🛠️ All DevTools

[Other] 🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!

[Other] Open Letter to Google on Mandatory Developer Registration for App Distribution

[DevOps] Show HN: Out Plane – A PaaS I built solo from Istanbul in 3 months Hey HN,<p>I posted Out Plane here last week. Wanted to share an update because I&#x27;ve been shipping a lot.<p>I started this because deploying side projects was killing my motivation. Build something fun over a weekend, then waste two days on Dockerfiles, nginx, and SSL. So I built what I wanted — connect GitHub, push code, get a URL. Done.<p>Since December I&#x27;ve added managed PostgreSQL, managed Redis with RedisInsight built in, Dockerfile auto-detection that pre-fills your config, real-time metrics, and scale to zero — no traffic means no bill. Per-second pricing, not hourly. Same Next.js + Postgres app costs me $2.40&#x2F;mo vs $12–47 on other platforms.<p>No CLI yet, docs need work, ~200 users. Just me, no team, no funding. But people are running real stuff on it.<p>$20 free credit, no credit card. I read all feedback personally — I&#x27;m the only one here.

[Other] Show HN: Git-native-issue – issues stored as commits in refs/issues/

[API/SDK] Show HN: AgentBudget – Real-time dollar budgets for AI agents Hey HN,<p>I built AgentBudget after an AI agent loop cost me $187 in 10 minutes — GPT-4o retrying a failed analysis over and over. Existing tools (LangSmith, Langfuse) track costs after execution but don&#x27;t prevent overspend.<p>AgentBudget is a Python SDK that gives each agent session a hard dollar budget with real-time enforcement. Integration is two lines:<p><pre><code> import agentbudget agentbudget.init(&quot;$5.00&quot;) </code></pre> It monkey-patches the OpenAI and Anthropic SDKs (same pattern as Sentry&#x2F;Datadog), so existing code works without changes. When the budget is hit, it raises BudgetExhausted before the next API call goes out.<p>How it works:<p>- Two-phase enforcement: estimates cost pre-call (input tokens + average completion), reconciles post-call with actual usage. Worst-case overshoot is bounded to one call. - Loop detection: sliding window over (tool_name, argument_hash, timestamp) tuples. Catches infinite retries even if budget remains. - Cost engine: pricing table for 50+ models across OpenAI, Anthropic, Google, Mistral, Cohere. Fuzzy matching for dated model variants. - Unified ledger: tracks both LLM calls and external tool costs (via track() or @track_tool decorator) in a single session.<p>Benchmarks: 3.5μs median overhead per enforcement check. Zero budget overshoot across all tested scenarios. Loop detection: 0 false positives on diverse workloads, catches pathological loops at exactly N+1 calls.<p>No infrastructure needed — it&#x27;s a library, not a platform. No Redis, no cloud services, no accounts.<p>I also wrote a whitepaper covering the architecture and integration with Coinbase&#x27;s x402 payment protocol (where agents make autonomous stablecoin payments): <a href="https:&#x2F;&#x2F;doi.org&#x2F;10.5281&#x2F;zenodo.18720464" rel="nofollow">https:&#x2F;&#x2F;doi.org&#x2F;10.5281&#x2F;zenodo.18720464</a><p>1,300+ PyPI installs in the first 4 days, all organic. Apache 2.0.<p>Happy to answer questions about the design.

[Other] Show HN: enveil – hide your .env secrets from prAIng eyes

[Other] Why Your Load Balancer Still Sends Traffic to Dead Backends

[CLI Tool] Show HN: Babyshark – Wireshark made easy (terminal UI for PCAPs) Hey all, I built babyshark, a terminal UI for PCAPs aimed at people who find Wireshark powerful but overwhelming.<p>The goal is “PCAPs for humans”: Overview dashboard answers what’s happening + what to click next<p>Domains view (hostnames first) → select a domain → jump straight to relevant flows (works even when DNS is encrypted&#x2F;cached by using observed IPs from flows)<p>Weird stuff view surfaces common failure&#x2F;latency signals (retransmits&#x2F;out-of-order hints, resets, handshake issues, DNS failures when visible)<p>From there you can drill down: Flows → Packets → Explain (plain-English hints) &#x2F; follow stream<p>Commands: Offline: babyshark --pcap capture.pcap<p>Live (requires tshark): babyshark --list-ifaces then babyshark --live en0<p>Repo + v0.1.0 release: <a href="https:&#x2F;&#x2F;github.com&#x2F;vignesh07&#x2F;babyshark" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;vignesh07&#x2F;babyshark</a><p>Would love feedback on UX + what “weird detectors” you’d want next.

[DevOps] Show HN: Shibuya – A High-Performance WAF in Rust with eBPF and ML Engine Hi HN,<p>I’ve been working on Shibuya, a next-generation Web Application Firewall (WAF) built from the ground up in Rust.<p>I wanted to build a WAF that didn&#x27;t just rely on legacy regex signatures but could understand intent and perform at line-rate using modern kernel features.<p>What makes Shibuya different:<p>Multi-Layer Pipeline: It integrates a high-performance proxy (built on Pingora) with rate limiting, bot detection, and threat intelligence.<p>eBPF Kernel Filtering: For volumetric attacks, Shibuya can drop malicious packets at the kernel level using XDP before they consume userspace resources.<p>Dual ML Engine: It uses an ONNX-based engine for anomaly detection and a Random Forest classifier to identify specific attack classes like SQLi, XSS, and RCE.<p>API &amp; GraphQL Protection: Includes deep inspection for GraphQL (depth and complexity analysis) and OpenAPI schema validation.<p>WASM Extensibility: You can write and hot-load custom security logic using WebAssembly plugins.<p>Ashigaru Lab: The project includes a deliberately vulnerable lab environment with 6 different services and a &quot;Red Team Bot&quot; to test the WAF against 100+ simulated payloads.<p>The Dashboard: The dashboard is built with SvelteKit and offers real-time monitoring (ECharts), a &quot;Panic Mode&quot; for instant hardening, and a visual editor for the YAML configuration.<p>I&#x27;m looking for feedback on the architecture and the performance of the Rust-eBPF integration.

[API/SDK] Show HN: BVisor – An Embedded Bash Sandbox, 2ms Boot, Written in Zig bVisor is an SDK and runtime for safely executing bash commands directly on your host machine. We built it on the belief that &quot;sandbox&quot; doesn&#x27;t need to mean shipping off to remote sandbox products, or spinning up local VMs &#x2F; containers. Sometimes, you just want to run that bash command locally.<p>bVisor boots a sandbox from user-space without special permissions, powered by seccomp user notifier. This allows us to intercept syscalls from guest processes and selectively virtualize them to block privilege escalation, isolate process visibility, and keep filesystem changes isolated per sandbox (copy-on-write). Sandboxes boot in 2ms, and can run arbitrary binaries at native speed (with minor overhead per syscall). This approach is heavily inspired by Google&#x27;s gVisor.<p>As of today, bVisor supports most filesystem operations, basic file I&#x2F;O, and can run complex binaries such as python interpreters. It is packaged as a Typescript SDK and installable via npm. There&#x27;s much to still implement (such as outbound network access to support &#x27;curl&#x27;, shipping a python SDK, etc), but we wanted to share it here for feedback and anyone who&#x27;d be able to make use of the current featureset!

[Other] The Missing Semester of Your CS Education – Revised for 2026 We returned to MIT last month to teach a revised version of Missing Semester, six years after the original debut (which has been extensively discussed on HN, in <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22226380">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22226380</a> and <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=34934216">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=34934216</a>).<p>We’ve updated the course based on our personal experiences as well as major changes in the field (e.g., the proliferation of AI-powered developer tools) over the past several years. The 2026 course includes revised versions of four lectures from the previous course, and it adds five entirely new lectures:<p>- Development Environment and Tools<p>- Packaging and Shipping Code<p>- Agentic Coding<p>- Beyond the Code (soft skills)<p>- Code Quality<p>We’d love to hear any feedback from the HN community to improve the current or future iterations of the course. In particular, we’re curious to hear the community’s take on our inclusion of AI-related topics (e.g., dedicating an entire class to the topic of agentic coding; though we tried to counterbalance it with plenty of disclaimers, and a dedicated section on AI etiquette in Beyond the Code).<p>--Anish, Jon, and Jose

[Other] Show HN: Agent Multiplexer – manage Claude Code via tmux

[Other] Show HN: TTSLab – A voice AI agent and TTS lab running in the browser via WebGPU I built TTSLab — a free, open-source tool for running text-to-speech and speech-to-text models directly in the browser using WebGPU and WASM.<p>No API keys, no backend, no data leaves your machine.<p>When you open the site, you&#x27;ll hear it immediately — the landing page auto-generates speech from three different sentences right in your browser, no setup required.<p>You can then try any model yourself: type text, hit generate, hear it instantly. Models download once and get cached locally.<p>The most experimental feature: a fully in-browser Voice Agent. It chains speech-to-text → LLM → text-to-speech, all running locally on your GPU via WebGPU. You can have a spoken conversation with an AI without a single network request.<p>Currently supported models: - TTS: Kokoro 82M, SpeechT5, Piper (VITS) - STT: Whisper Tiny, Whisper Base<p>Other features: - Side-by-side model comparison - Speed benchmarking on your hardware - Streaming generation for supported models<p>Source: <a href="https:&#x2F;&#x2F;github.com&#x2F;MbBrainz&#x2F;ttslab" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;MbBrainz&#x2F;ttslab</a> (MIT)<p>Feedback I&#x27;d especially like: 1. How does performance feel on your hardware? 2. What models should I add next? 3. Did the Voice Agent work for you? That&#x27;s the most experimental part.<p>Built on top of ONNX Runtime Web (<a href="https:&#x2F;&#x2F;onnxruntime.ai" rel="nofollow">https:&#x2F;&#x2F;onnxruntime.ai</a>) and Transformers.js — huge thanks to those communities for making in-browser ML inference possible.

[Database] Show HN: PgDog – Scale Postgres without changing the app Hey HN! Lev and Justin here, authors of PgDog (<a href="https:&#x2F;&#x2F;pgdog.dev&#x2F;">https:&#x2F;&#x2F;pgdog.dev&#x2F;</a>), a connection pooler, load balancer and database sharder for PostgreSQL. If you build apps with a lot of traffic, you know the first thing to break is the database. We are solving this with a network proxy that works without requiring application code changes or database migrations.<p>Our post from last year: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=44099187">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=44099187</a><p>The most important update: we are in production. Sharding is used a lot, with direct-to-shard queries (one shard per query) working pretty much all the time. Cross-shard (or multi-database) queries are still a work in progress, but we are making headway.<p>Aggregate functions like count(), min(), max(), avg(), stddev() and variance() are working, without refactoring the app. PgDog calculates the aggregate in-transit, while transparently rewriting queries to fetch any missing info. For example, multi-database average calculation requires a total count of rows to calculate the original sum. PgDog will add count() to the query, if it’s not there already, and remove it from the rows sent to the app.<p>Sorting and grouping works, including DISTINCT, if the columns(s) are referenced in the result. Over 10 data types are supported, like, timestamp(tz), all integers, varchar, etc.<p>Cross-shard writes, including schema changes (CREATE&#x2F;DROP&#x2F;ALTER), are now atomic and synchronized between all shards with two-phase commit. PgDog keeps track of the transaction state internally and will rollback the transaction if the first phase fails. You don’t need to monkeypatch your ORM to use this: PgDog will intercept the COMMIT statement and execute PREPARE TRANSACTION and COMMIT PREPARED instead.<p>Omnisharded tables, a.k.a replicated or mirrored (identical on all shards), support atomic reads and writes. That’s important because most databases can’t be completely sharded and will have some common data on all databases that has to be kept in-sync.<p>Multi-tuple inserts, e.g., INSERT INTO table_x VALUES ($1, $2), ($3, $4), are split by our query rewriter and distributed to their respective shards automatically. They are used by ORMs like Prisma, Sequelize, and others, so those now work without code changes too.<p>Sharding keys can be mutated. PgDog will intercept and rewrite the update statement into 3 queries, SELECT, INSERT, and DELETE, moving the row between shards. If you’re using Citus (for everyone else, Citus is a Postgres extension for sharding databases), this might be worth a look.<p>If you’re like us and prefer integers to UUIDs for your primary keys, we built a cross-shard unique sequence, directly inside PgDog. It uses the system clock (and a couple other inputs), can be called like a Postgres function, and will automatically inject values into queries, so ORMs like ActiveRecord will continue to work out of the box. It’s monotonically increasing, just like a real Postgres sequence, and can generate up to 4 million numbers per second with a range of 69.73 years, so no need to migrate to UUIDv7 just yet.<p><pre><code> INSERT INTO my_table (id, created_at) VALUES (pgdog.unique_id(), now()); </code></pre> Resharding is now built-in. We can move gigabytes of tables per second, by parallelizing logical replication streams across replicas. This is really cool! Last time we tried this at Instacart, it took over two weeks to move 10 TB between two machines. Now, we can do this in just a few hours, in big part thanks to the work of the core team that added support for logical replication slots to streaming replicas in Postgres 16.<p>Sharding hardly works without a good load balancer. PgDog can monitor replicas and move write traffic to a promoted primary during a failover. This works with managed Postgres, like RDS (incl. Aurora), Azure Pg, GCP Cloud SQL, etc., because it just polls each instance with “SELECT pg_is_in_recovery()”. Primary election is not supported yet, so if you’re self-hosting with Patroni, you should keep it around for now, but you don’t need to run HAProxy in front of the DBs anymore.<p>The load balancer is getting pretty smart and can handle edge cases like SELECT FOR UPDATE and CTEs with INSERT&#x2F;UPDATE statements, but if you still prefer to handle your read&#x2F;write separation in code, you can do that too with manual routing. This works by giving PgDog a hint at runtime: a connection parameter (-c pgdog.role=primary), SET statement, or a query comment. If you have multiple connection pools in your app, you can replace them with just one connection to PgDog instead. For multi-threaded Python&#x2F;Ruby&#x2F;Go apps, this helps by reducing memory usage, I&#x2F;O and context switching overhead.<p>Speaking of connection pooling, PgDog can automatically rollback unfinished transactions and drain and re-sync partially sent queries, all in an effort to preserve connections to the database. If you’ve seen Postgres go to 100% CPU because of a connection storm caused by an application crash, this might be for you. Draining connections works by receiving and discarding rows from abandoned queries and sending the Sync message via the Postgres wire protocol, which clears the query context and returns the connection to a normal state.<p>PgDog is open source and welcomes contributions and feedback in any form. As always, all features are configurable and can be turned off&#x2F;on, so should you choose to give it a try, you can do so at your own pace. Our docs (<a href="https:&#x2F;&#x2F;docs.pgdog.dev">https:&#x2F;&#x2F;docs.pgdog.dev</a>) should help too.<p>Thanks for reading and happy hacking!

[Other] Use Claude Code, Cursor CLI or Codex on mobile and web with CloudCLI (aka Claude Code UI). CloudCLI is a free open source webui/GUI that helps you manage your Claude Code session and projects remotely

[Other] Show HN: Implementing ping from the Ethernet layer (ARP,IPv4,ICMP in user space) I built a user-space implementation of ping that constructs Ethernet frames, performs ARP resolution, builds IPv4 headers, and sends ICMP echo requests manually using AF_PACKET.<p>- ARP (packet format, cache with aging, re-ARP, conflict handling) - IPv4 header construction and checksum - DF handling and ICMP Fragmentation Needed (Type 3 Code 4) - IP fragment reassembly - ICMP echo request&#x2F;reply parsing - A basic ping loop with loss statistics<p>The goal was to understand how packets actually move from Layer 2 upward.

[Other] The JavaScript Oxidation Compiler

[CLI Tool] Aqua: A CLI message tool for AI agents

[Other] Show HN: A portfolio that re-architects its React DOM based on LLM intent Hi HN,<p>Added a raw 45-second demo showing the DOM re-architecture in real-time: <a href="https:&#x2F;&#x2F;streamable.com&#x2F;vw133i" rel="nofollow">https:&#x2F;&#x2F;streamable.com&#x2F;vw133i</a><p>I got tired of the &quot;Context Problem&quot; with static portfolios—Recruiters want a resume, Founders want a pitch deck, and Engineers want to see architecture.<p>Instead of building three sites, I hooked up my React frontend to Llama-3 (via Groq for &lt;100ms latency). It analyzes natural language intent from the search bar and physically re-architects the Component Tree to prioritize the most relevant modules using Framer Motion.<p>The hardest part was stabilizing the Cumulative Layout Shift (CLS) during the DOM mutation, but decoupling the layout state from the content state solved it.<p>The Challenge: There is a global CSS override hidden in the search bar. If you guess the 1999 movie reference, it triggers a 1-bit terminal mode.<p>Happy to answer any questions on the Groq implementation or the layout engine!

[Other] NanoClaw moved from Apple Containers to Docker