hosted SSH chat server where messages burn after 1 hour and rooms auto-destruct after 24 hours. Nothing is written to disk. No account, no email, no browser required.

  ssh [email protected] -p 2323
  password: burnroom

Or connect from a browser (xterm.js web terminal): https://burnroom.chat

This is a tool which lets you easily manage different versions of ideas, helpful for writing essays.

I've found myself wanting this every single time I go through the drafting process when writing, and I've been frustrated every time I find myself accidentally working on an old draft just because there was a paragraph that I liked better. This solves it.

I hope the community like this as much I enjoyed working on it! Note that it's currently a beta waitlist because there's some bugs with the undo/redo state management and so I want to dogfood it for a bit for reliability.

It says April 2nd, but I may allow earlier beta testers.

Hi HN! I built JulIDE - a lightweight Julia IDE using Tauri and Rust. Features: 10MB install (vs VSCode's 300MB) Full LSP, debugger, Git integration Built-in dev containers with X11 forwarding Tauri/Rust backend, React frontend Monaco based editor It's beta but functional. Built this for fun and to solve a real need in the Julia community. Tech stack: Tauri 2, Rust, React, Monaco, LanguageServer.jl GitHub: https://github.com/sinisterMage/JulIde Would love feedback!

Hi HN!

I've been building a project that handles high-value credentials in-process, and I wanted something more robust than just zeroing memory on drop. A comment on a recent Show HN[0] made me realize that awareness of lower-level memory protection techniques might not be as widespread as I thought.

The idea here is to pull out all the tools in one crate, with a relatively simple API. * mlock/VirtualLock to prevent sensitive memory from being swapped (eg the KeePass dump) * Core dump exclusion using MADV_DONTDUMP on Linux & Android * mprotect to minimize exposure over time * Guard pages to mitigate under/overflows

After some battle testing, the goal here is to provide a more secure memory foundation for things like password managers and cryptocurrency wallets.

This was a fun project, and I learned a lot - would love any feedback!

[0] - https://news.ycombinator.com/item?id=47073430

Gm HN,

We decided to build an arena where the crowd decides the destiny of AI products. Reach possible. Roast guaranteed.

No account needed + anonymous.

Mutatr is an end-to-end A/B testing agent.

In practice, it connects to a repo, then:

1. Suggests A/B treatments

2. Implements variants in the codebase

3. Runs flights using synthetic personas that simulate the expected audience for your site

4. Returns attention maps to help you learn what works before going live

Funny story: Mutatr started as a YC application that got rejected, so I decided to build it anyway and open-source it

"Open Books in Zlib Or Anna's Archive with a button on Goodreads in one click."

Hello i have been working on this Open Source extension (Source code ,available on Github)

I built a free, open source browser extension that adds buttons directly onto Goodreads book pages. Instead of copying titles and searching manually, you just click the badge for whichever source you want.

You can also toggle sources on/off so say if you only want Z-Lib and Anna's Archive badges and not Gutenberg, you can do exactly that.

Supported sources:

Anna's Archive

Z-Library

Project Gutenberg

Planning to add more sources based on feedback.

it is available on :

-chrome

-firefox

Available on Chrome and Firefox. Also for firefox mobile

Anime.js used for animation

The DGS-1100 is a ~$40 managed gigabit switch with real features (802.1Q VLANs, STP, IGMP, port security) but its only management interface is a JavaScript web UI from 2015. No SSH, no REST API, SNMP is read-only for anything useful.

  I needed to configure a few of these and clicking through the web UI was painful,
  so I wrote a CLI that drives headless Chrome via Selenium. It logs in, scrapes the
   JS data files the switch populates via XHR, and submits forms to the CGI
  endpoints for changes. Every write command reads back the config afterward to
  verify the switch accepted it.

  63 commands covering everything the switch exposes — VLANs, PVIDs, STP, IGMP,
  storm control, port security, mirroring, QoS, bandwidth limits, SNMP, traffic
  segmentation, and more. Plus a recommend command that crawls 13 data files and
  checks 20 categories of issues (PVID mismatches, orphaned ports, disabled security
   features, etc.) and a fix command that auto-applies what it finds.

  Other things that fell out of this: config dump/diff/restore for version control,
  a template command to generate reproducible batch files, multi-switch support, a
  Prometheus exporter, a Textual TUI, and shell completions.

  Built with Nix so nix run github:bobberb/dgs-cli -- status just works. 179 offline
   tests.

  Tested on DGS-1100-08V2. The --1210 flag is stubbed out for future DGS-1210
  support.

I just built this (beta version) of a self-guided writing tool called Story Trainer that walks you through the core pieces of a story and emotional stakes step by step.

A few months ago I went to a free writing workshop with a professional TV screenwriter, took notes, and ended up building the biggest lessons into this because I wanted something that made the whole process feel less overwhelming for beginners like me.

Check it out here. Would love to know if this is useful at all. It's just a WIP GitHub page right now, so open to ANY and ALL feedback to make this more useful.

I've been building OpenCastor, a runtime layer that sits between a robot's hardware and its AI agent. One thing that surprised me: the order you arrange the skill pipeline (context builder → model router → error handler, etc.) and parameters like thinking_budget and context_budget affect task success rates as much as model choice does.

So I built a distributed evaluator. Robots contribute idle compute to benchmark harness configurations against OHB-1, a small benchmark of 30 real-world robot tasks (grip, navigate, respond, etc.) using local LLM calls via Ollama. The search space is 263,424 configs (8 dimensions: model routing, context budget, retry logic, drift detection, etc.). The demo leaderboard shows results so far, broken down by hardware tier (Pi5+Hailo, Jetson, server, budget boards).

The current champion config is free to download as a YAML and apply to any robot. P66 safety parameters are stripped on apply — no harness config can touch motor limits or ESTOP logic.

Looking for feedback on: (1) whether the benchmark tasks are representative, (2) whether the hardware tier breakdown is useful, and (3) anyone who's run fleet-wide distributed evals of agent configs for robotics or otherwise.

I've tried a number of personal Kanban apps for macOS over the years and never quite found one that I loved.

Nowadays, many want an account, push cloud sync, subscriptions, contain tons of telemetry, or some combination of the above (don't get me started on AI) and to be honest many are overkill for managing my own tasks. (less friction = more productivity)

So... I built my own Kanban app.

*LumaBoards* is a simple Kanban for macOS designed for solo use.

Features are intentionally pretty minimal:

* drag-and-drop cards and columns

* due dates + filtering

* tags / colors

* keyboard shortcuts (not vim… sorry)

* offline storage

There's a *free version* with a single board (no attachments or import/export) but no time-trial limits or feature nags.

The *paid version* adds support for multiple boards, attachments, and backups via import/export.

Free: https://offlineapps.gumroad.com/l/lumafree

and

Paid: https://offlineapps.gumroad.com/l/lumapaid

Feedback most welcome.

Cheers

PS - for anyone interested, its Tauri + Vue.

Cryptographic Passports for AI Agents — How We Built Tamper-Proof Trust

Hi HN, building RootCX. An open-source self-hosted infrastructure for building internal software and AI agents.

I've built this because the current ecosystem forces devs to choose your poison:

- SaaS fragmentation: Vendor lock-in and endless API integrations.

- Legacy ERPs: Millions spent on customization and years of waiting, completely detached from the ground reality of the business.

- Visual UI builders (Retool, Appsmith and others): Abstraction leaks. The visual layer lacks flexibility and adds unnecessary overhead when you actually need to write code.

- Modern AI tools (Lovable, Claude Code, etc.): Great for single-tenant UI prototypes. Useless for deploying a fleet of enterprise apps because they lack shared data models and centralized RBAC (Role-Based Access Control).