2026年2月16日 的 Show HN

Here are some photos taken: https://glitchycam.com/gallery

I intentionally leaned towards skeuomorphic design for nostalgia. I miss the days where I'd spend hours making a button to look like a physical button. Here I chose to make it look like a "good enough" Teenage Engineering device UI.

I tested/used GPT-5.3-Codex to build this from scratch, since there was a lot of hype around it on X. Maybe I wasn’t using it right, but I found it needed a lot of code cleanup at every step and a lot of hand holding along the way. It missed details/nuances and didn't land the skeuomorphic buttons or the interaction polish. It mostly helped with boilerplate where there wasn't much thinking/detailing. It did give a basic starting point for the effect calculations, but didn't really move the needle on the details.

Please give it a go and let me know what you think - your photos and video never leave your browser (you can download them if you choose to). Everything is processed locally in your browser (works offline), nothing is uploaded or seen by anyone.

https://forestrydiary.com/

This is one of those projects I've sat on for years, but with Claude and Mistral helping with the handwriting recognition, and even helping me write a custom scanning app that would auto scan each page and put it into a database as I assembled everything.

As far as I know, this is the only US Forestry Diary that has been fully scanned in and published. I understand that there are other diaries in some collections, but none have been scanned in. I hope this helps somebody. Please let me know if it does.

This is the sort of project Claude and AI can help with - A personal project that sits on the shelf forever, but now a reasonable project that can be published in my spare time. I'm not trying to earn money on this, but just improving our knowledge and history just a little bit.

My wife and I both love nature and have always wanted a Pokémon go style app, to collect and learn about different species we find.

All the usual species identifying apps were didn’t feel fun enough, so we designed and built one together!

Would love for you guys to give it a try and share any thoughts you have.

What it does

    Design UIs visually with a flexible canvas –like Figma–.
    Define app logic with a visual, instruction-stacked editor inspired by Shortcuts.
    Live preview apps directly on the canvas –no separate preview window–.
    Publish working web apps with one click.

    Modernize the HyperCard idea: combine layout, behavior, and instant sharing in one place.
    Reduce friction between design and a working app.
    Make simple web apps approachable for non-developers while keeping power features for developers.
    Build a foundation for LLM integration so users can design and develop with AI while still understanding what’s happening, even without coding experience –in progress!–.

    Weather forecast app: https://app.breadboards.io/playgrounds/weather
    Swiss Public Transit: https://app.breadboards.io/playgrounds/public_transit

    info: https://breadboards.io

Textbooks often bury good ideas in dense notation, skip the intuition, assume you already know half the material, and get outdated in fast-moving fields like AI.

Over the past 7 years of my AI/ML experience, I filled notebooks with intuition-first, real-world context, no hand-waving explanations of maths, computing and AI concepts.

In 2024, a few friends used these notes to prep for interviews at DeepMind, OpenAI, Nvidia etc. They all got in and currently perform well in their roles. So I'm sharing.

This is an open & unconventional textbook covering maths, computing, and artificial intelligence from the ground up. For curious practitioners seeking deeper understanding, not just survive an exam/interview.

To ambitious students, an early careers or experts in adjacent fields looking to become cracked AI research engineers or progress to PhD, dig in and let me know your thoughts.

Play around with it - hopefully read up more on the 2D Coulomb gas because it is an incredibly deep topic research wise.

I’m a dev and a dad to a 10-year-old. I built this because I caught my daughter using ChatGPT to do her history homework. She wasn't learning; she was just acting as a "middleware" between the AI and the paper.

The Backstory: I realized the problem isn't the AI—it's the zero-friction answers. Most "AI for kids" apps are just "parrots"—they mimic intelligence by repeating patterns.

What’s Different: Qurio is a "Bicycle" for the mind. It treats the child like a future "Architect" rather than a "Junior Executor." Technically, it wraps an LLM in a strict "Socratic Loop." It detects intent to "cheat," refuses the direct answer, and generates a leading question based on the user's current logic level. It forces "Healthy Friction" back into the learning process.

The stack: Next.js 14, Supabase (Auth/DB), Vercel AI SDK.

Mods: I've added the backstory and differentiator as requested. Ready for the re-up! Thank you.

On Sunday I spent a couple of hours building a short 2d platformer ("Prince of Persia" style). What's interesting is how I built it. I went for a zero-code approach, and built the whole thing using OpenAI Codex CLI and agent skills (with the progressive disclosure paradigm).

You can play the game here: https://acatovic.github.io/gothicvania-codex-demo/

You can see the full code, agent skills and a complete writeup here: https://github.com/acatovic/gothicvania-codex-demo

Some takeaways:

* This was one of the most enjoyable experiences ever!

* Applying harness engineering with progressive disclosure is incredibly powerful - I treated my SKILL.md as simply a ToC (a "skills map") and took it from there

* Implement -> Evaluate loops are key - I used Playwright and an evaluation checklist and the agent built and corrected automagically

* I used PROGRESS.md as a memory/log mechanism for the agent, and a way to minimize context noise

* The game dev agent was steered by the DESIGN-DOCUMENT.md, stipulating game objectives, layout and mechanics

* I used progressive prompting - I built up the game piece wise - starting with basic player mechanics, then adding tiles, NPCs, interactions, sounds, menus - one prompt at a time

Zero code written by me. Never even looked at the game engine (Phaser) API - just gave the skills a link to the documentation. The future is here!

Credits to ansimuz (gothicvania assets) and Pascal Belisle (music).

*NOTE:* The assets were *NOT* created by AI. Backgrounds and probably tiles you could generate with AI, but sprites are not quite there yet (I tried a number of different models). Something to explore fully in the future.

Enjoy and let me know what you think!

But while building it, I kept running into the same pattern: when everything worked, logs were in ClickHouse. When things broke, logs were still inside Kubernetes.

That gap led to adding Kubernetes as a native log source.

This is not meant to replace proper log aggregation. Centralized storage with indexing and retention policies is still the right approach for production.

But there are situations where aggregation doesn't help: the logging pipeline is broken, logs are delayed, or you're debugging locally and don't have a pipeline at all.

In those cases, the logs are already in the pods. The usual fallback is kubectl logs (or stern), often across multiple terminals and namespaces. It works, but correlation becomes manual.

Telescope can now query logs directly from Kubernetes clusters via the Kubernetes API. It lets you query across multiple namespaces and clusters, filter by labels and fields, apply time ranges, normalize severity across different log formats, and visualize log volume over time.

It uses your existing kubeconfig, fetches logs in parallel (configurable concurrency), and uses time filters to limit data transfer from Kubernetes APIs.

No agents. No CRDs. No cluster changes.

Current limitations: no streaming / follow mode yet.

Curious if others have run into the same "pipeline gap" problem - when logs aren't in your backend yet, but you still need structured access to them.

GitHub: https://github.com/iamtelescope/telescope

Changelog: https://docs.iamtelescope.net/changelog

I’ve been building a small infrastructure tool called Provisioner: a per-board provisioning sidecar for SBC bring-up and lab automation. https://github.com/alessandrocarminati/provisioner

The model is simple: one instance per board. It sits next to the hardware, owns the serial console, exposes access over SSH, and serves boot artifacts (kernel, initramfs, rootfs) via TFTP/HTTP. It’s designed for the phase where networking is unreliable, storage is half-flashed, and UART is the only thing still telling the truth.

What it does

- Serial console ownership + SSH multiplexing - Monitor shell + serial tunnels - Scriptable boot interaction - Artifact provisioning (TFTP + HTTP) - In-band file transfer over serial - gzip/base64 hacks + XMODEM - Derived from my earlier send_console-ng utility https://github.com/alessandrocarminati/send_file-ng - Pluggable power control - SNMP PDUs, among others cheap ESP8266/Tasmota devices - Serial logging - Lightweight access control

Provisioner also embeds a minimal init runtime (goinit) inside the kernel initramfs, acting as its on-board provisioning agent, handling flashing, artifact retrieval, and reporting management state back over serial.

Routing & stream handling

Internally, Provisioner routes serial traffic through a pluggable router:

- Producers/consumers attach as components - Human vs machine clients handled differently - Unicast control sessions - Broadcast multiplexing to multiple observers

This allows several users or services to watch the same console without interfering.

Filters

A filter subsystem can intercept and modify serial streams on the fly.

Originally added to mitigate ANSI Device Status Reports (e.g. Cursor Position Report issues) when tunneling serial consoles, but it doubles as a general stream rewriting mechanism for automation and normalization.

Positioning

Not trying to replace large systems like LAVA.

This is aimed at:

- Homelabs - Bring-up benches - Kernel/BSP work - Small shared labs

Think lab automation you can deploy in an afternoon, not fleet orchestration.

Project is still evolving but already in daily use. Feedback and abuse welcome.

It also includes a built-in sequencer so if you've found interesting chords for your scale, you can arrange them into a progression and hear how they flow together. No need to switch between a theory reference and a DAW just to test whether a ii–V–I sounds right in your preferred scale.

No signup, no ads, no paywall, just a tool I wished existed when I was learning music theory. There's also a growing collection of articles covering diatonic chords, seventh chords, modes, extended jazz harmony, and common progressions.

Built with Hugo as a static site. Would love feedback from fellow musicians and music theory nerds.

These last few months I've been working on my first open source project: an embedded database written in pure-go. That took me some months, as I had to learn how to deal with such large packages. Until then, all packages I had made were quite small an did not require much. I usually did not have to worry about things like allocation optimization and instance pools until This project.

It started when I wanted to make a port of a tool to a TUI environment. I'm actually used to working with TUIs in golang, so that was my language of choice. The tool I wanted to port is written in TypeScript and uses NeDB (written in JavaScript) as database. Since I feel more comfortable working with compiled languages, I decided to create my own database, making sure it was compatible with NeDB, and that's what I did for the last few months.

And that's how GEDB was created. It's a mongodb-like embedded database, written in pure-go. It supports a subset of useful querying options of MongoDB (keywords like $lt, $exists, $in, $where, etc.). By default, it uses a in-memory-only storage, but can easily initialized with a data file.

Everything in my package can be dependency injected, as everything is controlled interfaces. Serialization, querying syntax, document structure, indexing and more, all can be replaced by implementing an interface.

I've also been considering adopting a new document model, by creating a binary type (like BSON) to reduce drastically the cost of creating, maintaining and copying documents (they currently are map[string]any).

The project is currently in an early stage, version 0.1.0, so I'm okay with making changes to the API for now, until I'm ready to release version 1.x.x

I would be really glad if you guys could check it out and give some feedback. An issue, suggestion or a star are very welcome.

My repository can be found on my github: https://github.com/vinicius-lino-figueiredo/gedb

He and I used to "computer code" together in IPython: typing words to see emojis, mixing colors, making sounds. Eventually he wanted his own computer. So I took an old laptop and made him one.

That IPython session evolved into Explore mode, a REPL where kids type things and something always happens: "cat * 5" shows five cats, "red + blue" mixes colors like real paint, math gets dot visualizations. Then came Play mode (every key makes a sound and paints a color) and Doodle mode (write and paint). The whole machine boots straight into Purple. No desktop, no browser, no internet.

It felt different from "screen time." He'd use it for a while, then walk away on his own. No tantrum, no negotiation.

Some technical bits: it's a Python TUI (Textual in Alacritty) running on Ubuntu, so even very old laptops run it well. Keyboard input bypasses the terminal entirely via evdev for true key-down/key-up events, which lets me do sticky shift and double-tap capitals so kids don't have to hold two keys. Color mixing uses spectral reflectance curves so colors actually mix like paint (yellow + blue = green, not gray).

Source is on GitHub: https://github.com/purplecomputerorg/purplecomputer

Just add artifact to your chat and paste instructions into your personal preferences setting.

  ROLLIN scores locations 0-100 across 6 features: wheelchair entry,
  accessible restroom, level entry, parking, wide aisles, elevator.
  Data pipeline pulls from OpenStreetMap, cross-references Google Places,
  and layers in community verification with a trust-weighted scoring system.

  Stack: Vanilla JS (no frameworks), Netlify serverless, Supabase/Postgres,
  Leaflet maps. ~56K locations across NY, CA, FL, MA, NJ, PA.

  Free to use, free API tier for developers. Paid tiers for
  higher volume and commercial use.

  https://joinrollin.com
  API docs: https://joinrollin.com/developers

But, I do believe this is very much worth your time to check out, I am not aware of anything else very much like it.

I won’t repeat what is already written on the github README here, but some info:

I am a successful semi-retired solo game developer, I have been making my own bespoke game engines since 2003 for all of my games across a number of platforms and languages. Last year, I ripped out the engine of my latest game, and stripped it back with the goal to start a new project, as I have done a number of times before.

But this time, I decided to ditch lua and make my own programming language, and that was sort of the tipping point. Once I thought about multiplayer, and realized I wanted a general purpose network that didn't exist, I was on my way down this extremely deep rabbit hole.

I want to just make a few things clear, then I hope that some of you might have some questions or feedback.

- I'm disillusioned by capitalism and the AI transition, and that influences my motives

- I have made all of this open source and free not because I am overly altruistic, but because it is the only way something like this can succeed

- I don’t think it can or should replace the internet, I see it as a cycleway alternative to the internet highway, they have different purposes

- I have no real desire to run an open source project or lead anyone, I mostly just want software that works for me and my family and friends. I love coding and I like to make nice things and share them.

- There is still a lot to do, I'm very excited about messaging and the whole client-side data thing in particular, but for now there are only a few weeks of work to go until a bare bones browser will be functional enough to release and ship.

You can have a play and build it all yourself though right now, host sites, and build apps.

I have a blog post that gives a little more context: https://adaptive-machine-patterns.com/blog.html#einstein [alt. link: http://archive.today/381Pl] I am new to blogging, so advice welcome.

The preprint is hosted at CULA repository (many thanks) https://www.repository.cam.ac.uk/handle/1810/398349 and it has a DOI: https://doi.org/10.17863/CAM.127224

https://github.com/hash-anu/snkv

### Why I built this

I wanted something as simple as a hashmap, but:

* persistent * crash-safe * no external dependencies * easy to drop into any C/C++ project

Most KV stores are either:

* too heavy (servers, background processes), or * too low-level (you manage everything)

snkvDB tries to sit in between.

---

### What it is

* Single-header KV store (just include and use) * ACID compliant (thanks to SQLite) * No server, no config, no build system required * Works like a simple embedded database

---

### Under the hood

snkvDB is built on SQLite’s storage engine (B-Tree backend), so you get:

* durability * transactions * mature, battle-tested storage

But the API is simplified to a minimal KV interface.

---

### When to use it

* Embedding storage in CLI tools or small apps * Replacing ad-hoc file storage * Lightweight persistence without running a DB server

---

### Benchmarks

I’ve compared it with RocksDB and LMDB here: https://github.com/hash-anu/snkv

TL;DR:

* Faster than RocksDB for small/medium workloads * Easier to use than LMDB * Balanced read/write performance

---

### Trade-offs

* Not for write-heavy, high-throughput workloads (RocksDB is better there) * LMDB can be faster for pure reads * This prioritizes simplicity + safety over raw performance

---

Would love feedback, especially on:

* API design * performance * real-world use cases

Vocalinux is a privacy-focused, open-source dictation tool that runs entirely on your Linux machine:

- Local speech recognition (whisper.cpp, VOSK, or OpenAI Whisper) - GPU acceleration via Vulkan (AMD/Intel/NVIDIA) - Works offline, no network required - Universal compatibility (X11/Wayland, any app) - GTK system tray app

Installation: one-line curl command with auto-detection for GPU/CPU

GitHub: https://github.com/jatinkrmalik/vocalinux

Questions and feedback welcome!

Started because I couldn't stop thinking about how characters teleport between neighborhoods that are miles apart. Mrs. Doubtfire runs her route at 27 MPH in heels. Shang-Chi's bus fight turns onto streets that don't physically connect. Ant-Man turns on Lombard and arrives at the Embarcadero.

Built in 20 hours. Hit 122K views on Reddit overnight.

Features: - 60+ films mapped with real filming locations - Speed calculations for impossible transit - Walking tours showing absurd character movement - Interactive game for bar crawls

Tech stack:React/Next.js, Leaflet.js/Mapbox, all client-side with JSON data

Would love feedback on what to add next. More TV shows? Food scenes from films?

The most interesting part for most will likely be the demonstration on how to use differential-property testing to automate the LLM feedback loop for the rewrite (translation) phase (in this case to rewrite to Rust).

This that I believe would solve the 'rewrite issues' discussed recently here: https://news.ycombinator.com/item?id=46954696

asdPrompt is a Chrome extension that adds hint-based navigation (like Vimium) to AI chat interfaces. Cmd+Shift+S activates the overlay, hint labels appear next to every text block. Type a letter to select a block, then keep typing to drill down: block → sentence → word. Enter copies, or you can press an action key (e, d, x) to inject a follow-up prompt ("elaborate on [selection]") directly into the chat input.

Works on claude.ai, chatgpt.com, and gemini.google.com. Adapts to light/dark themes. Free. Built the initial MVP in 2 days using Claude Code — the adapter architecture, NLP segmentation pipeline, and Playwright test harness would have taken a month without it.

Tech details for the curious: site-specific DOM parsers behind an adapter interface, text segmentation via compromise.js with regex fallbacks for technical content (paths, camelCase break NLP libraries), bounding rectangles calculated via Range API + TreeWalker, overlay isolated in Shadow DOM. Tested with Playwright visual regression.

The landing page has an interactive tutorial where you can try the full drill-down mechanic without installing. Happy to talk about the implementation.

Instead of fighting the shutter speed, I’m using generative AI to treat these blurred images as structural seeds. The tool transforms a single low-quality photo into high-fidelity video (4K, consistent depth-of-field) across various styles—from traditional ink-wash aesthetics to talking avatars.

Key Features:

Zero-shot generation: No model training or fine-tuning required.

Temporal consistency: Maintaining pet features across dynamic motion.

Integrated Lip-sync: Automated voice synthesis for "talking" pet videos.

I’m looking for feedback on the generation speed and the consistency of the output styles.

The problem: Most invoice tools are either too complex or don't handle local tax requirements. You waste hours on paperwork instead of actual work.

Animus Invoice handles Turkish e-invoice/e-archive compliance automatically, tracks payments, and keeps you organized.

Currently in beta - would love feedback from freelancers dealing with similar pain points. Free beta access for early users.

I built Mindweave to solve a problem I kept running into — I'd save bookmarks, notes, and links across different apps, then never find them again when I actually needed them.

Mindweave lets you capture notes, links, and files in one place. The interesting part is what happens after:

  - Semantic search — find content by meaning, not just keywords. "That article about improving deep work" finds it even if those words don't appear in the content. Powered by pgvector cosine similarity on Gemini embeddings.
  - AI auto-tagging — Gemini generates tags on save, so you don't have to organize anything manually.
  - Knowledge Q&A — ask questions about your saved content using RAG. Retrieves relevant pieces, feeds them as context to Gemini, returns a grounded answer.

  A few things I found interesting while building this:

  - pgvector inside Postgres is surprisingly capable for this scale. No need for a separate vector DB.
  - The biggest UX challenge was handling edge cases in similarity scores — zero-magnitude embeddings produce NaN from cosine distance, and PostgreSQL treats float8 NaN as greater than all numbers, so they pass through WHERE
  filters silently.

Live at www.mindweave.space. Source at https://github.com/abhid1234/MindWeave

LinkedIn: https://www.linkedin.com/posts/activity-7428965058388590592-...

Would love feedback, especially on the semantic search UX and the RAG implementation.

The idea is simple: instead of pushing memory into vector databases or cloud services, Synrix runs entirely on your machine and focuses on predictable, targeted recall rather than global similarity scans.

Architecturally it’s different from typical vector DB approaches:

Queries scale with matching results (O(k)), not total dataset size

Runs fully local (no network calls, no cloud dependency)

One binary, tier controlled by signed key (SDK is MIT, engine is proprietary for scale)

Designed for structured + semantic memory (agents, RAG, task stores, etc)

On local datasets (~25k–100k nodes) we’re seeing microsecond-scale prefix lookups on commodity hardware. We haven’t published formal benchmarks yet, but plan to add reproducible tests soon.

I’m especially interested in feedback from people who’ve built agent memory systems, RAG pipelines, or dealt with scaling vector databases.

Questions I’d love input on:

Do you think local-first memory makes sense for agents, or does cloud still win?

Have vector DBs been working well for you at scale?

What would you want to see in benchmarks?

Repo here: https://github.com/RYJOX-Technologies/Synrix-Memory-Engine

Happy to answer anything.

ICE, the company that owns the NYSE, just started selling "Reddit Signals and Sentiment" to institutional investors. Structured Reddit data for hedge fund money.

I built the same thing in 9 days. 165k lines. 6,916 tests. Zero CodeQL alerts. Yes I used AI to build it. No I'm not sorry about it.

They scrape, paste, and forget. I built Oitii to actually analyze the data before showing it to users.

I developed a scoring system (0-100) to filter out low-effort and ghost listings.

1. Hiring Freeze Cross-Check We verify the company's current financial health against real-time layoff data and hiring freeze trackers before indexing the job. If they just laid off 20% of engineering, we warn you.

2. Smart Salary Synthesis We never show "Undisclosed." If the DB has gaps, we parse job.title for seniority keywords (e.g., "Staff" vs "Mid-Level") and synthesize high-fidelity estimates based on current market rates.

3. The "Trap" Detector Our engine flags logical fallacies in the JD. For example, if the Title says "Entry Level" but the Description demands "3+ years of experience," it gets a massive quality penalty.

4. Active Ping & Honeypots. We don't just trust the post. We use proxy applications to track if resumes are actually being opened (pixel tracking). If the "View Rate" is 0% over 2 weeks, the job is marked as dead.

5. The "Growth Signal" Audit (Cross-Platform Fingerprinting). We cross-reference the listing against the company's direct career page and historical aggregator data to catch "investor fluff."

The Logic: We identify jobs that are reposted on aggregators (to look like the company is growing for VCs) but have been removed or never existed on the company's main ATS.

Zombie Detection: If a role has a high repost velocity (e.g., refreshed every 10 days) but no interview movement, it is flagged as a marketing asset, not a job opening.

It’s built with [Python, Next.js, Supabase].

I’d love feedback on the scoring weights.

Here's every category I found on ClawHub.

Hidden Content: HTML comments with instructions, zero-width Unicode characters (U+200B-U+200F, U+2060-2064, U+FEFF), CSS hiding (display:none, opacity:0), and bidirectional text overrides. These are invisible when reading markdown but the LLM processes them.

Prompt Injection: Direct attempts to override agent behavior: "ignore previous instructions", role reassignment ("you are now"), model-specific tokens like [INST] and <|im_start|>, and persona manipulation ("pretend you are").

Shell Execution: Remote code execution vectors: curl|bash, eval(), exec(), npx -y (auto-confirms remote packages), reverse shells via /dev/tcp or nc -e, and one-liners in Python, PHP, Perl, Ruby.

Data Exfiltration: URLs pointing to paste sites (pastebin, transfer.sh), webhook services (ngrok, webhook.site, pipedream), messaging webhooks (Slack, Discord, Telegram bot API), and raw IP addresses.

Embedded Secrets: Hardcoded credentials across 17 types: AWS keys, OpenAI API keys, GitHub/GitLab tokens, Stripe keys, PEM private keys, JWT tokens, database connection strings, SSH private keys, and more.

Sensitive File References: Instructions to access .ssh/, .env, .aws/credentials, /etc/passwd, /etc/shadow, and private key paths.

Memory/Config Poisoning: This one is interesting. Skills that try to write to agent memory files (CLAUDE.md, SOUL.md, MEMORY.md, CODEX.md) or IDE rule files (.cursorrules, .windsurfrules, .clinerules). This creates persistence - the injected instructions survive across sessions.

Supply Chain Risk: External script downloads from raw GitHub URLs, and package install commands (npm install, pip install, gem install, cargo install, go install, brew install). A skill shouldn't be silently installing packages.

Encoded Payloads: Base64 strings over 40 characters, atob()/btoa() calls, Buffer.from(..., 'base64'), hex escape sequences, and String.fromCharCode(). Encoding is used to bypass pattern detection in other scanners.

Image Exfiltration: This is the most complex category with 17 patterns. Markdown images with exfil query params (), variable interpolation in image URLs (), SVG with embedded scripts or foreignObject, 1x1 tracking pixels, CSS-hidden image beacons, steganography tool references, Canvas API manipulation (getImageData, toDataURL), and double extensions (.png.exe).

System Prompt Extraction: Instructions to leak the agent's system prompt: "reveal your system prompt", "repeat the words above", "print everything above", "what are your original instructions".

Argument Injection: Shell metacharacters in tool arguments: command substitution $(), variable expansion ${}, backticks, chained commands (;rm, |bash, &&curl), and GTFOBINS exploitation flags (--exec, --checkpoint-action).

Cross-Tool Chaining: Multi-step attack patterns that combine legitimate tools: read-then-exfiltrate sequences, numbered step-by-step instructions, and direct tool function references (read_file(), execute_command()). Each step looks harmless alone.

Excessive Permissions: Requests for "unrestricted access", "bypass security", "root access", "disable all safety checks", "full system control". A skill definition shouldn't need these.

Suspicious Structure: Content over 10K characters (larger surface area for hiding threats), and imperative instruction density over 30% (lines starting with "you must", "always", "never", "execute", "run").

How it works ? The scanner is stateless. You paste or upload a skill definition, it runs 15 analyzers against the content, and returns findings with severity levels, line numbers, evidence snippets, and OWASP LLM Top 10 references.

No database, no persistence, no network calls. Single request in, results out.

Existing platforms like Backstage have ~1,100 pieces and most are overdone. I scraped and cleaned data from 172+ plays to build a database of 8,600+ monologues.

The AI search lets you describe what you need naturally: "funny piece for woman in 20s about career anxiety" instead of clicking through age/genre filters.

Tech stack: Next.js, FastAPI, PostgreSQL with pgvector, LangChain for semantic search.

Free tier available. Would love feedback from the HN community on the search experience and technical implementation.

This project is a React + TypeScript dashboard that combines:

-KPI/indicator views -qualitative impact stories -psychosocial support case summaries -one-click PowerPoint export (pptxgenjs)

Code: https://github.com/vassiliylakhonin/activity-reporting-for-d...

Technical notes:

Vite build with chunk splitting Type-safe indicator calculations test + typecheck + build scripts included

I’d really value feedback on: -export quality/structure for real donor reporting workflows -what data model would make this easier to adapt across organizations

I've been working on Out Plane for about 3 months. It's a PaaS that does one thing: gets your code to production as fast as possible, and charges you only for the seconds it actually runs.

The problem I kept hitting: I'd finish a side project, then spend hours on Dockerfiles, nginx reverse proxies, SSL certs, CI/CD pipelines. The deploy took longer than building the app.

How it works: - Connect GitHub repo - We auto-detect your stack or you can use Dockerfile (Node, Python, Go, Ruby, etc.) — no Dockerfile needed - Deploy in ~60 seconds - Built-in monitoring (metrics, logs) - Managed PostgreSQL & Redis provisioned in seconds - Scale to zero when idle (side project not getting traffic = $0) - Per-second billing — not per hour, not monthly. Seconds.

What's different from Railway/Render/Fly.io: mostly the pricing model. I deployed the same Next.js+Postgres app on 6 platforms — Outplane was $2.40/mo vs $12-47/mo on others.

Where it's still rough: docs need work, CLI tool isn't out yet, community is small (about 100 users). I'm a solo founder so things move at human speed.

$20 free credit to try, no credit card. Would appreciate honest feedback — especially if something breaks or confuses you.

Happy to answer any technical questions about the architecture.

KanVibe is a self-hosted Kanban board for this. Three things it does:

- *Browser terminals*: Every task card has a live terminal (xterm.js). Click a task, see its output. No tmux attach needed. - *Hook-driven status tracking*: Claude Code Hooks auto-move cards across the board (PROGRESS → PENDING → REVIEW). Zero manual updates. - *Git worktree automation*: Create a task with a branch name → worktree + terminal session auto-created. Move to DONE → everything auto-cleaned.

Setup: `git clone` + `bash start.sh`. Requires Node.js 22+, tmux/zellij, and Docker.

Built with Next.js 16, React 19, PostgreSQL, xterm.js, and WebSocket. AGPL-3.0 licensed.

The workflow has three main parts: 1. Draft notes as ongoing, unnamed work. 2. Archive notes and forget without guilt. 3. Recall without search. As you write, related notes automatically resurface based on context.

I started this project because I found it hard to keep my notes organized as they grew in number. This method might not work well for people who like strict organization, but I’d like to hear how others might use or change it, and what kinds of workflows it could fit.

I am the solo developer behind this.

The Pitch: It is a card-based resource management game (inspired by Reigns) where you work IT support for a corporation taken over by eldritch horrors. You have to balance ticket resolution, budget, and entropy while dealing with printers that violate causality.

The Architecture: The entire game is built in React/JavaScript. Under the hood, it is basically a giant state machine. I chose this stack because it allowed me to iterate quickly on the UI and text-heavy elements, which are 90% of the gameplay. I've published other games that were more run of the mill and made in Godot, but I'm a full stack developer by day and most of my day-to-day is in nextJS. I just... I just missed easy state work, ok? Don't shoot me. I was half afraid that building executables/binaries for Steam would be a nightmare but it turned out (after a bit of futzing about with Tauri for linux) to be not too bad.

The Build Pipeline (Tauri vs Electron): Packaging a web app for Steam Deck was the biggest hurdle.

Windows: I use Tauri. It is lighter and creates a much smaller binary since it uses the OS webview.

Steam Deck / Linux: I had to use Electron. SteamOS does not have a reliable pre-installed webview for Tauri to hook into out of the box.

The Rig: I build everything using a Docker setup on a Windows machine to handle the Linux cross-compilation.

The Data & Feedback Loop: The web build has seen 10,000+ plays on itch in the last 2 months with a 4.9/5 rating. An additional 3000 players have picked up the demo on Steam since February 1st. To gather player feedback efficiently at the edge where the player is, I built a custom system directly into the demo:

The game client has write-only access to a Supabase project. An ingame (thematically fitting) feedback form allows the user to fill in purchase intent (0-10), pricing data, and friction points.

This pipes directly into a Discord webhook via edge functions and it's broadcasted live to the game's discord server for everyone to see. The idea is to let the community decide, by popular vote, what the actual price of the full game will be. Right now price seems to be converging around the 12-13$ price mark.

The link above is to the free web build (Itch). I also just released a downloadable demo on Steam today if you prefer a standalone version: https://store.steampowered.com/app/4225400/IT_Never_Ends/

Happy to answer any questions about the React state management or the Steam Deck build issues.

Experts know the process of building a document (the questions to ask, the order of operations, the edge cases), but translating that into a long system prompt often leads to hallucinations or missed steps.

What is Rakenne? Rakenne is a multi-tenant SaaS that lets domain experts define "Guided Workflows" in Markdown. An LLM agent then runs these workflows server-side, conducting a structured dialogue with the user to produce a final, high-fidelity document.

The Tech Stack:

* Agentic Core: Built on the pi coding agent (https://github.com/badlogic/pi-mono) using RPC mode. This allows the agent to maintain state and follow complex logic branches defined in the Markdown files.

* Frontend: Built with Lit web components. I wanted something incredibly lightweight and framework-agnostic so the document "interviews" feel snappy and can eventually be embedded as widgets.

* Multi-tenancy: Designed to isolate agent environments server-side, ensuring that custom expert logic doesn't leak between tenants.

Why this approach? Instead of "Chat with a PDF," it’s "The Logic of an Expert." If you’re a lawyer or a compliance officer, you don’t want a creative partner; you want a system that follows your proven methodology. By using Markdown, we make the "expert logic" version-controllable and easy for non-devs to edit.

I’d love your feedback on:

1. The Agentic UX: Does the "interview" flow feel natural, or is it too rigid? 2. Markdown as Logic: Is Markdown the right "DSL" for this, or should we move toward something like YAML or a custom schema? 3. Latency: We're using RPC for the agent-browser communication—is the response time acceptable for your use case?

Thanks! I'll be around to answer any technical questions.

If you use Claude Code heavily, you've probably been surprised by rate limits mid-session. I kept losing track of how close I was to hitting the cap, so I made a desktop widget that stays visible while I work.

What it does: - Displays all four limits simultaneously: Session (5h), Weekly, Weekly Sonnet, and Overage - Color-coded: green (normal), orange (80%+ used), red (rate limited) - Shows reset countdowns for each limit - Auto-refreshes every 15 minutes via WidgetKit - Three sizes (small/medium/large) to fit your desktop

Technical details: - Native Swift + WidgetKit, no Electron - OAuth with PKCE for authentication (no API keys needed) - Uses App Group UserDefaults to share data between the main app and widget extension - Built with XcodeGen, notarized and signed with Developer ID

It's completely free, no tracking, no analytics. Just download the DMG and go.

Feedback welcome — this is my first WidgetKit project and I learned a lot about macOS sandboxing and code signing along the way.

With all the AI stuff that's happening now, checking the provenance of photos will be a reality sooner rather than later. C2PA is the standard for this. Leica and Sony already ship it in some cameras, but I couldn't find anything for mobile that didn't require a whole SDK. So I built it.

It's a React Native package. You take a photo with whatever camera lib you want, pass the path to signPhoto(), and it hashes the image, signs it with the device's Secure Enclave (iOS) or StrongBox/TEE (Android), and embeds a full C2PA manifest into the JPEG. The file that gets saved is already signed.

Where I think this actually matters: - insurance apps (prove damage photos are real) - marketplace listings (verified photos for cars/real estate) - field inspections, KYC selfies. Anywhere someone has an incentive to submit fake photos.

https://github.com/RoloBits/attestation-photo-mobile

Would love feedback, especially from anyone who's worked with C2PA or hardware attestation on mobile.

The problem: eMule is a Win32 application. Getting it to run on macOS means Wine, and asking non-technical users to install and configure Wine is a non-starter.

The solution: macMule bundles eMule (community x64 build by irwir) with Wine Crossover (by Gcenx) into a single .app. Download, drag to /Applications, launch. It auto-connects to eMule Security servers and Kad on startup. Works on Apple Silicon through Rosetta 2.

The trade-off is size (~1 GB) since Wine is bundled. But after that it's genuinely zero-config.

Build process is a shell script — you can compile specific versions or latest stable. Requires Wine Crossover, Rosetta 2, and gh CLI.

Licensing: eMule is GPL v2, Wine is LGPL 2.1. Both respected in packaging.

Some things I found interesting while building this:

- The ed2k/Kad networks still have content you won't find on modern platforms. It's a weird corner of internet archaeology. - Wine Crossover handles the Win32 → macOS translation surprisingly well for a client this old. - The biggest challenge was getting auto-connection to work reliably out of the box so users wouldn't need to configure server lists manually.

Happy to answer questions about the packaging approach or Wine internals.

Reddit thread with some discussion: https://www.reddit.com/r/macapps/comments/1r5dile/os_emule_f...