🛠️ All DevTools

Show HN: Social network where inviting someone makes you accountable for them Chirpper is invite-only. When you vouch someone in, they join your TrustChain. Their behavior affects your TrustRank, and that propagates up the lineage. No moderators. The accountability is architectural, not policy-based. You can be pseudonymous, but you can't be unaccountable. Happy to get into the mechanics in comments.

Apache Burr: Build reliable AI agents and applications

PgDog is funded and coming to a database near you

Building an HTML-first site doubled our users overnight

A tool for creating and running Linux containers using lightweight virtual machines on a Mac. It is written in Swift, and optimized for Apple silicon.

利用AI大模型，一键生成高清短视频 Generate short videos with one click using AI LLM.

Advanced DNS tunneling VPN for censorship bypass, optimized beyond DNSTT and SlipStream with low-overhead ARQ, resolver load balancing, high packet-loss stability and speed.

Show HN: macOS menu bar gauges for your Claude Code quota

Port React Compiler to Rust

Vibe coding my way to a healthy family: Introducing Gamow Labs

macOS Container Machines

Show HN: The agent that builds and operates its own SaaS tools For context, we started working on our general AI agent CraftBot before OpenClaw came out. It works similarly to OpenClaw and Hermes agent: control your PC to do task + memory + proactivity. However, here is the catch: it can create and operate its own SaaS tools with the concept of Living UI<p>Living UI is a system where an AI agent can scaffold and launch real, working web apps on demand. Each living UI can be a dashboard&#x2F;software&#x2F;internal tool. They are essentially just frontend with X techstack talking to a backend + database with the techstack of your choice, spun up in its own pair of ports as supervised subprocesses managed by a host process. The backend owns all the state (so the app survives page reloads, tab switches, even host restarts), while the frontend is just a dumb view that fetches data and posts user actions. CraftBot can create a project from a template, install dependencies and launch it. It can also read and write its data through a scoped HTTP client, plus built-in endpoints that return a DOM snapshot and a screenshot so the agent can see what&#x27;s on screen.<p>Currently, there are 3 ways to create a living UI<p>(1) Build from scratch. Just describe what you want, and CraftBot generates the backend, API, and UI, then iterates with you.<p>(2) Install from the marketplace. Use ready-to-use apps built by the community (we are looking for contributors!).<p>(3) Import your existing project or GitHub repo. CraftBot converts it into a Living UI and integrates itself into it (similar to CLI-anything, except the app runs directly in the agent UI).<p>Besides, if CraftBot encounters a problem it can’t solve with a simple script, it invents the Saas tool required to solve it proactively (with user approval, of course). It’s not just building a UI for you, but it’s building a workspace for itself to be more efficient.<p>The net effect: You no longer have to subscribe to Saas tools that are not built 100% for your needs, plus, the Saas tools come with their own general AI agent.

Show HN: Nucleus – A security-hardened, Nix-native container runtime Hi HN, I&#x27;ve been building Nucleus, a lightweight Linux container runtime focused on two workloads: ephemeral AI-agent sandboxes and declarative NixOS services. It&#x27;s a single Rust binary, no daemon.<p>It is not a Docker replacement and not a strict subset of Docker either. I dropped the entire image-and-distribution half (no Dockerfile, no layers, no registry, no pull&#x2F;push, no persistent storage layer) in exchange for going deeper on isolation and reproducibility. The rootfs is either a directory copied into tmpfs (agent mode) or a Nix-built closure mounted read-only (production mode). If your mental model is &quot;run my image instead of docker run,&quot; this won&#x27;t fit. If it&#x27;s &quot;run untrusted or ephemeral workloads with stronger, auditable isolation on a single host,&quot; that&#x27;s the target.<p>Things that I think are interesting:<p><pre><code> - Defense-in-depth defaults. All capabilities dropped, ~100-syscall seccomp allowlist (vs Docker&#x27;s ~300), up to 8 namespaces including time&#x2F;cgroup, Landlock LSM path ACLs per service. - Deny-by-default egress. Outbound traffic is denied unless you allow specific CIDRs or DNS-resolved domains. Enforced with namespace-local iptables rules. - Externalized, hash-pinned security policies. seccomp (JSON), capabilities (TOML), and Landlock (TOML) live as separate SHA-256-verified files, decoupled from the rootfs build. There&#x27;s a nucleus seccomp generate that records syscalls in trace mode and emits a minimal profile. - gVisor as a first-class integrated runtime, not an add-on. Explicit network modes including a gvisor-host mode that&#x27;s intentionally separate from native host networking. - Nix-native production path. nucleus.lib.mkRootfs builds locked-down closures; rootfs attestation verifies a per-file SHA-256 manifest at startup; first-class NixOS module. - Formal verification. TLA+ specs for the isolation&#x2F;resource&#x2F;filesystem&#x2F;security&#x2F;gVisor subsystems, checked with Apalache, plus property-based tests that drive the Rust implementation against the specs. </code></pre> Honest tradeoffs: - Linux x86_64 only. No macOS&#x2F;Windows&#x2F;BSD, no plans. - No CNI, no overlay networks, no cluster orchestration. nucleus compose is a single-host TOML DAG over systemd, not Swarm&#x2F;K8s. - Ephemeral-by-default storage. Persistence is opt-in via explicit --volume binds. - Agent mode applies several mechanisms best-effort by design (warn-and-continue on seccomp&#x2F;Landlock failure). For fail-closed isolation on ephemeral workloads use --service-mode strict-agent; for long-running services use production mode.<p>Cold-start is ~12ms in the native runtime. Postgres 18 pgbench numbers under Nucleus are within noise of bare metal in our harness (full results in benches&#x2F;).

AI misidentification results in wrongful arrest; man seeks justice

DuckDuckGo displays a special logo when you search for FreeBSD or OpenBSD

Show HN: Maillune – Embeddable drag-and-drop email editor as a single component Alot of companies (Including the one i work at fulltime) use third party email builders to provide custom email functionality to users. However this is a niche sector and the prices are... insane?<p>So to try and fix this i built Maillune, a embeddable emailbuilder sdk that is alot cheaper with a usable free tier for hobby projects. The entire goal was to make the features transparent and logical. With lower focus on feature paywalls and aiming on a more &quot;Out of the box&quot; approach.<p>This is one of my recent projects ive built in parallel with my fulltime job. All feedback is welcome, good or bad!

Show HN: BibTeX-format, an Emacs compatable BibTeX formatter

Show HN: OpenYabby, voice-controlled multi-agent orchestrator for Claude Code

Grit: Rewriting Git in Rust with Agents

The LD_DEBUG environment variable (2012)