🛠️ All DevTools

[Other] Code Review for Claude Code

[Other] Show HN: The Mog Programming Language Hi, Ted here, creator of Mog.<p>- Mog is a statically typed, compiled, embedded language (think statically typed Lua) designed to be written by LLMs -- the full spec fits in 3,200 tokens. - An AI agent writes a Mog program, compiles it, and dynamically loads it as a plugin, script, or hook. - The host controls exactly which functions a Mog program can call (capability-based permissions), so permissions propagate from agent to agent-written code. - Compiled to native code for low-latency plugin execution -- no interpreter overhead, no JIT, no process startup cost. - The compiler is written in safe Rust so the entire toolchain can be audited for security. Even without a full security audit, Mog is already useful for agents extending themselves with their own code. - MIT licensed, contributions welcome.<p>Motivations for Mog:<p>1. Syntax Only an AI Could Love: Mog is written for AIs to write, so the spec fits easily in context (~3200 tokens), and it&#x27;s intended to minimize foot-guns to lower the error rate when generating Mog code. This is why Mog has no operator precedence: non-associative operations have to use parentheses, e.g. (a + b) * c. It&#x27;s also why there&#x27;s no implicit type coercion, which I&#x27;ve found over the decades to be an annoying source of runtime bugs. There&#x27;s also less support in Mog for generics, and there&#x27;s absolutely no support for metaprogramming, macros, or syntactic abstraction.<p>When asking people to write code in a language, these restrictions could be onerous. But LLMs don&#x27;t care, and the less expressivity you trust them with, the better.<p>2. Capabilities-Based Permissionsl: There&#x27;s a paradox with existing security models for AI agents. If you give an agent like OpenClaw unfettered access to your data, that&#x27;s insecure and you&#x27;ll get pwned. But if you sandbox it, it can&#x27;t do most of what you want. Worse, if you run scripts the agent wrote, those scripts don&#x27;t inherit the permissions that constrain the agent&#x27;s own bash tool calls, which leads to pwnage and other chaos. And that&#x27;s not even assuming you run one of the many OpenClaw plugins with malware.<p>Mog tries to solve this by taking inspiration from embedded languages. It compiles all the way to machine code, ahead of time, but the compiler doesn&#x27;t output any dangerous code (at least it shouldn&#x27;t -- Mog is quite new, so that could still be buggy). This allows a host program, such as an AI agent, to generate Mog source code, compile it, and load it into itself using dlopen(), while maintaining security guarantees.<p>The main trick is that a Mog program on its own can&#x27;t do much. It has no direct access to syscalls, libc, or memory. It can basically call functions, do heap allocations (but only within the arena the host gives it), and return something. If the host wants the Mog program to be able to do I&#x2F;O, it has to supply the functions that the Mog program will call. A core invariant is that a Mog program should never be able to crash the host program, corrupt its state, or consume more resources than the host allows.<p>This allows the host to inspect the arguments to any potentially dangerous operation that the Mog program attempts, since it&#x27;s code that runs in the host. For example, a host agent could give a Mog program a function to run a bash command, then enforce its own session-level permissions on that command, even though the command was dynamically generated by a plugin that was written without prior knowledge of those permission settings.<p>(There are a couple other tricks that PL people might find interesting. One is that the host can limit the execution time of the guest program. It does this using cooperative interrupt polling, i.e. the compiler inserts runtime checks that check if the host has asked the guest to stop. This causes a roughly 10% drop in performance on extremely tight loops, which are the worst case. It could almost certainly be optimized.)<p>3. Self Modification Without Restart: When I try to modify my OpenClaw from my phone, I have to restart the whole agent. Mog fixes this: an agent can compile and run new plugins without interrupting a session, which makes it dynamically responsive to user feedback (e.g., you tell it to always ask you before deleting a file and without any interruption it compiles and loads the code to... actually do that).<p>Async support is built into the language, by adapting LLVM&#x27;s coroutine lowering to our Rust port of the QBE compiler, which is what Mog uses for compilation. The Mog host library can be slotted into an async event loop (tested with Bun), so Mog async calls get scheduled seamlessly by the agent&#x27;s event loop. Another trick is that the Mog program uses a stack inside the memory arena that the host provides for it to run in, rather than the system stack. The system tracks a guard page between the stack and heap. This design prevents stack overflow without runtime overhead.<p>Lots of work still needs to be done to make Mog a &quot;batteries-included&quot; experience like Python. Most of that work involves fleshing out a standard library to include things like JSON, CSV, Sqlite, and HTTP. One high-impact addition would be an `llm` library that allows the guest to make LLM calls through the agent, which should support multiple models and token budgeting, so the host could prevent the plugin from burning too many tokens.<p>I suspect we&#x27;ll also want to do more work to make the program lifecycle operations more ergonomic. And finally, there should be a more fully featured library for integrating a Mog host into an AI agent like OpenClaw or OpenAI&#x27;s Codex CLI.

[Other] Show HN: DenchClaw – Local CRM on Top of OpenClaw Hi everyone, I am Kumar, co-founder of Dench (<a href="https:&#x2F;&#x2F;denchclaw.com" rel="nofollow">https:&#x2F;&#x2F;denchclaw.com</a>). We were part of YC S24, an agentic workflow company that previously worked with sales floors automating niche enterprise tasks such as outbound calling, legal intake, etc.<p>Building consumer &#x2F; power-user software always gave me more joy than FDEing into an enterprise. It did not give me joy to manually add AI tools to a cloud harness for every small new thing, at least not as much as completely local software that is open source and has all the powers of OpenClaw (I can now talk to my CRM on Telegram!).<p>A week ago, we launched Ironclaw, an Open Source OpenClaw CRM Framework (<a href="https:&#x2F;&#x2F;x.com&#x2F;garrytan&#x2F;status&#x2F;2023518514120937672?s=20" rel="nofollow">https:&#x2F;&#x2F;x.com&#x2F;garrytan&#x2F;status&#x2F;2023518514120937672?s=20</a>) but people confused us with NearAI’s Ironclaw, so we changed our name to DenchClaw (<a href="https:&#x2F;&#x2F;denchclaw.com" rel="nofollow">https:&#x2F;&#x2F;denchclaw.com</a>).<p>OpenClaw today feels like early React: the primitive is incredibly powerful, but the patterns are still forming, and everyone is piecing together their own way to actually use it. What made React explode was the emergence of frameworks like Gatsby and Next.js that turned raw capability into something opinionated, repeatable, and easy to adopt.<p>That is how we think about DenchClaw. We are trying to make it one of the clearest, most practical, and most complete ways to use OpenClaw in the real world.<p>Demo: <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=pfACTbc3Bh4#t=43" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=pfACTbc3Bh4#t=43</a><p><pre><code> npx denchclaw </code></pre> I use DenchClaw daily for almost everything I do. It also works as a coding agent like Cursor - DenchClaw built DenchClaw. I am addicted now that I can ask it, “hey in the companies table only show me the ones who have more than 5 employees” and it updates it live than me having to manually add a filter.<p>On Dench, everything sits in a file system, the table filters, views, column toggles, calendar&#x2F;gantt views, etc, so OpenClaw can directly work with it using Dench’s CRM skill.<p>The CRM is built on top of DuckDB, the smallest, most performant and at the same time also feature rich database we could find. Thank you DuckDB team!<p>It creates a new OpenClaw profile called “dench”, and opens a new OpenClaw Gateway… that means you can run all your usual openclaw commands by just prefixing every command with `openclaw --profile dench` . It will start your gateway on port 19001 range. You will be able to access the DenchClaw frontend at localhost:3100. Once you open it on Safari, just add it to your Dock to use it as a PWA.<p>Think of it as Cursor for your Mac (also works on Linux and Windows) which is based on OpenClaw. DenchClaw has a file tree view for you to use it as an elevated finder tool to do anything on your mac. I use it to create slides, do linkedin outreach using MY browser.<p>DenchClaw finds your Chrome Profile and copies it fully into its own, so you won’t have to log in into all your websites again. DenchClaw sees what you see, does what you do. It’s an everything app, that sits locally on your mac.<p>Just ask it “hey import my notion”, “hey import everything from my hubspot”, and it will literally go into your browser, export all objects and documents and put it in its own workspace that you can use.<p>We would love you all to break it, stress test its CRM capabilities, how it streams subagents for lead enrichment, hook it into your Apollo, Gmail, Notion and everything there is. Looking forward to comments&#x2F;feedback!

[Other] 169 production-ready skills & plugins for Claude Code, OpenAI Codex, and OpenClaw — engineering, marketing, product, compliance, C-level advisory, and more. Install via /plugin marketplace.

[Other] Show HN: VS Code Agent Kanban: Task Management for the AI-Assisted Developer Agent Kanban has 4 main features:<p>GitOps &amp; team friendly kanban board integration inside VS Code Structured plan &#x2F; todo &#x2F; implement via @kanban commands Leverages your existing agent harness rather than trying to bundle a built in one .md task format provides a permanent (editable) source of truth including considerations, decisions and actions, that is resistant to context rot

[Other] Show HN: Husky hook that blocks Git push until you do your pushups

[Other] Show HN: Run 500B+ Parameter LLMs Locally on a Mac Mini Hi HN, I built OpenGraviton, an open-source AI inference engine that pushes the limits of running extremely large LLMs on consumer hardware. By combining 1.58-bit ternary quantization, dynamic sparsity with Top-K pruning and MoE routing, and mmap-based layer streaming, OpenGraviton can run models far larger than your system RAM—even on a Mac Mini. Early benchmarks: TinyLlama-1.1B drops from ~2GB (FP16) to ~0.24GB with ternary quantization. At 140B scale, models that normally require ~280GB fit within ~35GB packed. Optimized for Apple Silicon with Metal + C++ tensor unpacking, plus speculative decoding for faster generation. Check benchmarks, architecture, and details here: <a href="https:&#x2F;&#x2F;opengraviton.github.io" rel="nofollow">https:&#x2F;&#x2F;opengraviton.github.io</a> GitHub: <a href="https:&#x2F;&#x2F;github.com&#x2F;opengraviton" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;opengraviton</a> This project isn’t just about squeezing massive models onto tiny hardware—it’s about democratizing access to giant LLMs without cloud costs. Feedback, forks, and ideas are very welcome!

[CLI Tool] Show HN: Mcp2cli – One CLI for every API, 96-99% fewer tokens than native MCP Every MCP server injects its full tool schemas into context on every turn — 30 tools costs ~3,600 tokens&#x2F;turn whether the model uses them or not. Over 25 turns with 120 tools, that&#x27;s 362,000 tokens just for schemas.<p>mcp2cli turns any MCP server or OpenAPI spec into a CLI at runtime. The LLM discovers tools on demand:<p><pre><code> mcp2cli --mcp https:&#x2F;&#x2F;mcp.example.com&#x2F;sse --list # ~16 tokens&#x2F;tool mcp2cli --mcp https:&#x2F;&#x2F;mcp.example.com&#x2F;sse create-task --help # ~120 tokens, once mcp2cli --mcp https:&#x2F;&#x2F;mcp.example.com&#x2F;sse create-task --title &quot;Fix bug&quot; </code></pre> No codegen, no rebuild when the server changes. Works with any LLM — it&#x27;s just a CLI the model shells out to. Also handles OpenAPI specs (JSON&#x2F;YAML, local or remote) with the same interface.<p>Token savings are real, measured with cl100k_base: 96% for 30 tools over 15 turns, 99% for 120 tools over 25 turns.<p>It also ships as an installable skill for AI coding agents (Claude Code, Cursor, Codex): `npx skills add knowsuchagency&#x2F;mcp2cli --skill mcp2cli`<p>Inspired by Kagan Yilmaz&#x27;s CLI vs MCP analysis and CLIHub.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;knowsuchagency&#x2F;mcp2cli" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;knowsuchagency&#x2F;mcp2cli</a>

[Other] Show HN: OxiMedia – Pure Rust Reconstruction of FFmpeg and OpenCV Author here. OxiMedia is a clean-room reconstruction of FFmpeg and OpenCV in pure Rust. v0.1.0, 92 crates, ~1.36M lines.<p>Key decisions: `#![forbid(unsafe_code)]` workspace-wide, patent-free codecs only (AV1&#x2F;VP9&#x2F;Opus&#x2F;FLAC -- no H.264&#x2F;H.265&#x2F;AAC ever), async on Tokio, zero C&#x2F;Fortran deps in default features, native WASM target.<p>This is v0.1.0 -- APIs are stabilized but not yet battle-tested at scale. Performance benchmarks vs FFmpeg&#x2F;rav1e&#x2F;dav1d coming soon.<p>Feedback on API design welcome, especially the filter graph and transcoding pipeline.<p>GitHub: <a href="https:&#x2F;&#x2F;github.com&#x2F;cool-japan&#x2F;oximedia" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;cool-japan&#x2F;oximedia</a>

[Other] Show HN: I built a real-time OSINT dashboard pulling 15 live global feeds Sup HN,<p>So I got tired of bouncing between Flightradar, MarineTraffic, and Twitter every time something kicked off globally, so I wrote a dashboard to aggregate it all locally. It’s called Shadowbroker.<p>I’ll admit I leaned way too hard into the &quot;movie hacker&quot; aesthetic for the UI, but the actual pipeline underneath is real. It pulls commercial&#x2F;military ADS-B, the AIS WebSocket stream (about 25,000+ ships), N2YO satellite telemetry, and GDELT conflict data into a single MapLibre instance.<p>Getting this to run without melting my browser was the hardest part. I&#x27;m running this on a laptop with an i5 and an RTX 3050, and initially, dumping 30k+ moving GeoJSON features onto the map just crashed everything. I ended up having to write pretty aggressive viewport culling, debounce the state updates, and compress the FastAPI payloads by like 90% just to make it usable.<p>My favorite part is the signal layer—it actually calculates live GPS jamming zones by aggregating the real-time navigation degradation (NAC-P) of commercial flights overhead.<p>It’s Next.js and Python. I threw a quick-start script in the releases if you just want to spin it up, but the repo is open if you want to dig into the backend.<p>Let me know if my MapLibre implementation is terrible, I&#x27;m always looking for ways to optimize the rendering.

[Other] Show HN: Lobster.js – Extended Markdown with layout blocks and footnotes Hi HN!<p>I built lobster.js which is an extended Markdown parser that renders directly in the browser — no build tool, no framework, no configuration.<p>The entire setup is a single script tag:<p><pre><code> &lt;script type=&quot;module&quot;&gt; import { loadMarkdown } from &quot;https:&#x2F;&#x2F;hacknock.github.io&#x2F;lobsterjs&#x2F;lobster.js&quot;; loadMarkdown(&quot;.&#x2F;content.md&quot;, document.getElementById(&quot;content&quot;)); &lt;&#x2F;script&gt; </code></pre> It&#x27;s particularly useful for GitHub Pages sites where you want Markdown-driven content without pulling in Jekyll or Hugo.<p>---<p>What makes it different from marked.js or markdown-it:<p>Standard parsers convert Markdown to HTML — that&#x27;s it. lobster.js adds layout primitives to the Markdown syntax itself:<p>- :::warp id defines a named content block; [~id] places it inside a silent table cell. This is how you build multi-column layouts entirely in Markdown, without touching HTML. - :::details Title renders a native &lt;details&gt;&#x2F;&lt;summary&gt; collapsible block. - :::header &#x2F; :::footer define semantic page regions. - Silent tables (~ | ... |) create borderless layout grids. - Cell merging: horizontal (\|) and vertical (\---) spans. - Image sizing: .<p>---<p>CSS-first design:<p>Every rendered element gets a predictable lbs-* class name (e.g. lbs-heading-1, lbs-table-silent). No default stylesheet is bundled — you bring your own CSS and have full control over appearance.<p>---<p>The showcase site is itself built with lobster.js. The sidebar is nav.md, and each page is a separate Markdown file loaded dynamically via ?page= query parameters — no JS router, no framework.<p>Markdown is the one format that humans and LLMs both write fluently. If you want a structured static site without a build pipeline, lobster.js lets that Markdown become a full web page — layout and all.<p>GitHub: <a href="https:&#x2F;&#x2F;github.com&#x2F;Hacknock&#x2F;lobsterjs" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Hacknock&#x2F;lobsterjs</a> Showcase: <a href="https:&#x2F;&#x2F;hacknock.github.io&#x2F;lobsterjs-showcase&#x2F;" rel="nofollow">https:&#x2F;&#x2F;hacknock.github.io&#x2F;lobsterjs-showcase&#x2F;</a>

[Other] Show HN: Skir – like Protocol Buffer but better Why I built Skir: <a href="https:&#x2F;&#x2F;medium.com&#x2F;@gepheum&#x2F;i-spent-15-years-with-protobuf-then-i-built-skir-9cf61cc65631" rel="nofollow">https:&#x2F;&#x2F;medium.com&#x2F;@gepheum&#x2F;i-spent-15-years-with-protobuf-t...</a><p>Quick start: npx skir init<p>All the config lives in one YML file.<p>Website: <a href="https:&#x2F;&#x2F;skir.build" rel="nofollow">https:&#x2F;&#x2F;skir.build</a><p>GitHub: <a href="https:&#x2F;&#x2F;github.com&#x2F;gepheum&#x2F;skir" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;gepheum&#x2F;skir</a><p>Would love feedback especially from teams running mixed-language stacks.

[Other] Show HN: Reverse-engineering Shockwave to save early 2000s web games (Rust/WASM) Hi HN,<p>When browsers killed NPAPI plugin support, thousands of early 2000s web games were effectively lost to time. Macromedia Shockwave, in particular, was a closed-source, highly complex, and largely undocumented beast.<p>So a few friends and I spent the last two years doing something arguably unhinged: rebuilding the entire Director engine from scratch. Today, we&#x27;re finally sharing dirplayer-rs.<p>Repo: <a href="https:&#x2F;&#x2F;github.com&#x2F;igorlira&#x2F;dirplayer-rs" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;igorlira&#x2F;dirplayer-rs</a><p>We intentionally stayed quiet on this until we had undeniable proof that it was actually possible. With our latest v0.4.1 release, we have full hardware-accelerated graphics. Complex games are booting natively in the browser and are fully playable.<p>A few childhood favorites, actually playable right now:<p>Habbo Hotel: <a href="https:&#x2F;&#x2F;dirplayer.com&#x2F;habbo" rel="nofollow">https:&#x2F;&#x2F;dirplayer.com&#x2F;habbo</a><p>LEGO Junkbot: <a href="https:&#x2F;&#x2F;dirplayer.com&#x2F;junkbot" rel="nofollow">https:&#x2F;&#x2F;dirplayer.com&#x2F;junkbot</a><p>LEGO Worldbuilder: <a href="https:&#x2F;&#x2F;dirplayer.com&#x2F;worldbuilder" rel="nofollow">https:&#x2F;&#x2F;dirplayer.com&#x2F;worldbuilder</a><p>We chose Rust and WebAssembly because we wanted a native, plugin-free way to play these games without relying on ancient executables. Parsing decades-old, untrusted binary blobs and undocumented bytecode is a memory safety nightmare, making Rust an easy choice. It also gives us predictable performance with zero GC pauses, keeping frame rates smooth.<p>The biggest headache by far has been Lingo, Director&#x27;s scripting language. It&#x27;s massive. It heavily supports 3D graphics, embedded Flash content, and the worst part: Xtras. Xtras were external distributable plugins compiled from native C code. Figuring out how to make those play nice in a modern WASM environment has been a serious challenge.<p>We did, however, successfully implement the Multiuser Xtra so games can create socket connections (which is how Habbo is working!). We still have a long way to go to support full 3D and the massive ecosystem of third-party Xtras, but the foundation is solid.<p>None of this happened in isolation. We built on years of prior work from the Shockwave reverse-engineering community: folks who have been poking at Director&#x27;s internals for years, and their prior projects, tools, and research made this possible.<p>Happy to get into the weeds in the comments: the RE process, decompiling ancient binaries, the weird quirks of Director&#x27;s VM, the Rust architecture, whatever you&#x27;re curious about.<p>And genuinely: what old Shockwave game do you wish still worked? Drop it below and we&#x27;ll see if we can get it booting.

[Other] Beagle, a source code management system that stores AST trees

[CLI Tool] CLI RSS/Atom feed reader inspired by Taskwarrior, synced using Git

[API/SDK] Unofficial Python API for Google NotebookLM

[Package Manager] If It Quacks Like a Package Manager

[Other] SWE-CI: Evaluating Agent Capabilities in Maintaining Codebases via CI

[Other] Sem – Semantic version control. Entity-level diffs on top of Git

[Other] MonoGame: A .NET framework for making cross-platform games