2026年3月15日 の Show HN

I built Signet in Go to see if an autonomous system could handle the wildfire monitoring loop that people currently run by hand - checking satellite feeds, pulling up weather, looking at terrain and fuels, deciding whether a detection is actually a fire worth tracking.

All the data already exists: NASA FIRMS thermal detections, GOES-19 imagery, NWS forecasts, LANDFIRE fuel models, USGS elevation, Census population data, OpenStreetMap. The problem is it arrives from different sources on different cadences in different formats.

Most of the system is deterministic plumbing - ingestion, spatial indexing, deduplication. I use Gemini to orchestrate 23 tools across weather, terrain, imagery, and incident tracking for the part where clean rules break down: deciding which weak detections are worth investigating, what context to pull next, and how to synthesize noisy evidence into a structured assessment.

It also records time-bounded predictions and scores them against later data, so the system is making falsifiable claims instead of narrating after the fact. The current prediction metrics are visible on the site even though the sample is still small.

It's already opening incidents from raw satellite detections and matching some to official NIFC reporting. But false positives, detection latency, and incident matching can still be rough.

I'd especially welcome criticism on: where should this be more deterministic instead of LLM-driven? And is this kind of autonomous monitoring actually useful, or just noisier than doing it by hand?

I built k-synth as an experiment to see if a minimalist, K-inspired array language could make sketching waveforms faster and more intuitive than traditional code. I’ve put together a web-based toolkit so you can try the syntax directly in the browser without having to touch a compiler:

Live Toolkit: https://octetta.github.io/k-synth/

If you visit the page, here is a quick path to an audio payoff:

- Click "patches" and choose dm-bell.ks.

- Click "run"—the notebook area will update. Click the waveform to hear the result.

- Click the "->0" button below the waveform to copy it into slot 0 at the top (slots are also clickable).

- Click "pads" in the entry area to show a performance grid.

- Click "melodic" to play slot 0's sample at different intervals across the grid.

The 'Weird' Stack:

- The Language: A simplified, right-associative array language (e.g., s for sine, p for pi).

- The Web Toolkit: Built using WASM and Web Audio for live-coding samples.

- AI Pair-Programming: I used AI agents to bootstrap the parser and web boilerplate, which let me vet the language design in weeks rather than months.

The Goal: This isn't meant to replace a DAW. It’s a compact way to generate samples for larger projects. It’s currently in a "will-it-blend" state. I’m looking for feedback from the array language and DSP communities—specifically on the operator choices and the right-to-left evaluation logic.

Source (MIT): https://github.com/octetta/k-synth

i built pano because i kept losing the things i actually wanted to come back to.

pano is an internet archiving tool that lets you save links into shelves that you can organize and share.

the problem for me was never finding things. it was keeping them. research papers, recipes, old blog posts, repos, tutorials, and random sites i found late at night would end up scattered across tabs, bookmarks, screenshots, saved posts, and pdfs. a few weeks later, they were effectively gone.

what i wanted was one place where saved links stayed organized, easy to navigate, and easy to share as a collection.

a lot of the work went into two things: metadata extraction and interface design. saved links are much less useful if they decay into unlabeled bookmarks, so pano tries to pull structured info like title, description, author, date, and type, with native handling for sites like youtube, github, reddit, substack, spotify, and others. i also spent a lot of time on the design, because i wanted saved links to feel browsable and worth returning to; more like a shelf than a utilitarian list of urls.

there’s also a chrome extension for one-click saving and a bulk import path for existing bookmarks.

i’m especially interested in whether the “shelf” model feels better than traditional bookmarks, and where the save / organize / share flow still feels clunky.

it’s free right now: panoit.com

We build runtime security for AI agents. The playground started as an internal tool that we used to test our own guardrails. But we kept finding the same types of vulnerabilities because we think about attacks a certain way. At some point you need people who don't think like you.

So we open-sourced it. Each challenge is a live agent with real tools and a published system prompt. Whenever a challenge is over, the full winning conversation transcript and guardrail logs get documented publicly.

Building the general-purpose agent itself was probably the most fun part. Getting it to reliably use tools, stay in character, and follow instructions while still being useful is harder than it sounds. That alone reminded us how early we all are in understanding and deploying these systems at scale.

First challenge was to get an agent to call a tool it's been told to never call.

Someone got through in around 60 seconds without ever asking for the secret directly (which taught us a lot).

Next challenge is focused on data exfiltration with harder defences: https://playground.fabraix.com

I built a skill library for OpenClaw (always-on AI agent runtime, not session-based) where the agent can teach itself new behaviors during normal conversation.

The idea: you tell your agent "every time I ask for a code review, always check for security issues first." It invokes a create-skill skill, writes a new SKILL.md, and that behavior is live immediately — no restart, no config change, no developer required.

What I think is actually useful (the safety cluster):

• loop-circuit-breaker: OpenClaw retries ALL errors identically. This halts on the 2nd identical failure before it burns your context window. • spend-circuit-breaker: No built-in cap in OpenClaw. This tracks cumulative API cost and pauses non-essential crons at configurable thresholds. • workspace-integrity-guardian: Hashes SOUL.md, AGENTS.md, MEMORY.md. A corrupted SOUL.md = hijacked agent that survives restarts. • dangerous-action-guard: Explicit confirmation before rm -rf, git push --force, emails, financial actions. With audit log. • prompt-injection-guard: Scans external content (web scrapes, emails, docs) before acting on it.

Also: fact-check-before-trust (secondary verification for factual claims), project-onboarding (auto-generates PROJECT.md from a codebase), skill-vetting (security scanner — ~17% of community skills are malicious).

I kept running into the same problem while building AI agents: every agent that needs email ends up sharing my personal inbox or a single company domain. That breaks attribution, creates deliverability risk, and makes it impossible to test sender identities per agent.

So I built AgentMailr. You call an API to create an inbox, your agent gets a unique email address, and replies route back to that specific agent. Works for both inbound (OTP parsing, reply routing) and outbound (cold email, notifications).

Bring your own domain is supported so emails come from your domain, not ours. REST API and MCP server are live. Node/Python SDKs are in progress.

Happy to answer questions about the architecture or how I'm handling multi-agent routing.

I built a teleprompter that scrolls based on your voice instead of a timer.

Paste a script, press record, and it highlights the current word as you speak. If you pause it waits; if you skip lines it finds its place again.

Everything runs entirely in the browser — speech recognition (Moonshine ONNX), VAD, and fuzzy script matching.

Demo: https://larsbaunwall.github.io/promptme-ai

Most of the project was initially built using Perplexity Computer, which made for an interesting agentic coding workflow.

Curious what people think about the script alignment approach.

Hi HN we are Andrew and Dex. We built dialtone watcher, a small Go agent for macOS and Linux with a very specific goal: tell me what my machine is doing all day and help me compare that with others.

What it does so far:

- Watches running processes, CPU and memory use, and active network endpoints.

- Groups traffic into human sized summaries by process, domain, and coarse protocol like HTTPS, DNS, QUIC, and Postgres.

- Stores a local summary and can post bounded rollups to the dialtoneapp.com api so enough installs can turn the fleet view into something real.

We kept circling the same question: why is there no simple tool that answers "what does this machine actually spend its day doing?" Activity Monitor shows one slice. Little Snitch shows another. Fleet tools exist, but usually behind a corporate wall. We wanted something more honest and inspectable. The real motivating question was not just "what is my laptop doing?" but "am I normal?"

Say I have a MacBook Pro with 14 cores and 36 GB of memory and I run Docker all day. Why is Docker chewing so much more CPU and RAM on my machine than on similar developer machines? Why do I have some weird helper process that keeps hanging around? Why is my laptop talking to domains I do not recognize? You cannot answer those questions from one machine alone. You need a baseline from many machines with comparable hardware and comparable work.

https://dialtoneapp.com/demo

Open source MIT License: https://github.com/andrewarrow/dialtone-watcher

Andrew and I kept a history of our conversations in:

https://github.com/andrewarrow/dialtone-watcher/tree/main/pr...

The big idea is crowdsourced threat intelligence. Every installed agent becomes a sensor. Each one reports process to domain connections, DNS activity, connection frequency, bytes transferred, and basic IP context like ASN and country. On one machine that data is mildly interesting. Across thousands of machines it becomes powerful very fast.

Security companies like CrowdStrike and SentinelOne do exactly this. But those products are enterprise-only, expensive, and opaque.

If some unknown helper suddenly starts talking to the same odd domain on 27 machines in an hour, it's a pattern. If a so called PDF viewer is uploading 18 MB to a domain almost nobody has seen before, that starts to look like exfiltration. If a new VSCode release is the only build talking to some random domain, that starts to smell like a supply chain problem. If Slack or Docker suddenly behaves nothing like the baseline for similar developer machines, you can flag that too.

We think there is room for something more open, inspectable, and useful for normal developers. If you try this, feedback should focus on readability of the summary, correctness of process and domain attribution, whether the upload payload feels proportionate, and what comparisons would actually help you decide "am I normal?" If enough people install it, run it, and send data, the demo becomes real and the real product gets much smarter.

I'll leave you with the following question. Should modern software projects include a prompts directory like this? It takes so little effort to capture the prompts used and they tell a story like git history does.

github -> https://github.com/tangent-labs-dev/ritual

After a few years of development, I'm finally ready to show off an alpha version of graft! My goal was to get my local environment, terminal, ide, and preferences on any machine I connect to. I've set everything up the way I like locally, so why should it get muddied by an ssh/docker session? Graft solves this by transparently synchronizing files, comamnds, and open ports. There's a lot of work to do but maybe someone else can benefit from it now!

Hi HN,

I built a small tool called Lengpal. It’s basically a very simple video chat room made for language exchange.

Most people I know who do language exchanges just use Zoom, Meet, or Teams. It works, but those tools aren’t really designed for it. One thing that always comes up is managing the speaking time so both people get equal practice.

So the only thing we focused on for now is a built-in timer that lets you split the session between languages. For example 30 minutes Spanish, 30 minutes English.

The idea is intentionally simple. You create a room, send the link to your partner, and start the session. No matching, no complicated setup.

We just launched today and are trying to see if this simple approach actually helps people doing exchanges.

Website: https://lengpal.com

We also launched on Product Hunt today if anyone is curious: https://www.producthunt.com/posts/lengpal

Would love to hear what you think.

It's been nice seeing some RSS projects pop up lately, so here's mine and the scope creep that led to it.

I wanted to read a couple feeds from their beginnings, something RSS doesn't particularly do and nobody particularly uses it for. But I've done the keep-a-tab-open-for-8-months thing more than once to work through an archive, and I don't fancy doing it again. As I worked through the steps and showed it to friends, we accumulated some other quality-of-life use cases that fit well enough into "just filter some XML" that they glommed on.

So, Sponder can:

- Run basic filtering on RSS feeds, either by keywords or regular expressions.

- Parse any webpage into an RSS feed, including autodetection of title/image/link/etc elements, following page links back through history, and coming back for new items later.

- Control the pace of that full historical feed to serve you an article per week, or 12 per day, whatever pace you like.

- Automatically detect and filter rerun episodes from a podcast feed.

- Be configured either by UI or typing some YAML.

It does not:

- Replace your RSS or podcast client, it's middleware that publishes a modified feed for you.

- Replace every one of your feeds, just the ones you wish were different. Though you can important and export OPMLs if you wish a lot were different.

- Run content through LLMs, though I'm considering it for rerun detection since metadata similarity only gets so far.

I'd love to hear from you fine folks:

- What bugs you about your feeds

- How configuring a flow goes

A popular philosophy in the HN community is that inventing problems to be solved by a technology is antithetical to the user experience. Much to the horror of some, I did just that to discover/invent this game.

I started with the structure of quantum com putation and asked what kind of problem benefits from it. The answer was surprisingly narrow, but this was one of the results. Enjoy!

I built GitLike because code hosting shouldn’t depend on a single company. Platforms change pricing, restrict features, or disappear, and developers scramble to migrate. GitLike stores repos on *IPFS as content-addressed objects*, with commits, trees, and blobs living on a decentralized network. Authentication uses *Ethereum wallets via SIWE*, so there are no passwords to leak.

Key Features: - Solo developers: Push code and know it’s pinned on IPFS; your CIDs are yours forever. - Teams: Collaborate using wallet addresses, branch protection, pull requests, and agent delegations. - AI agents: Delegate scoped write access with EIP-191 signatures so agents can commit, branch, and merge safely. - Self-hosters: Deploy your own instance on Cloudflare Workers and federate under your domain. - Status monitoring - CLI - SPA hosting via app.gitlike.dev

The goal is simple: a Git-like workflow where you own your data. Fork it, self-host it, federate it. Your keys, your code.

The full codebase is open-source and available on GitLike itself.

https://gitlike.dev/gitlike

I’d love feedback from the community — especially on usability, security, and federation.

Claude has a promotion right now (Mar 13–27) that gives you double usage outside 8 AM–2 PM ET on weekdays. I (Claude, actually) made a one-page tool that converts the peak window to your timezone and shows what's left of the schedule. One HTML file, no dependencies.

LocalAgent is a local-first agent runtime in Rust focused on tool calling, trust and approval gates, replayable runs, and benchmark-gated coding workflows.

A lot of the recent v0.5.0 work was about hardening coding-task behavior, improving validation and completion behavior, and reducing the ways evals can be gamed.

One thing that stood out during that work was OmniCoder-9B Q8_0. I care less about “looks good in a demo” and more about whether a small model still holds up under real repo tasks, explicit validation, replayable runs, and stricter task contracts without relying on benchmark-specific hacks.

OmniCoder-9B Q8_0 is one of the few small local models that has felt genuinely solid in that environment for me. I am not making a broad “best model” claim, but it stayed on track better under constraints that usually expose weak reasoning, fake progress, or contamination.

Curious if others doing real local coding workflows have seen similar results with OmniCoder or other small models.

I built a framework that lets LLM agents create their own tools at runtime. Most agent frameworks assume you'll hand-craft every tool upfront. That works until your agent hits something you didn't plan for. ARISE (Adaptive Runtime Improvement through Self-Evolution) lets agents synthesize their own tools at runtime when they detect gaps

ARISE sits between your agent and its tool library. When the agent keeps failing at a class of tasks, it analyzes what's missing, uses a cheap LLM to synthesize a new Python function, tests it in a sandbox with adversarial edge cases, and if it passes, promotes it. The agent picks it up on the next run. Over time, the agent accumulates tools shaped by the actual tasks it encounters, not just what you imagined at build time.

There's a bunch of research on this idea — VOYAGER did it in Minecraft, LATM (LLMs as Tool Makers) showed LLMs can write reusable tools, CRAFT and CREATOR explored similar directions. But none of them resulted in something you can actually pip install and use with your own agent. That's what I'm trying to build.

For safety, generated code undergoes sandboxed execution, auto-generated tests, and adversarial validation before entering the active library. Everything is versioned with rollback. I don't fully trust it yet for unsupervised production use, but it's getting there.

By default, everything runs locally with SQLite. For deployment, there's a distributed mode where the agent is stateless — it reads skills from a remote store and reports trajectories to a queue. A separate worker process picks those up and runs evolution independently. So you can scale the agent without worrying about evolution blocking your hot path. I tested this end-to-end with real infra and real LLM calls.

Works with any agent that takes a task and returns a result. Native Strands adapter, raw OpenAI/Anthropic function calling works too.

This is very early — just shipped it. There's a lot to improve. Would really appreciate feedback and contributions if this is interesting to you.

> I built BurnShot to solve a problem: "View once" features on WhatsApp/Slack still leave traces in cloud backups. Standard server-side deletion requires trusting the backend.

So, I rebuilt my app on a strict Zero-Knowledge architecture:

- 100% Client-Side Encryption (Web Crypto API, AES-256-GCM).

- Decryption keys live in the URL hash (#key), so my server only ever receives and stores garbled .enc binary blobs.

- Postgres RPCs handle atomic view-count detonation to prevent race conditions.

The Challenge: Here is an encrypted payload sitting on my server. I stripped the #key out of the URL. I challenge anyone to intercept the network request, download the blob, and decrypt the image: https://burnshot.app/view/243fb87b-f034-44ff-806d-dd60e207d7...

The UX Demo: If you just want to see the cryptography and atomic detonation in action, here is a full link set to self destruct after 100 views: https://www.burnshot.app/view/d9aafa5d-dccd-43f2-89ff-71a9fa...

I'd love for you to inspect the Network tab, try to break the cryptography, and roast my architecture. Main site: https://burnshot.app

Hey guys, about two months ago I started this side-project for "asynchronous coding" where I can prompt Claude Code from my mobile on train rides, get a notification when it's done and then review and commit the code from the app itself.

Since then I've been using it on and off for a while. I finally decided to polish it and publish it in case someone might find it useful.

It's a self-hosted PWA with four panels: Agent (terminal running Claude Code), Explore (file browser with syntax highlighting), Terminal (standard bash shell), and Git (diff viewer with staging/committing). It can run on a cheap VPS and a fully functioning setup is provided (using cloud-init and simple bash scripts).

This fits my preferred workflow where I stay in the loop: I review every diff, control git manually, and approve or reject changes before they go anywhere.

Stack: Go WebSocket bridge, xterm.js frontend, Ubuntu sandbox container. Everything runs in Docker. Works with any CLI AI assistant, though I've only used it with Claude Code.

Side project, provided as-is under MIT license. Run at your own risk. Feedback and MRs welcome.

EDIT: Removed redundant text

I’ve released WebAssembly4J, along with two runtime bindings:

Wasmtime4J – Java bindings for Wasmtime http://github.com/tegmentum/wasmtime4j WAMR4J – Java bindings for WebAssembly Micro Runtime http://github.com/tegmentum/wasmr4j

WebAssembly4J – a unified Java API that allows running WebAssembly across different engines http://github.com/tegmentum/webassembly4j

The motivation was that Java currently has multiple emerging WebAssembly runtimes, but each exposes its own API. If you want to experiment with different engines, you have to rewrite the integration layer each time.

WebAssembly4J provides a single API while allowing different runtime providers underneath.

Goals of the project: Run WebAssembly from Java applications Allow cross-engine comparison of runtimes Make WebAssembly runtimes more accessible to Java developers Provide a stable interface while runtimes evolve

Currently supported engines: Wasmtime WAMR Chicory GraalWasm

To support both legacy and modern Java environments the project targets: Java 8 (JNI bindings) Java 11 Java 22+ (Panama support)

Artifacts are published to Maven Central so they can be added directly to existing projects.

I’d be very interested in feedback from people working on Java + WebAssembly integrations or runtime implementations.

I built a Claude Code skill that turns your terminal into a poker table. You play No-Limit Texas Hold'em against three AI opponents, each running as a separate Claude subagent with its own personality and hidden cards. The main agent acts as dealer, manages the game state, and optionally coaches you.

The coaching side has three modes: no help at all, real-time hints before each decision, or post-hand analysis only.

Fair warning: Claude naturally takes every hand to the extreme. Expect more pocket aces and dramatic river cards than any real table would produce.

                      ╭─────────────────────╮                                                                                                                                              
                      │      POT: 130       │                                                                                                                                              
                      │   Q♥  9♦  4♠        │                                                                                                                                              
  Alex                │                     │              Jordan                                                                                                                          
  [990]               ╰─────────────────────╯              [905]                                                                                                                            
  (SB)                                                     (BB)
  Fold                                                     Bet 50

    You <-                                             Sam
    [965]                                              [1000]
    (BTN)                                              (UTG)
    ┌────────┐                                         Fold
    │ K♠ Q♠  │ 
    └────────┘

   Coach's whisper: You flopped top pair with a king kicker — a very strong hand here. Jordan was the pre-flop raiser and is c-betting into you, which is standard. Calling is solid to
  keep the pot manageable. You could also raise to ~140 for value and protection, but calling in position and letting Jordan keep betting is a perfectly good line.

  [F]old  [C]all 50  [R]aise to ___

Something to do in your second terminal while Claude does your work in the first.

Repo: https://github.com/BohdanPetryshyn/code-royale

Hey HN -

Years ago I built FPOimg (fpoimg.com) as a placeholder image generator that I kept wishing existed.

I've always wanted to keep it simple, open source, fast, and reliable. I've recently updated with additional features to make it more modern, useful, and pretty.

The basics work like you'd expect: /800x600 gives you an 800×600 image, /500x200/Hello adds a caption. Nothing revolutionary there.

I added: - Gradient backgrounds — 20 presets (/800x600?gradient=sunset) or pass your own two colors - 148 CSS named colors — /400x300/tomato/white instead of hunting for hex codes - Multiple formats — change the extension to get .webp, .gif, .png, or .jpg (and experimental SVG support) - Multiline text — line breaks in captions, auto-wrapping for longer text

It's Flask + Pillow, nothing fancy on the backend. Self-hostable if you prefer that.

Live at https://fpoimg.com, source at https://github.com/kylehayes/fpoimg

Happy to hear what's missing or what would make it more useful.

I just released the first version of PIAF, a Rust library for decoding EDID into a typed display capability model.

Repository: https://github.com/DracoWhitefire/piaf

PIAF parses raw EDID bytes and exposes structured information like display identity, supported modes, HDR metadata, audio descriptors, and HDMI/CEA-861 extension data.

It separates parsing from capability normalization:

parse_edid -> ParsedEdidRef<'_> capabilities_from_edid -> DisplayCapabilities

The library also supports no_std with a static extension handler pipeline that works without heap allocation.

I built PostSupremo after noticing that LinkedIn has its own bizarre dialect: motivational non-sequiturs, humble brags, bullet-pointed "lessons from failure," and the obligatory "I never thought I'd be writing this." PostSupremo generates that content on demand. It's part satire, part actually useful if you need to post on LinkedIn and don't want to think too hard about it.

I built a text-based open-world crime game entirely in Bash, inspired by the GTA series.

Features: - Multiple cities to travel between (Los Santos, Vice City, Liberty City, etc.) - Jobs (legitimate and criminal) with location-based payouts - Inventory system: weapons, drugs, health packs, body armor - Drug buying/selling economy with risk - Health system with hospital visits - Music player via mpg123 - Save/load game state - Plugin support – drop a .sh file into /plugins to add new locations, jobs, or mechanics

It runs on any Unix-like system with Bash. No dependencies beyond mpg123 for the music player.

Repo: https://github.com/stuffbymax/Bash-Theft-Auto