🛠️ All DevTools

[Other] Show HN: How This Graybeard Built the Fastest and Freest Postgres BM25 Search Last summer we faced a conundrum at my company, Tiger Data, a Postgres cloud vendor whose main business is in timeseries data. We were trying to grow our business towards emerging AI-centric workloads and wanted to provide a state-of-the-art hybrid search stack in Postgres. We&#x27;d already built pgvectorscale in house with the goal of scaling semantic search beyond pgvector&#x27;s main memory limitations. We just needed a scalable ranked keyword search solution too.<p>The problem: core Postgres doesn&#x27;t provide this; the leading Postgres BM25 extension, ParadeDB, is guarded behind AGPL; developing our own extension appeared daunting. We&#x27;d need a small team of sharp engineers and 6-12 months, I figured. And we&#x27;d probably still fall short of the performance of a mature system like Parade&#x2F;Tantivy.<p>Or would we? I&#x27;d be experimenting long enough with AI-boosted development at that point to realize that with the latest tools (Claude Code + Opus) and an experienced hand (I&#x27;ve been working in database systems internals for 25 years now), the old time estimates pretty much go out the window.<p>I told our CTO I thought I could solo the project in one quarter. This raised some eyebrows.<p>It did take a little more time than that (two quarters), and we got some real help from the community (amazing!) after open-sourcing the pre-release. But I&#x27;m thrilled&#x2F;exhausted today to share that pg_textsearch v1.0 is freely available via open source (Postgres license), on Tiger Data cloud, and hopefully soon, a hyperscalar near you:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;timescale&#x2F;pg_textsearch" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;timescale&#x2F;pg_textsearch</a><p>In the blog post accompanying the release, I overview the architecture and present benchmark results using MS-MARCO. To my surprise, we were not only able to meet Parade&#x2F;Tantivy&#x27;s query performance, but exceed it substantially, measuring a 4.7x advantage on query throughput at scale:<p><a href="https:&#x2F;&#x2F;www.tigerdata.com&#x2F;blog&#x2F;pg-textsearch-bm25-full-text-search-postgres" rel="nofollow">https:&#x2F;&#x2F;www.tigerdata.com&#x2F;blog&#x2F;pg-textsearch-bm25-full-text-...</a><p>It&#x27;s exciting (and, to be honest, a little unnerving) to see a field I&#x27;ve spent so much time toiling in change so quickly in ways that enable us to be more ambitious in our technical objectives. Technical moats are moats no longer.<p>The benchmark scripts and methodology are available in the github repo. Happy to answer any questions in the thread.<p>Thanks,<p>TJ (tj@tigerdata.com)

[Other] GitHub Monaspace Case Study

[Monitoring/Observability] Zml-smi: universal monitoring tool for GPUs, TPUs and NPUs

[Other] Anthropic: Claude Code users hitting usage limits 'way faster than expected'

[Other] Herbie: Automatically improve imprecise floating point formulas

[Other] Accidentally created my first fork bomb with Claude Code

[Other] Windows++: C++ Application Framework for Windows by Paul DiLascia

[Other] GitHub backs down, kills Copilot pull-request ads after backlash

[Other] Axios compromised on NPM – Malicious versions drop remote access trojan

[CLI Tool] Show HN: Codemaxxing – Maximize your slop abilities I built a CLI tool to generate as much slop as possible

[Other] Android Developer Verification

[Other] What we learned building 100 API integrations with OpenCode

[API/SDK] OCR for construction documents does not work, we fixed it So we&#x27;ve built an API and trained models that detects fixtures, extracts schedules, and analyzes construction documents. Check us out!<p>More examples: - <a href="https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer&#x2F;docs&#x2F;endpoints&#x2F;drawings-doors" rel="nofollow">https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer&#x2F;docs&#x2F;endpoints&#x2F;drawi...</a><p>Main website: - <a href="https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer" rel="nofollow">https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer</a><p>Why we did it: <a href="https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer&#x2F;docs&#x2F;changelog&#x2F;construction-drawings-are-data-prisons" rel="nofollow">https:&#x2F;&#x2F;www.getanchorgrid.com&#x2F;developer&#x2F;docs&#x2F;changelog&#x2F;const...</a>

[Other] freeCodeCamp.org's open-source codebase and curriculum. Learn math, programming, and computer science for free.

[DevOps] Show HN: Coasts – Containerized Hosts for Agents Hi HN - We&#x27;ve been working on Coasts (“containerized hosts”) to make it so you can run multiple localhost instances, and multiple docker-compose runtimes, across git worktrees on the same computer. Here’s a demo: <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=yRiySdGQZZA" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=yRiySdGQZZA</a>. There are also videos in our docs that give a good conceptual overview: <a href="https:&#x2F;&#x2F;coasts.dev&#x2F;docs&#x2F;learn-coasts-videos">https:&#x2F;&#x2F;coasts.dev&#x2F;docs&#x2F;learn-coasts-videos</a>.<p>Agents can make code changes in different worktrees in isolation, but it&#x27;s hard for them to test their changes without multiple localhost runtimes that are isolated and scoped to those worktrees as well. You can do it up to a point with port hacking tricks, but it becomes impractical when you have a complex docker-compose with many services and multiple volumes.<p>We started playing with Codex and Conductor in the beginning of this year and had to come up with a bunch of hacky workarounds to give the agents access to isolated runtimes. After bastardizing our own docker-compose setup, we came up with Coasts as a way for agents to have their own runtimes without having to change your original docker-compose.<p>A containerized host (from now on we’ll just say “coast” for short) is a representation of your project&#x27;s runtime, like a devcontainer but without the IDE stuff—it’s just focused on the runtime. You create a Coastfile at your project root and usually point to your project&#x27;s docker-compose from there. When you run `coast build` next to the Coastfile you will get a build (essentially a docker image) that can be used to spin up multiple Docker-in-Docker runtimes of your project.<p>Once you have a coast running, you can then do things like assign it to a worktree, with `coast assign dev-1 -w worktree-1`. The coast will then point at the worktree-1 root.<p>Under the hood the host project root and any external worktree directories are Docker-bind-mounted into the container at creation time but the &#x2F;workspace dir, where we run the services of the coast from, is a separate Linux bind mount that we create inside the running container. When switching worktrees we basically just do umount -l &#x2F;workspace, mount --bind &lt;path_to_worktree_root&gt;, mount --make-rshared &#x2F;workspace inside of the running coast. The rshared flag sets up mount propagation so that when we remount &#x2F;workspace, the change flows down to the inner Docker daemon&#x27;s containers.<p>The main idea is that the agents can continue to work host-side but then run exec commands against a specific coast instance if they need to test runtime changes or access runtime logs. This makes it so that we are harness agnostic and create interoperability around any agent or agent harness that runs host-side.<p>Each coast comes with its own set of dynamic ports: you define the ports you wish to expose back to the host machine in the Coastfile. You&#x27;re also able to &quot;checkout&quot; a coast. When you do that, socat binds the canonical ports of your coast (e.g. web 3000, db 5432) to the host machine. This is useful if you have hard coded ports in your project or need to do something like test webhooks.<p>In your Coastfile you point to all the locations on your host-machine where you store your worktrees for your project (e.g. ~&#x2F;.codex&#x2F;worktrees). When an agent runs `coast lookup` from a host-side worktree directory, it is able to find the name of the coast instance it is running on, so it can do things like call `coast exec dev-1 make tests`. If your agent needs to do things like test with Playwright it can so that host-side by using the dynamic port of your frontend.<p>You can also configure volume topologies, omit services and volumes that your agent doesn&#x27;t need, as well as share certain services host-side so you don&#x27;t add overhead to each coast instance. You can also do things like define strategies for how each service should behave after a worktree assignment change (e.g. none, hot, restart, rebuild). This helps you optimize switching worktrees so you don&#x27;t have to do a whole docker-compose down and up cycle every time.<p>We&#x27;d love to answer any questions and get your feedback!

[Other] CodingFont: A game to help you pick a coding font

[CLI Tool] Show HN: axil – A terminal user-interface for treesitter I initially wrote axil to help inspect and run queries against syntax trees for my treesitter-based language server implementation (<a href="https:&#x2F;&#x2F;github.com&#x2F;terror&#x2F;just-lsp" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;terror&#x2F;just-lsp</a>), and have been working toward making this into something more useable :)

[CLI Tool] Show HN: Zerobox – Sandbox any command with file, network, credential controls I&#x27;m excited to introduce Zerobox, a cross-platform, single binary process sandboxing CLI written in Rust. It uses the sandboxing crates from the OpenAI Codex repo and adds additional functionalities like secret injection, SDK, etc.<p>Watch the demo: <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=wZiPm9BOPCg" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=wZiPm9BOPCg</a><p>Zerobox follows the same sandboxing policy as Deno which is deny by default. The only operation that the command can run is reading files, all writes and network I&#x2F;O are blocked by default. No VMs, no Docker, no remote servers.<p>Want to block reads to &#x2F;etc?<p><pre><code> zerobox --deny-read=&#x2F;etc -- cat &#x2F;etc&#x2F;passwd cat: &#x2F;etc&#x2F;passwd: Operation not permitted </code></pre> How it works:<p>Zerobox wraps any commands&#x2F;programs, runs an MITM proxy and uses the native sandboxing solutions on each operating system (e.g BubbleWrap on Linux) to run the given process in a sandbox. The MITM proxy has two jobs: blocking network calls and injecting credentials at the network level.<p>Think of it this way, I want to inject &quot;Bearer OPENAI_API_KEY&quot; but I don&#x27;t want my sandboxed command to know about it, Zerobox does that by replacing &quot;OPENAI_API_KEY&quot; with a placeholder, then replaces it when the actual outbound network call is made, see this example:<p><pre><code> zerobox --secret OPENAI_API_KEY=$OPENAI_API_KEY --secret-host OPENAI_API_KEY=api.openai.com -- bun agent.ts </code></pre> Zerobox is different than other sandboxing solutions in the sense that it would allow you to easily sandbox any commands locally and it works the same on all platforms. I&#x27;ve been exploring different sandboxing solutions, including Firecracker VMs locally, and this is the closest I was able to get when it comes to sandboxing commands locally.<p>The next thing I&#x27;m exploring is `zerobox claude` or `zerobox openclaw` which would wrap the entire agent and preload the correct policy profiles.<p>I&#x27;d love to hear your feedback, especially if you are running AI Agents (e.g. OpenClaw), MCPs, AI Tools locally.

[Other] Queueing Requests Queues Your Capacity Problems, Too

[CLI Tool] Show HN: CLI to order groceries via reverse-engineered REWE API (Haskell) I just had the best time learning about the REWE (German supermarket chain) API, how they use mTLS and what the workflows are. Also `mitmproxy2swagger`[1] is a great tool to create OpenAPI spec automatically.<p>And then 2026 feels like the perfect time writing Haskell. The code is handwritten, but whenever I got stuck with the build system or was just not getting the types right, I could fall back to ask AI to unblock me. It was never that smooth before.<p>Finally the best side projects are the ones you actually use and this one will be used for all my future grocery shopping.<p>[1]<a href="https:&#x2F;&#x2F;github.com&#x2F;alufers&#x2F;mitmproxy2swagger" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;alufers&#x2F;mitmproxy2swagger</a>