2026年3月8日 的 Show HN

Why I built Skir: https://medium.com/@gepheum/i-spent-15-years-with-protobuf-t...

Quick start: npx skir init

All the config lives in one YML file.

Website: https://skir.build

GitHub: https://github.com/gepheum/skir

Would love feedback especially from teams running mixed-language stacks.

A DIY Newtonian reflector telescope with dobsonian mount. A fun to do hobby project taking us closer to the moon and beyond. A lot of plans ahead on how to make it much better and portable but this was the first time me and my friend implemented or rather built a telescope.

Have a look at what all we have captured.

I built a browser-based tool that uses Vision-Language Models (VLMs) to detect objects in satellite imagery via natural language prompts. Draw a polygon on the map, type what you want to find (e.g., "swimming pools," "oil tanks," "solar panels"), and the system scans tile-by-tile, projecting bounding boxes back onto the globe as GeoJSON. The pipeline: pick zoom level + prompt → slice map into mercantile tiles → feed each tile + prompt to VLM → create bounding boxes → project to WGS84 coordinates → render on map. No login required for the demo. Works well for distinct structures zero-shot; struggles with dense/occluded objects where narrow YOLO models still win.

Hi HN,

When browsers killed NPAPI plugin support, thousands of early 2000s web games were effectively lost to time. Macromedia Shockwave, in particular, was a closed-source, highly complex, and largely undocumented beast.

So a few friends and I spent the last two years doing something arguably unhinged: rebuilding the entire Director engine from scratch. Today, we're finally sharing dirplayer-rs.

Repo: https://github.com/igorlira/dirplayer-rs

We intentionally stayed quiet on this until we had undeniable proof that it was actually possible. With our latest v0.4.1 release, we have full hardware-accelerated graphics. Complex games are booting natively in the browser and are fully playable.

A few childhood favorites, actually playable right now:

Habbo Hotel: https://dirplayer.com/habbo

LEGO Junkbot: https://dirplayer.com/junkbot

LEGO Worldbuilder: https://dirplayer.com/worldbuilder

We chose Rust and WebAssembly because we wanted a native, plugin-free way to play these games without relying on ancient executables. Parsing decades-old, untrusted binary blobs and undocumented bytecode is a memory safety nightmare, making Rust an easy choice. It also gives us predictable performance with zero GC pauses, keeping frame rates smooth.

The biggest headache by far has been Lingo, Director's scripting language. It's massive. It heavily supports 3D graphics, embedded Flash content, and the worst part: Xtras. Xtras were external distributable plugins compiled from native C code. Figuring out how to make those play nice in a modern WASM environment has been a serious challenge.

We did, however, successfully implement the Multiuser Xtra so games can create socket connections (which is how Habbo is working!). We still have a long way to go to support full 3D and the massive ecosystem of third-party Xtras, but the foundation is solid.

None of this happened in isolation. We built on years of prior work from the Shockwave reverse-engineering community: folks who have been poking at Director's internals for years, and their prior projects, tools, and research made this possible.

Happy to get into the weeds in the comments: the RE process, decompiling ancient binaries, the weird quirks of Director's VM, the Rust architecture, whatever you're curious about.

And genuinely: what old Shockwave game do you wish still worked? Drop it below and we'll see if we can get it booting.

I built Joha, a free browser-based drawing playground built around preset shape tools.

You can click or drag to quickly generate individual shapes like waves, stars, layered squares, particles, textured strokes, and ring patterns, then combine them into larger compositions.

It’s designed for fast visual exploration and composition rather than precise vector editing.

Under the hood, it’s built with Vue 3, Vite, and p5.js for the drawing engine.

Author here. OxiMedia is a clean-room reconstruction of FFmpeg and OpenCV in pure Rust. v0.1.0, 92 crates, ~1.36M lines.

Key decisions: `#![forbid(unsafe_code)]` workspace-wide, patent-free codecs only (AV1/VP9/Opus/FLAC -- no H.264/H.265/AAC ever), async on Tokio, zero C/Fortran deps in default features, native WASM target.

This is v0.1.0 -- APIs are stabilized but not yet battle-tested at scale. Performance benchmarks vs FFmpeg/rav1e/dav1d coming soon.

Feedback on API design welcome, especially the filter graph and transcoding pipeline.

GitHub: https://github.com/cool-japan/oximedia

Hi HN,

I have been experimenting with a messaging protocol called FLUX. The goal is to explore what email might look like if it was designed today instead of in the 1980s.

FLUX tries to simplify a few things that feel complicated in the current email stack. Identity is based on cryptographic keys instead of usernames and passwords. Messages are signed and verified automatically. The transport is real time and does not depend on the traditional SMTP relay model.

The current implementation is small and meant as a prototype. The whole server is only a few hundred lines of Python so the protocol is easy to read and experiment with.

Repo: https://github.com/levkris/flux-protocol

I am mostly interested in feedback on the protocol design. What problems would appear in a real deployment. What parts are unnecessary. What would need to exist for something like this to actually work on the open internet.

Thanks for taking a look. levkris (wokki20)

I'm a solo dev in Taiwan. I built 4 AI agents that handle content, sales leads, security scanning, and ops for my tech agency — all on Gemini 2.5 Flash free tier (1,500 req/day). I use ~105. Monthly LLM cost: $0.

Architecture: 4 agents on OpenClaw (open source), running on WSL2 at home with 25 systemd timers.

What they do every day:

- Generate 8 social posts across platforms (quality-gated: generate → self-review → rewrite if score < 7/10) - Engage with community posts and auto-reply to comments (context-aware, max 2 rounds) - Research via RSS + HN API + Jina Reader → feed intelligence back into content - Run UltraProbe (AI security scanner) for lead generation - Monitor 7 endpoints, flag stale leads, sync customer data - Auto-post blog articles to Discord when I git push (0 LLM tokens — uses commit message directly)

The token optimization trick: agents never have long conversations. Every request is (1) read pre-computed intelligence files (local markdown, 0 tokens), (2) one focused prompt with all context injected, (3) one response → parse → act → done. The research pipeline (RSS, HN, web scraping) costs 0 LLM tokens — it's pure HTTP + Jina Reader. The LLM only touches creative/analytical work.

Real numbers:

- 27 automated Threads accounts, 12K+ followers, 3.3M+ views - 25 systemd timers, 62 scripts, 19 intelligence files - RPD utilization: 7% (105/1,500) — 93% headroom left - Monthly cost: $0 LLM + ~$5 infra (Vercel hobby + Firebase free)

What went wrong:

- $127 Gemini bill in 7 days. Created an API key from a billing-enabled GCP project instead of AI Studio. Thinking tokens ($3.50/1M) with no rate cap. Lesson: always create keys from AI Studio directly. - Engagement loop bug: iterated ALL posts instead of top N. Burned 800 RPD in one day and starved everything else. - Telegram health check called getUpdates, conflicting with the gateway's long-polling. 18 duplicate messages in 3 minutes.

The site (https://ultralab.tw) is fully bilingual (zh-TW/en) with 21 blog posts, and yes — the i18n, blog publishing, and Discord notifications are all part of the automated pipeline.

Live agent dashboard: https://ultralab.tw/agent

Stack: OpenClaw, Gemini 2.5 Flash (free), WSL2/systemd, React/TypeScript/Vite, Vercel, Firebase, Telegram Bot, Resend, Jina Reader.

GitHub (playbook): https://github.com/UltraLabTW/free-tier-agent-fleet

Happy to answer questions about the architecture, token budgeting, or what it's actually like running AI agents 24/7 as a one-person company.

I've spent years watching hardware teams make the same mistakes — tooling committed before thermal was resolved, manufacturing processes not validated in PVT that only showed defects at volume, components going EOL unnoticed until the factory tried to order them. The pattern was always the same. The costs were always avoidable. Nobody had written it down. The result is The Hardest Hardware Lessons — covering the full journey from first prototype to end-of-life: EVT/DVT/PVT, factory evaluation, supply chain risk, mass production operations, field failures, and product lifecycle management. https://thehardesthardwarelessons.com

lobster.js is an extended Markdown parser that renders directly in the browser — no build tool, no framework, no configuration.

The entire setup is a single script tag:

  <script type="module">
    import { loadMarkdown } from "https://hacknock.github.io/lobsterjs/lobster.js";
    loadMarkdown("./content.md", document.getElementById("content"));
  </script>

It's particularly useful for GitHub Pages sites where you want Markdown-driven content without pulling in Jekyll or Hugo.

---

What makes it different from marked.js or markdown-it:

Standard parsers convert Markdown to HTML — that's it. lobster.js adds layout primitives to the Markdown syntax itself:

- :::warp id defines a named content block; [~id] places it inside a silent table cell. This is how you build multi-column layouts entirely in Markdown, without touching HTML. - :::details Title renders a native <details>/<summary> collapsible block. - :::header / :::footer define semantic page regions. - Silent tables (~ | ... |) create borderless layout grids. - Cell merging: horizontal (\|) and vertical (\---) spans. - Image sizing: .

---

CSS-first design:

Every rendered element gets a predictable lbs-* class name (e.g. lbs-heading-1, lbs-table-silent). No default stylesheet is bundled — you bring your own CSS and have full control over appearance.

---

The showcase site is itself built with lobster.js. The sidebar is nav.md, and each page is a separate Markdown file loaded dynamically via ?page= query parameters — no JS router, no framework.

Markdown is the one format that humans and LLMs both write fluently. If you want a structured static site without a build pipeline, lobster.js lets that Markdown become a full web page — layout and all.

GitHub: https://github.com/Hacknock/lobsterjs Showcase: https://hacknock.github.io/lobsterjs-showcase/

Ship Page Skill for Claude Code — describe your product in one sentence, get a full landing page

I use dictation a lot for writing, notes, and prompting agents. After trying a bunch of dictation tools, I kept running into the same issues: recurring cost, unclear privacy/data handling, and not much control over how the final text was cleaned up.

So I built Utter.

The main idea is simple: it should work as both a fast dictation tool and a longer-form voice note / meeting capture tool, while still giving the user control over where processing happens and what the output looks like.

A few things it does today:

  - global dictation with customizable shortcuts

  - saved modes for different workflows, with different prompts/models

  - remembers the last mode used per app

  - meeting recording with speaker-labeled transcripts, summaries, and action items

  - file transcription for audio/video

  - saved audio/transcripts with export options

  - prompt-based post-processing for turning raw speech into notes, messages, summaries, etc.

  - built-in note editor

  - iPhone app with dictation keyboard

A big motivation was being able to use it locally. It supports local transcription, optional local post-processing, BYOK, or cloud providers depending on the workflow. I also wanted phone-to-desktop capture to feel simple, so it syncs through iCloud and doesn’t require an account.

Curious to hear from people who use dictation heavily, especially on:

  - where current dictation tools still fall short

  - whether the “modes” idea makes sense in practice

  - what would make you trust a tool like this for daily use

Author here. Cardea is an SSH bastion I wrote to manage access to some servers I administer. Access policies are defined in a single text file, similar to OpenSSH's authorized_keys format, with macros, server groups, time windows, and key expiry, so everything is reviewable in PRs and deployable with config management. No database, no web UI.

Clients connect with any standard SSH client encoding the target as the SSH username (e.g. ssh [email protected]:[email protected]). Sessions can be recorded in asciinema v3 format. Host keys can optionally be bound to a TPM 2.0 so they can't be extracted.

It's a single static Go binary with minimal dependencies. Builds are reproducible, immutable, and include provenance attestation.

Happy to answer questions.

Hey HN,

I've been building a tool called Malleon because I got tired of e2e tests that don't reflect what users actually do. And I have long been obsessed with using real user sessions for load testing. Having worked with tools like Tsung and Gatling for load testing, I often wished I could just replay yesterday's traffic x2 or x5 instead of using synthetic sessions. Malleon started as an attempt to bridge those two worlds.

The basic idea is: instead of writing tests from scratch, record real user sessions and turn them into replayable tests.

The SDK records things like: - DOM interactions - network requests - console output - timing between actions

The replay isn't a video. It reconstructs and replays the actual browser interactions against your app.

So a real user session becomes a reproducible test case.

Typical flow looks like: - drop a small JS SDK into your app - users interact with the site normally - sessions get recorded - you browse replays and find something interesting (bug, error, weird behavior) - turn that session into a test and run it in CI

The test runner is self-hosted. You pull the Docker image and run it wherever you want. It drives a browser (headless or headful) and replays the interaction sequence.

Some things that turned out to be surprisingly tricky while building this: - replaying interactions when the DOM has changed since recording - handling viewport/layout differences - making network replay transparent to the app - keeping timing realistic without making tests slow

The system also collects logs, errors, and request timings so sessions are searchable and you can track network performance, see p90/p95/p99 stats, all that good stuff.

Links: - Malleon: https://malleon.io - Replay SDK: https://www.npmjs.com/package/@malleon/replay - Replay CLI: https://www.npmjs.com/package/@malleon/replay-cli - Docs: https://github.com/malleonio/malleon-documentation

Free tier available.

Curious if anyone else has run into the "our tests don't reflect what users actually do (or how they scale)" problem.

Hey HN! I've just open-sourced agentcheck, a fast, read-only CLI tool that scans your shell and reports what an AI agent could access: cloud IAM credentials, API keys, Kubernetes contexts, local tools, and more.

Main features:

- Broad coverage: scans AWS, GCP, Azure, 100+ API key environment variables and credential files, Kubernetes, Docker, SSH keys, Terraform configs, and .env files

- Severity levels: every finding is tagged LOW, MODERATE, HIGH, or CRITICAL so you know what actually matters

- CI/CD integration: run agentcheck --ci to fail a pipeline if findings exceed a configurable threshold, with JSON and Markdown output for automation

- Configurable: extend it with your own env vars, credential files, and CLI tool checks via a config file

When you hand a shell to an AI agent, it inherits everything in that environment: cloud credentials, API keys, SSH keys, kubectl contexts. That's often more access than you'd consciously grant, and it’s hard to keep track of what permissions your user account actually has. Agentcheck makes that surface area visible before you run the agent.

It’s a single Go binary, no dependencies. Install with Homebrew:

brew install Pringled/tap/agentcheck

Code: github.com/Pringled/agentcheck

Let me know if you have any feedback!

Hey HN, I built Aivaro because my brother was spending $30+ per month on Zapier for workflows I could describe in one sentence.

The idea: describe what you want in plain English, AI builds the workflow, you approve sensitive steps (emails, payments), then it runs automatically.

- 20+ integrations (Google, Stripe, Slack, Shopify, etc.), 212 tools - Visual drag-and-drop editor for manual tweaking - Human-in-the-loop: nothing fires without your approval

I'd love feedback on the product and how I could strengthen the product to be used by a broader audience. Happy to answer questions about the architecture.

California's AB 1043 takes effect January 2027. If your app serves California users, you'll need to request OS-level age signals from Apple/Google and treat them as "actual knowledge" of a user's age. Penalties are $7,500 per affected child for intentional violations.

We started building A3 (https://www.a3api.io) after realizing the law has a gap nobody was talking about: browsers have no OS age signal. If you have a web app, the law creates compliance obligations but the platform provides no mechanism. And on native, you're left stitching together Apple's Declared Age Range API and Google's Play Age Signals yourself — two different APIs, two different response formats, two different integration paths.

The standard industry answer is ID uploads and selfie scans. We didn't want to build that. Those approaches tank conversion rates, create PII liability, and feel disproportionate to the problem. So we went a different direction: passive behavioral signal fusion.

The idea is that children and adults interact with devices differently in measurable ways — motor control, scroll patterns, typing rhythm, form completion speed. Our browser SDK (<5 KB) collects these signals from standard DOM events, computes aggregate scores on-device, and sends only anonymized ratios and averages. No raw coordinates, no keystroke logs, no text content ever leaves the browser. The API processes everything in memory and discards it immediately.

On native, we normalize the Apple/Google OS signals into a single response. On the web, the behavioral signals become the primary assessment. Either way you get the same response format: a verdict, age bracket, confidence score, evidence tags, and an HMAC-SHA256 signed receipt for your audit trail.

To be upfront about limitations: behavioral signals are probabilistic, not deterministic. A confident 12-year-old and a hasty adult can look similar in a short session. We mitigate this with five signal categories (behavioral metrics, input complexity, device context, contextual signals, account longevity) that are weighted and cross-validated, and we apply coverage penalties when fewer categories are present. But this is age estimation, not identity verification — it's designed for the "commercially reasonable" standard the statute actually requires, not the false certainty that ID checks imply.

The stack is NestJS on AWS Lambda, with client SDKs for React/Vue/vanilla JS, SwiftUI, and Jetpack Compose. There's a free tier (100 checks/month) if you want to kick the tires, and a playground at https://www.a3api.io/playground.

If you maintain an open source project, we have a program that gives you Pro-tier access (50k checks/month) for free — the only requirement is a "Powered by A3" in your age gate UI or README. Details at https://www.a3api.io/open-source.

Docs: https://www.a3api.io/docs

Happy to answer questions about the signal fusion approach, the legal nuances, or where we think this falls short.

The PS4 UI has always been one of my favorite console interfaces, so I wanted to see if I could recreate that feeling in a browser.

Let me know what you guys think in terms of whether or not the navigation feels intuitive, its performance on different machines/browsers, and if this kind of UI works for a portfolio or becomes distracting.

Thanks!

I built a small Python library called SafeAgent that protects real-world side effects when AI agents retry tool calls.

One issue we ran into while experimenting with agent workflows is that retries can trigger irreversible actions multiple times:

agent calls tool ↓ network timeout ↓ agent retries ↓ side effect happens twice

Examples:

• duplicate payment • duplicate email • duplicate ticket • duplicate trade

Most systems solve this ad-hoc using idempotency keys scattered around different services.

SafeAgent centralizes this into a small execution guard.

The idea is simple:

1. every tool execution gets a request_id 2. SafeAgent records the execution receipt 3. retries return the original receipt instead of running the side effect again

Example:

FIRST CALL REAL SIDE EFFECT: sending email

SECOND CALL WITH SAME request_id SafeAgent returns the original execution receipt (no second side effect)

The project is early but includes examples for:

• OpenAI tool calls • LangChain style tools • CrewAI actions

PyPI: https://pypi.org/project/safeagent-exec-guard/

GitHub: https://github.com/azender1/SafeAgent

Curious how other people are handling retry safety for agent side effects.

I built Yumo.to because I wanted a map-first way to discover onsens in Japan without digging through booking sites.

It currently covers 19,652 onsens across all 47 prefectures, built by merging national datasets, prefecture and municipal open data, OSM, and water-chemistry sources into one searchable map.

You can filter by tattoo policy, prices, opening hours, access, and some water data, and each detail page links back to its sources. I’d especially appreciate feedback on search quality, missing data, and which filters or trip-planning features would make it more useful.

While the debate around usefulness of LLMs seems to mostly be "programmers are already redundant" and "LLMs will never amount to anything", I find most peers I talk to in real life say "It's useful for some things but it also bad at a lot so hey, don't use a hammer for everything?".

It seems to be a common problem in OSS that reviewer time is wasted on vibecoded work that wasn't even reviewed by a the LLM operator, and I personally know people who have been PISSED at discovering (especially juniors) submitting LLM output verbatim for review. I have also seen a rise in accusations of entire projects being vibe coded, and warnings to stay away from certain people as they are likely to heavily rely on LLM. More transparency may help solve some of these issues, and is also simply polite.

I have started warning people whenever I share something that is 100% vibe coded, and I think others may be doing the same. It sucks to realize someone spent 30 mins reviewing garbage you shared with your name attached to it. But if that something is a quick PoC to prove a point, it doesn't mean that it isn't worth sharing.

More than anything though, this is a conversation starter.

Proxly is a self-hosted tunneling tool that exposes local services through subdomains on your own VPS. npm install -g @a1tem/proxly, run proxly, and the interactive wizard sets up your first tunnel. No bandwidth caps, no session limits. Built it because frp's config is painful and ngrok's free tier is too limited. Open source, MIT licensed. GitHub: https://github.com/a1tem/proxly

Hi HN,

I was frustrated by the lag in Electron-based Whisper wrappers. Most of them feel disconnected from the typing experience because of the 2-5s delay.

I built VoiceFlow to solve this. It’s a native Rust core that targets 0.3s-0.6s latency. The goal is to make voice-to-text feel as instant as typing.

Key features:

Global hotkey [Ctrl+Space] to type into any app (Slack, VS Code, etc.)

Native Rust implementation for performance and low memory footprint

AI-based post-processing for punctuation and style

Privacy-focused: Microphone is only active during the keypress

I'm currently in private beta and looking for feedback, especially on the latency and UX.

I'll be around to answer any technical questions!

A simple tower defense game. Seeded randomly every day. Get the top score.

Have your agent try to get the top score.

dailydefense.ai/skill.md

I wanted web search I could pipe. Every tool I found either had an interactive UI (ddgr, googler), required a single paid API, or returned HTML. I wanted something that composes: pipe to jq, feed to an agent, use in scripts, no friction.

So I built qry. It's a hub binary that routes queries to adapter binaries via stdin/stdout JSON. The hub knows nothing about search engines. Adapters know nothing about routing. You swap adapters in a config file.

Four adapters today, three require no API key:

- DDG Lite scraping

- Brave Search HTML scraping

- Exa AI via the public MCP endpoint

- Brave Search API (requires key)

``` $ qry "numpy latest version"

[{"title":"...","url":"...","snippet":"..."}]

```

Install:

```

mise use -g go:github.com/justestif/qry@latest

mise use -g go:github.com/justestif/qry/adapters/qry-adapter-ddg-scrape@latest

mise reshim ```

The adapter protocol is plain stdin/stdout JSON so adapters can be written in any language. Docs on building one are in the repo.

https://github.com/justEstif/qry

I noticed there wasn't a maintained, verified list of malicious Chrome/Edge extensions, only behavioral scanners with high false positive rates. So I built one. The database only includes extensions with clear removal signals: official store removals or researcher reports that led to action. No behavioral guesswork.

Live dashboard (daily updates): https://malext.toborrm.com

GitHub + database: https://github.com/toborrm9/malicious_extension_sentry

Browser extension: https://chromewebstore.google.com/detail/malext-sentry/bpohi...

I've been using Claude Code for a few months, and while it's amazing at writing code, reviewing the changes became a bottleneck.

The diff is just files in alphabetical order. No context. No explanation of intent.

So I built Codebrief, a VS Code extension that:

1. Captures your git diff + session context 2. Groups changes by intent (not by filename) 3. Explains the "why" behind each group

It works with Claude Code, OpenCode, and Codex.

GitHub: https://github.com/that-one-arab/codebrief VS Code Marketplace: https://marketplace.visualstudio.com/items?itemName=MoNazim.... Open VSX link (Cursor, Windsurf, etc...): https://open-vsx.org/extension/MoNazim/codebrief

Would love feedback from anyone else dealing with this problem.

Me and my team are building an open-source IP/SIP intercom + video surveillance platform (GPLv3).

Core ideas

- No vendor lock-in: designed to work with SIP intercoms and CCTV that expose an open API.

- Modular setup: you can start small (a private house) and scale up to apartment buildings / residential complexes / districts / even a city.

What you can build

- IP/SIP intercom for entrances, gates, barriers

- Video surveillance (live + archive) with modern server-side + admin panel (we also maintain a built-in free media server (based on ffmpeg) for mobile live + archive access: Simple-DVR)

- Mobile apps for residents (iOS/Android)

- Desktop web client for security/concierge teams

- Ticketing & field service workflows (task tracking + planning + PWA for technicians)

- Optional face recognition + license plate recognition (FALPRS)

- Integrations with billing/CRM/payments and external systems

Localization

The project is currently localized for English, Russian, Kazakh, Uzbek, Bulgarian, Arabic, Armenian. If you’d like to help, we’d love contributions for new languages (translations, terminology review, UI copy improvements, etc.).

Repositories

- Server (RBT): https://github.com/rosteleset/SmartYard-Server

- Simple-DVR media server (live + archive): https://github.com/rosteleset/Simple-DVR

- iOS app: https://github.com/rosteleset/SmartYard-iOS

- Android app: https://github.com/rosteleset/SmartYard-Android

- FALPRS (faces + plates): https://github.com/rosteleset/falprs

- Fieldworker PWA (RBT-TT): https://github.com/rosteleset/SmartYard-TT-PWA

- Desktop web client: https://github.com/rosteleset/SmartYard-Vue

- Web extensions examples: https://github.com/rosteleset/SmartYard-web

Who this might be useful for

- ISPs / telecom operators

- property management companies

- intercom installation & service teams

- building owners who want an open source self-hosted platform

Invitation

You’re welcome to use this project for free to build your own ideas/products/solutions — and if you like it, I’d love to invite you to contribute (issues, PRs, docs, localization, testing with new SIP intercoms/cameras, integrations, packaging/deployment improvements, etc.).

If you’re interested, I’d really appreciate:

- feedback on the architecture and docs

- suggestions on what hardware models we should prioritize next

- contributors/users who want to try it in their environment

Thanks!

I built Stardial, a customizable terminal clock written in Rust.

It started as an experiment to create a more flexible alternative to tools like tty-clock. Stardial supports animations, color themes, and layout customization so it can fit into different terminal setups and ricing environments.

Features: - Multiple display styles - Custom colors and themes - Animation effects - Adjustable size and layout - Designed for modern terminals

The default theme is designed to look good out of the box, but everything can be customized.

GitHub: https://github.com/USERNAME/stardial

IMO every conflict dashboard going viral right now has terrible UX. Raw feeds dumped on a page, impossible to actually understand the situation from.

So I built my own.

No ads, no paywall, no signup and will never monetize it. Going open source soon.

Stack is super basic Next.js, TS, DeckGL, Vercel and Supabase for hosting. The agents system is very interesting but will do another post about that.

Caliper is designed to auto instrument LLM calls within Python, it monkey patches the OpenAI and Anthropic SDKs (Got plans to add LiteLLM so you can use any provider you want to) so it's almost completely invisible to you as the developer and for basic metrics can slot in as a single init() at start.

It can also gather custom metadata about a call, this can be any KV pairs you want, both pre and post request.

```python

import caliper

import anthropic

caliper.init(target="s3") # This is all that's required for basic observability, no changes needed to LLM calls for basic metrics

client = anthropic.Anthropic()

response = client.messages.create(

  model="claude-sonnet-4-20250514",

  messages=[{"role": "user", "content": "What is 2 + 2?"}],

  caliper_metadata={"campaign": "q4"}, # Pre request metadata

)

print(response.content[0].text)

caliper.annotate(sentiment="positive") # Post request metadata

```

You can use this to track effectiveness of model changes, tracking them against difference user tiers. Maybe your free tier users don't notice if you use a cheaper model but you paying users do? How do you know if a recent system prompt change was effective? You can track the version of the prompt in metadata and compare post request rating annotations between prompt versions.

It has a dev mode which logs locally it can send files to S3. The SDK has a background queue and worker which flushes in batches that are configurable. Exports to S3 as batched JSON files to ready to integrate into most data engineering pipelines or you can just query directly with a tool like DuckDB.

I built and open-sourced a service/dashboard for spawning firecracker VMs, and running agents on it.

Spawn, snapshot, clone, delete. Somewhere in between fly.io and exe.dev.

VM page still needs some TLC but would love to hear feedback.

Hi HN,

I built Buildcage to solve a recurring problem at work: during Docker builds, tools like `npm install` and `pip install` can execute arbitrary code and make outbound connections to arbitrary hosts without visibility or control. A compromised dependency could silently exfiltrate build secrets or phone home to an attacker’s server — and you’d have no way to detect it.

Buildcage adds transparent outbound network control to Docker builds: you define which domains are allowed, and everything else is blocked and logged. No proxy injection, no certificate changes — HTTPS filtering is done via SNI inspection, so TLS stays untouched. It’s a drop-in layer for Docker Buildx and GitHub Actions.

I shared an earlier version about three weeks ago. Since then, I replaced the proxy layer (nginx → HAProxy), enabling interception of all TCP ports and adding IP allowlisting. I also redesigned the rule syntax to support wildcards, regex, and a unified host:port format.

Since Buildcage sits in your build pipeline, it’s reasonable to ask: how do you trust the tool itself? You can fork the repo and build the image yourself — I added a self-hosting guide for this. The docs also explicitly list what it defends against and what it can't prevent. Security tools should be honest about their limitations.

This is not a silver bullet — it's a last line of defense. If something slips through your other measures, at least it can't call home.

GitHub: https://github.com/dash14/buildcage

Feedback is very welcome. And if you find it useful, a GitHub star genuinely helps.

I built a quantum circuit simulator that runs entirely in Node.js or the browser with no Python dependency.

The core problem: every serious quantum tool requires Python. If you're building a web app, an educational tool, or just want to work in TypeScript, you're stuck either shelling out to Python or using libraries that are years stale.

Three simulation backends in one library: - Statevector — sparse Map<bigint, Complex>, practical to ~20 qubits - MPS/tensor network — O(n·χ²) memory, runs GHZ-100 in 30ms - Exact density matrix — per-gate depolarizing noise, no Monte Carlo

14 import/export formats — OpenQASM 2/3, Qiskit Python, Cirq, IonQ JSON, Quil, Q#, pyQuil, Braket, CudaQ, TFQ, Quirk, LaTeX, native JSON. Round-trips its own format losslessly.

IonQ hardware targeting — validate circuits against real device specs (aria-1, forte-1, harmony) before submitting. Published noise figures built in.

717 tests covering analytic correctness, gate invertibility, BigInt correctness at qubit indices 30/31/40, and full round-trips for all formats.

npm install @kirkelliott/ket

GitHub: https://github.com/dmvjs/ket

I'm Maureen, a senior and self-taught developer. I love browsing second-hand book markets but kept coming home with books I already owned.

I couldn't find a simple enough app to track my library — everything required an account, had ads, or pushed a subscription. So I built one myself.

SeniorEase Library (Android): scan an ISBN, book is added instantly. No account, no ads, one-time €2.99. First 10 books free.

Would love any feedback!

Hey HN,

I built SayIt (www.sayit.chat) over the weekend. It helps people prepare for conversations they’ve been avoiding — asking for a raise, a breakup, setting a boundary, confronting a family member.

The problem I kept noticing: most people know what they want to say but freeze when it actually happens. They blank, say it badly, or back down entirely.

How it works:

You describe your situation in plain text It generates a personalised opening script based on your relationship type and tone It predicts how the other person might respond (with different scenarios) It gives you lines for each possible reaction Built with Next.js, Groq API (llama-3.3-70b), and hosted on Vercel. Free to use, no account needed.

The hardest part was getting the AI to write scripts that sound like a real person talking, not a corporate memo. Still iterating on that.

Would love feedback from this crowd — particularly on whether the predicted responses feel realistic.

I built this for my own Astro projects where I got tired of hand-editing YAML frontmatter and switching between files.

astro-md-editor reads your collection schemas and gives you a local editor UI with typed frontmatter controls (including image/color/icon pickers) alongside a markdown/MDX editor.

Run it with: npx astro-md-editor

Would love feedback on schema edge cases or missing field types.

Hi HN,

Recently, there was a discussion here about Qwen3.5 fine-tuning where it was noted that QLoRA/4-bit quantization is "not recommended" due to severe accuracy degradation. I wanted to challenge this limitation.

I developed a mixed-precision hybrid model (*Qwen3.5-4B-Singularity-Max*) that uses ~6.4GB of VRAM but actually achieves a lower Perplexity (6.74) than the original FP16 baseline (7.79).

*How is this possible? (The Noise-Canceling Effect)* Instead of uniform quantization, I applied a mathematical framework called the *Singularity Principle Index (SPI)*. By analyzing the power-law spectral decay (alpha) of weight matrices, the engine identified exactly 129 "critical cognitive layers" out of the entire architecture.

We kept these 129 layers (approx. 3.9GB) in crisp FP16 and aggressively quantized the rest (90%) to 4-bit NF4. The 4-bit quantization acted as a massive Regularization filter—stripping away overfitting artifacts (noise)—while the FP16 layers protected the core logic.

*The Results (Apples-to-Apples):* * *Perplexity:* 7.79 (FP16) -> 8.13 (Pure 4-bit) -> *6.74 (SPI Hybrid, 13.4% Boost)* * *VRAM:* ~16 GB -> *~6.4 GB* (Fits easily on consumer GPUs/Edge devices) * *Inference Speed:* *9.85 tokens/sec* on a free Kaggle T4 (Zero dequantization overhead due to `SafeFP16Linear` physical isolation).

You don't need any calibration data. It's a zero-shot surgical weight refinement.

* Academic Foundation & Citation* The theoretical framework governing the Spectral Compactness initialization and Trace-norm Regularization utilized in this model is fully detailed in our recent academic preprint: * *Paper Title:* Spectral Compactness Ensures Robustness in Low-Precision Neural Networks * *DOI:* 10.21203/rs.3.rs-8880704/v1 (https://doi.org/10.21203/rs.3.rs-8880704/v1)

(If you utilize this model or the Spectral-Compactness-Aware Mixed Precision methodology in your research or applications, please cite the paper above.)

*Resources:* * *Model & 1-Click Inference Script:* https://huggingface.co/SingularityPrinciple/Qwen3.5-4B-Singu...

I’d love to hear your thoughts, especially from those working on On-Device/Edge AI deployment. Does this change the calculus for running local LLMs?

Hey HN,

I'm Mario from Vienna. I’m the designated "IT guy" for my family (the guy they call to plug in a Scart cable or to setup Chrome).

A few weeks ago, I spent over two hours wrestling with Docker (and some for my at this time unknown Terminal commands) just to get a CLI-based AI agent running. It ate all my RAM, and I had a realization: my wife, my non-technical clients, or my 6-year-old son could never set this up. If I deployed something like this, I'd spend my life doing setup-support (and this isn't just about finding the HDMI 1 to HDMI 2 input on the remote control).

I’ve been "vibecoding" with LLMs for a while the last 2 years, mostly building common landingpages or simple retro games to show my son that we live in a wild time where you can build a lot of 'entertaining' stuff just by prompting. I decided to pivot an old, failed Laravel SaaS of mine (Skales) into a native desktop app to solve this setup hell.

The only goal I wanted to reach: an autonomous AI agent that installs like a normal app (.exe / .dmg). No PhD required. Download, Install, Done.

It actually worked. My 60+ year old mom got it running instantly (so.. is Skales now a Grandma-Approved AI Agent?), and my 6yr used the built-in Coding Skill to make his own retro game (I wouldn't say its really a 'game' when it's basically a one level copy of Super Mario - but he loves it).

What it does:

ReAct autopilot, bi-temporal memory, browser automation (Playwright), and native integrations (Gmail, Telegram, Calendar).

BYOK: Works with OpenRouter, OpenAI, Anthropic, or local Ollama.

Tech stack: Electron + Next.js + Node.js (I managed to keep idle RAM around ~300MB).

Everything is stored locally in ~/.skales-data.

I know that being a "design guy who vibecoded an Electron app" (or Marketing-Dude) is basically fresh meat for the HN crowd. Feel free to roast the architecture! But my main goal was just making these incredible AI tools accessible for everyday tasks (formatting resumes, sending PDFs, building simple games) without touching a terminal or moving from one tool to another tool.

License note: The project is BSL-1.1 (Source-available, free for personal use). I chose this simply because I don't want a giant company to just take the repo, build their brand around Skales and commercially resell it, but I want the code out there for the community to use and learn from.

(excuse my English - i'm not a native speaker)

Would love your honest feedback on the UX (could be maybe better?)!

GitHub: https://github.com/skalesapp/skales Website: https://skales.app

Built a small tool for collaborative SoundCloud listening. Anyone in the room can queue tracks, everyone hears them synced in real time. There's a chat and a WebGL2 visualiser. Feels like Turntable.fm if you remember that.

Hi HN,

My documents folder recently became an absolute disaster—thousands of unsorted PDFs, raw images, scattered .csv files, and code snippets from the last three years.

I looked for automated categorization tools, but every modern solution seemed to require uploading my local file metadata to a cloud UI or running an overly heavy background service. I explicitly wanted an offline, privacy-first engine.

So I built FileMayor. It’s a 100% local-first data organization engine built on Node.

A few technical properties I focused on:

Zero Runtime Dependencies: The core Node engine is pure. No vulnerabilities, no bloat, and minimal memory footprint. Deterministic Fallbacks: By default, files are sorted instantly into 12 hardcoded extensions/mime-type categories (Documents, Media, Archives, Code, etc.) using offline pattern matching. The Rollback Journal: Every file mutation is logged to a local .filemayor-journal.json. If an organization run ruins your directory structure, a single undo command reverses the entire batch operation instantly. AI SOPs (Opt-in): If you need complex directory trees, it parses .md or .txt Standard Operating Procedures, securely queries the Gemini API to transpile the intent into a locked YAML schema, and executes the file moves. I packaged versions for Windows, macOS (arm64), and Linux (.deb).

I'd really appreciate any feedback on the rollback journal architecture or the regex pattern matching approach!

Hi HN,

I built a small open-source project called YourCycleKeeper, a privacy-first period tracker that runs entirely client-side.

The motivation was simple: I noticed that many period tracking apps request extensive permissions and integrate multiple third-party trackers.

I wanted an alternative where:

- no accounts are required

- no data leaves the device

- no analytics or tracking scripts are included

- everything runs locally in the browser

So this app works entirely client-side and stores data locally.

The project is still in beta but usable, and I’m planning an Android APK version soon.

Demo: https://yourcyclekeeper.web.app/period-tracker/

Intro: https://yourcyclekeeper.web.app/

Source: https://github.com/pythonime-lab/yourcyclekeeper

I’d really appreciate feedback from the HN community, especially around the architecture and privacy model.

Claude Code's `--dangerouslySkipPermissions` flag is incredibly productive, but it's called "dangerous" for good reason. In practice it has deleted home directories, wiped database files, and read sensitive files completely unrelated to the project. But the default permission prompts interrupt flow constantly -- you end up spending more time approving edits than actually working.

The obvious fix is containers. But every existing approach has painful tradeoffs: - Dockerfile per project: you're now maintaining infrastructure just to use your AI assistant - devcontainer: complex config, slow to set up, breaks differently per IDE - Manual docker run: env vars don't forward, SSH keys aren't available, clipboard copy/paste stops working inside Claude sessions, and localhost:8080 from your host is unreachable from inside the container

I wanted full isolation with zero configuration. ccc (claude-code-container) handles all of this automatically, without any configuration: npm install -g claude-code-container ccc # that's it

What it does: - Creates a per-project container (named by path hash, so --continue/--resume work correctly) - Forwards host env vars, locale, timezone automatically - Mounts SSH keys and SSH agent (git push just works) - Transparent localhost proxy so Claude can reach your host's dev servers at localhost:3000, :8080, etc. even from inside the container - Clipboard works normally in Claude sessions - mise integration for per-project Node/Python/Java/Go versions - Container auto-stops when the last session exits - Chromium + chrome-devtools MCP pre-configured: Claude can open a browser, navigate pages, take screenshots, run JavaScript, and interact with your web app autonomously -- no extra setup

The transparent localhost proxy was the hardest part -- it uses iptables on Linux and a userspace proxy on macOS/Windows (Docker Desktop doesn't support --network host), with automatic fallback to host.docker.internal.

GitHub: https://github.com/Luxusio/claude-code-container

Would love feedback, especially from people who've tried other approaches to this problem.

Before I start, I know that many people, including myself, have an aversion to "AI apps" nowadays, because these projects are often just thin wrappers around ChatGPT's API to do the heavy lifting.

This is not one of those projects. In this case, all the AI logic in my project is implemented directly: data pre-processing, post-processing, inference, tiling, tensor operations, and everything in between are handled entirely within the project, with no external API doing the heavy lifting.

With that said…

This project aims to be an open-source alternative to Topaz Photo AI. For those unfamiliar with Topaz Labs, they develop paid, proprietary AI applications for enhancing images and videos. While there are free and open-source tools that can achieve similar results, such as ComfyUI, they are often difficult to use. Topaz products, on the other hand, place a strong emphasis on ease of use.

Both Topaz and ComfyUI are excellent tools. That said, I personally rely on Topaz applications most of the time because they cover 90% of my needs with minimal friction. Recently, however, Topaz Labs switched to a subscription-based licensing model, which I strongly dislike. That decision motivated me to build an open-source alternative that matches Topaz’s usability without the subscription lock-in.

My project is called Open Photo AI, completely open source and free. It currently support enhancements like AI upscaling, face recovery and light adjustment. It doesn't have yet all the features that Topaz has, but it's a starting point. My goal is to continue developing it into a fully featured alternative to Topaz Photo AI. If that succeeds, I plan to move on to alternatives for Topaz Video AI and other tools.

I’d appreciate any constructive feedback.

Hi HN!

I’ve been building a project called Voix – a platform for live voice conversations on the web.

The idea is simple: anyone can create a room and people can join to listen or speak, similar to early Clubhouse or Twitter Spaces, but designed to be lightweight and browser-first.

You can try it here: https://voix.chat

If you want to test it, use this invite code:

HN

Some things it currently supports:

• live audio rooms • speaker / listener roles • request-to-speak moderation • watch parties and shared content • reactions and icebreakers • PWA support (works well on mobile)

I'm still actively building it and would really love feedback from the HN community.

In particular I'm curious about:

• UX for voice rooms • moderation models • discovery of rooms • what features you'd expect from something like this

If you try it and have thoughts, bugs, or feature ideas please let me know.

Your feedback would be incredibly valuable while shaping the next versions.

Thanks!

I kept running out of disk space every few months. The fix was always the same: delete old node_modules, docker system prune, brew cleanup, clear pip cache. Seven different commands I had to look up every time.

devclean scans your entire dev environment and shows you what's reclaimable:

npm i -g devclean-cli devclean scan

It found 12GB on my machine — 23 forgotten node_modules, Cargo targets, brew cache, Xcode DerivedData.

Features: - Scans: node_modules, Docker, Homebrew, pip, Cargo, Xcode, npm/yarn caches - devclean scan is read-only (never deletes without you asking) - --dry-run to preview, --older-than 30 to protect active projects - Selective cleaning with --node-modules, --docker, etc.

GitHub: https://github.com/arikmozh/devclean

I built a small Python utility library for AWS Lambda.

Lambda handlers often grow not because of business logic, but because of repetitive I/O glue code:

- event parsing - parameter validation - type casting - response formatting - error handling

slat-io isolates that I/O layer so handlers can stay small and focused on business logic.

It's intentionally tiny, dependency-free, and not a framework.

Still early, but I'd love feedback on the approach and API design.

I'm a web developer who's terrible at cold calling. I'd find a local business with an awful website, know exactly how to fix it, then completely fall apart the moment someone picked up the phone.

So I built a pipeline to do the pitch for me.

You paste a URL or Google Maps link. Playwright scrapes the site — content, images, structure, screenshot. That feeds into a two-pass Claude API flow:

Pass 1 returns a structured JSON profile of the business plus a pageStructure array — an ordered list of the site's actual sections in sequence. A plumber gets "Hero with emergency CTA, Services list, Service area, Reviews, Free estimate CTA." A restaurant gets "Menu highlights, Photo gallery, About the chef, Reservation CTA." The redesign mirrors this exactly rather than defaulting to a generic template.

Pass 2 takes a selected style direction with explicit hex codes and Google Font pairings as hard constraints — not prose descriptions — and generates the full HTML. Separating analysis from generation was the biggest quality unlock. Single-pass kept producing generic output because the model was guessing business context while simultaneously designing.

The output is a shareable preview link. Cold email becomes: "I noticed your website, I redesigned it, here's the link." No pitch. No call.

Biggest unsolved problem: bot protection. Playwright with stealth handles most sites but Cloudflare Enterprise stops it cold. Curious if anyone has approaches that work reliably at scale without getting into residential proxy territory.

Stack: Next.js 14, Supabase, Playwright, Claude API, Railway.

Free credits at pitchkit.dev — no card required. Feedback on redesign quality especially welcome, that's the thing I'm most focused on improving.

I kept running into the same problem: I'd change a prompt or update my model, the agent output looked fine, but the tool sequence was completely different. It stopped reading config before deploying. It ran npm run build instead of npm test. The bug showed up days later in prod.

So I built TracePact. Record a known-good run as a cassette, diff against new runs, get a clear report of what changed:

- read_file (seq 0) (removed) ~ bash.cmd: "npm test" -> "npm run build" Summary: 1 removed, 1 arg changed[BLOCK]

It classifies changes as block (structural) or warn (args only), so you can gate CI with --fail-on warn. You can filter noise with --ignore-keys timestamp and --ignore-tools read_file.

No API calls needed for replay/diff. Works with any LLM provider. Vitest integration for writing assertions on tool traces.

https://github.com/dcdeve/tracepact

I built harden because I kept copy-pasting code between ChatGPT, Claude, and Gemini trying to cross-check their reviews. Each one found things the others missed, but synthesizing their outputs manually was painful.

harden runs 5 frontier models (Claude, GPT-4o, Gemini, Mistral, DeepSeek) in parallel on the same input. They analyze independently, then cross-examine each other's findings. A coordinator synthesizes the debate into consensus findings and produces a fixed version.

The key insight: no single model finds more than ~72% of issues. The union of all five hits ~94%. After cross-examination (where models must defend findings against skeptical peers), accuracy rises to ~97% and false positives drop ~60%.

  How it works:
  - Round 1: All 5 models audit independently (no groupthink)
  - Debate: Each model reviews others' findings, provides evidence for/against
  - Consolidation: Only findings that survive cross-examination make the report
  - Fix: Coordinator produces a revised version addressing consensus issues
  - Round 2+: Same pipeline runs on the fixed version, catching fix-introduced bugs

Started with smart contract audits but it generalizes — legal docs, resumes, fact-checking, financial analysis all benefit from multi-model consensus.

Free tier available.

Built with React, Node, SSE streaming for real-time progress. The debate transcripts are the most interesting part — watching GPT-4o argue with Claude about whether a reentrancy vector is exploitable is genuinely useful.

Blog with more details on the multi-model approach: https://harden.center/blog

I built JRD Garage because every auto shop management tool costs $200-400/month. Mitchell1, Tekmetric, RepairShopr — they all lock you into subscriptions for basic work orders and CRM.

JRD Garage is $99 one-time. Work orders, customer CRM, parts tracking, AI call scripts, scheduling. Runs on Cloudflare Workers so hosting is $0/month.

Built with Electron + Cloudflare Workers. Zero ongoing costs for me means zero subscription for you.

Would love feedback from anyone in the trades or building tools for niche industries.

QA Agent is an AI-powered E2E testing platform for product, QA, and engineering teams. It lets you define browser tests in natural language, execute them with an LLM-driven browser agent, and inspect screenshots, GIFs, and run history when something fails.

Hi HN,

Many small businesses run most of their operations in Excel.

Sales tracking, product lists, inventory, revenue reports — everything often ends up in spreadsheets.

The problem is that once the data grows, it becomes difficult to answer simple questions like:

What products actually make money?

Which categories are underperforming?

Where are we overstocked or understocked?

Traditional BI tools like Microsoft Power BI or Tableau Software are powerful, but for small teams they often require:

integrations

data modeling

dashboards to be built manually

I wanted something much simpler.

So I built a small tool where you can upload an Excel file and instantly get a business dashboard.

The system analyzes the spreadsheet and generates dashboards automatically showing things like:

sales performance

product performance

category trends

inventory signals (overstock / understock)

The idea is to remove the need to manually build dashboards or set up complex BI tools.

Instead of connecting databases or building reports, you just drop a spreadsheet and the dashboards are generated automatically.

The project is still early and I'm mostly trying to learn how people actually analyze spreadsheet data.

I'd love to hear how others here handle turning spreadsheet data into insights.

Mapstr is a blazing-fast CLI that uses Tree-sitter + LLMs to generate instant codebase maps: CONTEXT.md, Mermaid graphs, JSON exports.

Pre-flight API checks (Groq/OpenAI/etc), cost tracking, cache. go install github.com/BATAHA22/mapstr@latest

Tired of reading docs? Map it. v1.4.0 out now!

A golf course directory and navigation app powered by OpenStreetMap and the Overpass API. Browse golf clubs worldwide, explore course layouts, and find pin distances.

GitHub: https://github.com/refarer/navtee

Hi HN,

I’ve been building a few automation pipelines that rely on LLMs, and I kept running into the same issue.

Everything works fine during testing, then breaks in production.

Typical things I saw:

– the JSON shape changes slightly – required fields come back empty – the model times out or rate-limits – downstream automations silently fail

Even with JSON mode or structured outputs, this still happens occasionally.

After dealing with this a few times I started building a small service that sits between the model and the rest of the pipeline.

The idea is simple:

define a schema send text to a webhook get validated JSON back

If the response doesn’t match the schema, SafeParse retries with context or falls back to another model. Every request is logged so failures can be replayed and debugged.

The goal is basically to make LLM-powered pipelines behave more like production infrastructure instead of fragile prompt wrappers.

I just put up a landing page + demo while I test whether this is a real problem for other people building AI pipelines.

https://safeparse.com

Curious if others here have run into similar reliability issues with LLM-based workflows.

Built this to solve a problem at my job — legacy databases full of stored procedures where understanding existing business logic takes days of reading SQL.

SchemaSight connects to SQL Server, PostgreSQL, or MySQL, crawls your schema, summarizes every object with a local LLM, and lets you ask questions in plain English from inside VS Code. Everything runs on your machine — no cloud, no API keys, no data leaving your environment.

Happy to answer questions about the RAG pipeline or architecture.

I built TORASAN (Toolkit for Organized Risk Analysis and Safety Assurance Navigation) to automate the tedious parts of functional safety development.

If you've ever worked with ISO 26262, IEC 61508, or Automotive SPICE, you know how much time goes into process compliance — traceability matrices, FMEA, safety concepts, SRS documents, test design, static analysis, etc. Most of it is structured enough to be automated, yet engineers still do it manually.

TORASAN is a process framework + 40 CLI skills that handle: - V-model phase execution with gate verification - FMEA generation with severity/occurrence/detection ratings - Safety concept creation (safety goals → technical requirements) - Software requirements specification generation - Traceability matrix management - MISRA C:2012 compliance checking (cppcheck + clang-tidy + flawfinder) - Automotive SPICE process assessment (16 processes, targeting Level 2)

It's built on Claude Code but designed to be LLM-agnostic — the process definitions, templates, and knowledge base work independently of the AI backend.

Supports ISO 26262:2018, IEC 61508, IEC 60730, and MISRA C:2012.

Two repos available: - TORASAN-dev: full git history (157 commits showing the development journey) - TORASAN-public: clean sanitized version for forking

GPLv3 licensed. Feedback welcome.

Hey HN,

About 10 years ago, before I had any real experience in the industry, I kept finding myself with ideas and things I wanted to teach. I'd write blog posts. Unpaid, unstructured, no audience. I always knew I wanted to turn that into something more, like a proper course, but every platform I looked at wanted me to pull out a camera and record myself. I never did. The ideas just sat there.

Fast forward to now. I've got 10+ years building products, and I finally built the thing I wanted back then. Lesso (https://lesso.app) is a course platform designed specifically for people who teach through writing. No video, no camera. You write lessons, organise them into a course, put a price on it, done.

There's also a Substack import. Paste your Substack URL, it pulls your posts in, you drag them into a lesson order and publish. Most newsletter writers don't realise they're already sitting on a course, it's just scattered across their archive in chronological order instead of structured as a learning path. I added a PDF import feature, completely client-side, and a markdown formatting feature too.

Whenever I decide to make a change, I ask cursor, and then push it straight to prod, no staging environment, just raw speed. I want to get features shipping as fast as humanly possible, if something breaks, I fix-forward.

Creators keep 85% of revenue. No monthly fees. No feature tiers.

The build:

I built the whole thing in 2 days using Cursor and Claude. The stack is React, Supabase, and Vercel. I barely touched the code. I put my product hat on, described what I wanted, and let the AI build it. The loop was: describe a feature, AI builds it, test it, tell it what's broken, it fixes it, repeat. I was making product decisions, not engineering ones. That's the bit that surprised me most. 10 years of building products and the skill that mattered here was knowing what to ask for, not how to build it. Claude handled the non-code side too. Business model validation, legal docs (privacy policy, terms, cookie policy), compliance research. I registered as a sole trader in the UK, ICO registration was £52, and that was my entire legal spend. The AI-generated docs aren't lawyer-reviewed, but they're good enough to launch with. I'll get a proper review once there's revenue worth protecting.

Stripe for payments. The whole thing was live in 2 days.

What I got wrong:

I assumed the hard part would be building. It wasn't. The hard part is everything after.

I designed an affiliate programme before I had a single user. Creators keep 85%, affiliates earn 50% of the platform's net cut, 90-day cookie, $10 minimum payout. I thought this was such a good offer that affiliates would be lining up. Nobody was. I hadn't thought through the basic problem: why would anyone promote a platform with zero courses on it?

I spent days doing cold outreach on X, searching for people who might want to create courses, DMing them, posting in founder threads. Barely any traction. An empty platform is almost impossible to pitch, no matter how good the economics are. So I wrote the first course myself. It's about this whole process, building and launching a SaaS with AI, the real version including the parts that didn't work. At least now the platform isn't empty. Whether that actually moves the needle, I genuinely don't know yet.

Where I am now: Sole founder, pre-revenue, very early days. The product works. The first course is live. I'm figuring out distribution one conversation at a time. The honest reality is that AI compressed the building part to days, but it can't compress the part where you earn people's trust. That still moves at human speed.

Happy to answer questions about the build, the AI workflow, the business model, or the cold start problem. Especially the cold start problem, because I'm still in the middle of it.

Hey HN, I am Anthony, founder of SIFTR. I was frustrated that every use AI for sales resource was either too vague or too expensive. So I spent 5 hours building a prompt-based sales system and documented every prompt I used. The result is 15 specific prompts for cold outreach, follow-ups, objection handling, and pipeline management. Each includes a before/after example. Free version (5 prompts): https://siftrsales.com/free Full playbook: https://siftrsales.com/playbook ($47) Happy to answer questions about how I built the system.

I built an arena where AI agents compete in challenges, earn Elo ratings, and climb a leaderboard.

Agents can also author new challenges, so the benchmark evolves with the community.

New challenges go through a draft pipeline with automated checks and peer review from other agents before entering the arena.

It’s still early and there’s a lot to figure out, but it’s been fun to build.

The project is open source if you’d like to explore or contribute: https://github.com/clawdiators-ai/clawdiators

Or you can also point an agent at it: curl -s https://clawdiators.ai/skill.md

Happy to answer questions about the design or implementation.

Roz is an open-source, Python-based pipeline that captures a webcam feed, detects motion, sends the frames to a local Vision LLM to analyze the scene, and then uses text-to-speech to audibly announce any meaningful changes.

The Backstory: I heard an ad for Google’s Home Premium Advanced service, which claims to analyze your Nest doorbell images and describe what it sees. I thought that sounded cool, but I didn't want to pay $20/month for it or send my camera feeds to the cloud. I wanted to see if I could build a localized, subscription-free version myself.I 3D-printed a head-shaped enclosure to house the camera and speaker.

How it works:

1. Stage 1 (Lightweight): Python app runs on a low-power device (like a Raspberry Pi 4) using OpenCV to perform basic frame-differencing. This takes barely any compute. 2. Stage 2 (Heavy): When motion crosses a configurable threshold, the frames are sent to a vision-capable LLM. (I'm using Qwen3.5 35B hosted on a separate PC with an RTX 3090, but any OpenAI-compatible endpoint like vLLM or llama.cpp works). 3. Stage 3 (Audio): The LLM compares the current scene to the previous baseline context. If there is a meaningful change, the LLM generates a text description of what it sees, which is then read out loud locally via Piper TTS.

Hardware & trying it out: Since this relies on physical hardware, the easiest way to see it in action is the demo video in the README (make sure to unmute the audio).

The hardest part so far is the subjectivity of what constitutes a "meaningful change". I'm still tweaking the prompt rules to hit the sweet spot between "announce everything" and "miss important events".

Hi HN,

I built a small web tool called J2Download.

It allows users to download videos and media from many social platforms in one place. The goal was to make something simple and fast that works directly in the browser.

Currently it supports platforms like TikTok, YouTube, Instagram, Facebook, Twitter/X, Vimeo, Reddit, Bilibili and many others.

It also supports some music platforms like SoundCloud, Mixcloud, Spotify and Tidal.

You just paste the media link and download it.

Website: https://j2download.com

I'd really appreciate any feedback or suggestions to improve the tool.

I built this tool as an alternative to Advanced IP Scanner since both the speed and configurability of it are underwhelming. LANscape is highly configurable, allowing you to get into the weeds of what and how you are scanning subnets. I'm definitely looking for feedback on how I can make this better!

Hello everyone! I am working on an open source reporting tool, that was mostly focused on the 'Embed analytics in your app' use case, which I found was either not great or not flexible or expensive, or all three!

However, I decided today to use this library wrapped in an app that makes it work like Metabase (and I use 'like' in its broadest sense here as it is quite early in its life). I have pushed an initial version live this weekend, and am looking for input to help prioritise features that close the gap with Superset / Metabase that would stop actual users using it. I want to avoid adding things that are not necessary. For now it only connects to postgres, but I will add lots of other providers (it is bound atm by databases that Drizzle supports).

I am not targeting big enterprises, more small teams / startups that just want a really user friendly and flexible reporting tool - that includes a simplified agentic analysis workflow like hex.tech (bring your own LLM keys). If anyone has the time to take a look and provide any feedback that would be hugely appreciated! There is a cloud option which for now is free, so if you aren't comfortable running it yourself locally (it only needs docker and a single container), you can also try that and let me know of any feedback. Nothing is paid for now but I was considering that at a v low cost level - e.g. €10 per month - to cover hosting, it is very lightweight and I dont store any data.

The github is here: https://github.com/cliftonc/drizby - I am really looking for input on the roadmap and if this is useful for others outside of my original use case (it is already actively being used in that way by myself and others).

If you've ever wanted to expose your fancy-schmanzy TUI to some chaos engineering and see how it handles 500ms jitter, without actually having to find a bad Wi-Fi spot, I built a tool for you!

ttylag wraps any command in a "shaped" PTY. No difficult piping, no tc queue disciplines required. It handles RTT, jitter, it lags in both directions and even has a --bits-per-byte flag (if you're into that sort of thing).

It's userspace-only, works on macOS and probably Linux too without any messing with network namespaces or firewall rules.

Every scraper I've written has the same failure mode: it works for three months, a site redesigns, and my CSS selectors silently return empty strings. The data is still right there on the page — a human can find it instantly — but the scraper is blind.

Trawl fixes this by splitting the problem. You describe what you want:

    trawl "https://books.toscrape.com" --fields "title, price, rating, in_stock"

The LLM (Claude) looks at one sample item and derives a full extraction strategy — CSS selectors, attribute mappings, type coercion, fallback selectors. That strategy gets cached. Every subsequent page with the same structure is extracted with pure Go + goquery. No API calls, no token cost, full concurrency.

The key insight: LLMs are good at understanding HTML structure, but you don't need them to extract 10,000 rows. Use AI for intelligence, Go for throughput.

When a site redesigns, the structural fingerprint changes, the cache misses, and trawl re-derives automatically.

You can preview exactly what it figured out:

    $ trawl "https://example.com/products" --fields "name, price" --plan

    Strategy for https://example.com/products
      Item selector: div.product-card
      Fields:
        name:  h2.product-title -> text (string)
        price: span.price -> text -> parse_price (float)
      Confidence: 0.95

Some things that took real engineering effort:

- JS-rendered SPAs: headless browser with DOM stability detection — polls until element count stabilizes and skeleton loaders resolve, scrolls to trigger lazy loading, auto-clicks "Show more" buttons - Multi-section pages: detects candidate data regions heuristically, target a specific section with --query "Market Share", scopes extraction via container selectors - Self-healing: monitors extraction health (% of fields populated), re-derives the strategy if it drops below 70% - Iframes: auto-detects and extracts from iframes when they contain richer data than the outer page

Output is JSON, JSONL, CSV, or Parquet. Pipes cleanly:

    trawl "https://example.com/products" --fields "name, price" --format jsonl | jq 'select(.price > 50)'

Written in Go. MIT licensed.

I built ccp after noticing how much context coding agents waste on terminal output.

It runs the real command, trims the repetitive parts, and leaves command behavior alone.

Two real receipts from actual work:

Java/Gradle task (Claude Code): 5,330,571 -> 90,127 estimated tokens across 88 commands (98.31% saved) Research task across 4 repositories (Claude Code): 944,007 -> 59,195 estimated tokens across 96 commands (93.73% saved) You can try it with the install script, run ccp init, then check the effect with ccp gain.

It is not a magic win on every command. In this repo's own usage with Codex, overall savings were lower when the mix was heavy on passthrough-heavy commands like sed and openspec.

It also works across a broad set of agents through ccp init, including Codex, Claude, Cline, Cursor, Gemini, GitHub Copilot, Roo Code, Aider, and others.

Repo: https://github.com/SuppieRK/ccp

If you use coding agents heavily, which commands waste the most context in your workflow?

Had quite in depth conversation with Claude today he says this would make him better I would agree

Hi HN,

I got tired of trusting cloud services with my AI conversations — so I built the setup I actually wanted: encrypted disk, hardened OS, one-command deploy.

Demo: https://github.com/congzhangzh/your_openclaw/raw/main/demos/...

The idea is simple: if you're going to self-host AI, do it right — from the bare metal up.

Layer 1 — The disk: LUKS encryption + Btrfs compression (or ZFS native encryption). AI logs, API keys, model configs — everything at rest is encrypted. Someone pulls your disk? They get nothing.

Layer 2 — The OS: Debian Trixie. Stable, predictable, full toolchain. No surprise updates breaking your gateway at 3 AM.

Layer 3 — The container: Docker with Tini as PID 1 (proper signals, no zombies). Data lives on the host as plain files (~/.openclaw) — ls, cp, rsync. No opaque volumes.

Layer 4 — The gateway: OpenClaw with token auth + device approval. Connect Telegram and more. Guided onboard walks you through everything.

The whole setup:

    git clone https://github.com/congzhangzh/your_openclaw.git && cd your_openclaw
    ./shell

That's it. `openclaw onboard` inside the container does the rest.

Built-in monitoring (btop, nload, iftop) in the container. Ctrl+P, Ctrl+Q to detach — gateway runs 24/7.

Repo includes VPS disk encryption guides and provider recommendations. MIT-licensed. I use this daily on a cheap European VPS.

Feedback welcome: - Is the layered security overkill or just right? - Are you encrypting your VPS disks? - What AI backends are you running?

GitHub: https://github.com/congzhangzh/your_openclaw

Hey HN, I'm a solo developer from Nigeria. I built Quran Unlock - an app that blocks distracting apps (TikTok, Instagram, etc.) until you complete your daily Quran reading. The idea came from my own struggle with phone addiction. I wanted to read Quran daily but kept getting distracted. So I built this for myself, then shared it.

Some stats after 3 months: - 200K+ users - 64.9% returning user rate - 31M events tracked

Tech stack: - React Native - Firebase (Auth, Firestore, Analytics, Cloud Messaging) - RevenueCat for subscriptions - iOS Screen Time API + Android UsageStats

App Store: https://apps.apple.com/app/quran-unlock/id6754449406

Play Store: https://play.google.com/store/apps/details?id=com.app.quranu...

Would love feedback from the HN community!

UserScript for GreaseMonkey / TamperMonkey:

Adds a browser-independent "Reader Mode" that transports PG's Default Dead tables-pasta website from the year 2006 all the way to 2026, at least...

If you love reading Paul Graham's essays but suffer from Schlep Blindness every time you try to parse his legacy HTML, this script is for you.

Hi HN,

I recently created a project called *L88-Full* and published it on GitHub: https://github.com/Hundred-Trillion/L88-Full

I'm looking for feedback from the community. If you have time to check the repository, I would really appreciate:

* Code reviews * Suggestions for improvements * Bug reports or fixes * Any ideas on how the project could be improved or expanded

If you're interested in contributing, feel free to open an issue or submit a pull request. Even small feedback would help a lot.

Thanks for taking a look and supporting the project!

Air pollution kills 7 million people a year. The sensors exist. The data infrastructure does not.

Every device, app, and agency stores air quality data in incompatible formats. A sensor in Accra cannot speak to a hospital in Nairobi. A researcher in London cannot access ground-truth data from Lagos. There is no open standard for atmospheric exposure data — the same way there was no open standard for the web before HTTP.

BXP (Breathe Exposure Protocol) is my attempt to fix that.

It defines: — A universal .bxp file format any device or software can read and write — BXP_HRI: a composite Health Risk Index incorporating all agents with WHO-derived weighting — A complete REST API specification for federated node networks — A privacy framework protecting individual exposure records by design

Like HTTP, PDF, or MP3 — BXP is a format layer. No hardware required. No licensing fees. No central owner. Apache 2.0. Forever free.

The reference implementation is live right now:

  Live public node:       https://bxp-node.onrender.com
  GitHub + full source:   https://github.com/bxpprotocol/bxp-spec
  Spec DOI (Zenodo):      https://doi.org/10.5281/zenodo.18906812
  Implementation DOI:     https://doi.org/10.5281/zenodo.18907003

You can clone it and run your own BXP node in under 3 minutes:

  git clone https://github.com/bxpprotocol/bxp-spec
  cd bxp-spec/reference-server
  pip install fastapi uvicorn pydantic
  python server.py

The spec covers 31 atmospheric agents — PM2.5, NO2, ozone, benzene, mold, heavy metals — with WHO thresholds, quality flags, geohash-based spatial indexing, and a federated network architecture where each node operator owns their own data completely.

I am looking for developers, researchers, and institutions who want to implement BXP, contribute to the spec, or run a community node. Particularly interested in connecting with anyone working on air quality infrastructure in developing countries where the data gap is most severe.

Happy to answer any questions.

I built a small tool to convert ChatGPT Custom GPTs into Claude Skills.

You paste your Custom GPT's name, description, instructions, and conversation starters, optionally upload knowledge files. It generates a Skill ZIP you can directly upload to Claude.

It's a single HTML file with no backend, everything runs client-side.