🛠️ All DevTools

[DevOps] Show HN: Sandboxing untrusted code using WebAssembly Hi everyone,<p>I built a runtime to isolate untrusted code using wasm sandboxes.<p>Basically, it protects your host system from problems that untrusted code can cause. We’ve had a great discussion about sandboxing in Python lately that elaborates a bit more on the problem [1]. In TypeScript, wasm integration is even more natural thanks to the close proximity between both ecosystems.<p>The core is built in Rust. On top of that, I use WASI 0.2 via wasmtime and the component model, along with custom SDKs that keep things as idiomatic as possible.<p>For example, in Python we have a simple decorator:<p><pre><code> from capsule import task @task( name=&quot;analyze_data&quot;, compute=&quot;MEDIUM&quot;, ram=&quot;512mb&quot;, allowed_files=[&quot;.&#x2F;authorized-folder&#x2F;&quot;], timeout=&quot;30s&quot;, max_retries=1 ) def analyze_data(dataset: list) -&gt; dict: &quot;&quot;&quot;Process data in an isolated, resource-controlled environment.&quot;&quot;&quot; # Your code runs safely in a Wasm sandbox return {&quot;processed&quot;: len(dataset), &quot;status&quot;: &quot;complete&quot;} </code></pre> And in TypeScript we have a wrapper:<p><pre><code> import { task } from &quot;@capsule-run&#x2F;sdk&quot; export const analyze = task({ name: &quot;analyzeData&quot;, compute: &quot;MEDIUM&quot;, ram: &quot;512mb&quot;, allowedFiles: [&quot;.&#x2F;authorized-folder&#x2F;&quot;], timeout: 30000, maxRetries: 1 }, (dataset: number[]) =&gt; { return {processed: dataset.length, status: &quot;complete&quot;} }); </code></pre> You can set CPU (with compute), memory, filesystem access, and retries to keep precise control over your tasks.<p>It&#x27;s still quite early, but I&#x27;d love feedback. I’ll be around to answer questions.<p>GitHub: <a href="https:&#x2F;&#x2F;github.com&#x2F;mavdol&#x2F;capsule" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;mavdol&#x2F;capsule</a><p>[1] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=46500510">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=46500510</a>

[Other] Show HN: Inverting Agent Model (App as Clients, Chat as Server and Reflection) Hello HN. I’d like to start by saying that I am a developer who started this research project to challenge myself. I know standard protocols like MCP exist, but I wanted to explore a different path and have some fun creating a communication layer tailored specifically for desktop applications.<p>The project is designed to handle communication between desktop apps in an agentic manner, so the focus is strictly on this IPC layer (forget about HTTP API calls).<p>At the heart of RAIL (Remote Agent Invocation Layer) are two fundamental concepts. The names might sound scary, but remember this is a research project:<p>Memory Logic Injection + Reflection Paradigm shift: The Chat is the Server, and the Apps are the Clients.<p>Why this approach? The idea was to avoid creating huge wrappers or API endpoints just to call internal methods. Instead, the agent application passes its own instance to the SDK (e.g., RailEngine.Ignite(this)).<p>Here is the flow that I find fascinating:<p>-The App passes its instance to the RailEngine library running inside its own process.<p>-The Chat (Orchestrator) receives the manifest of available methods.The Model decides what to do and sends the command back via Named Pipe.<p>-The Trigger: The RailEngine inside the App receives the command and uses Reflection on the held instance to directly perform the .Invoke().<p>Essentially, I am injecting the &quot;Agent Logic&quot; directly into the application memory space via the SDK, allowing the Chat to pull the trigger on local methods remotely.<p>A note on the Repo: The GitHub repository has become large. The core focus is RailEngine and RailOrchestrator. You will find other connectors (C++, Python) that are frankly &quot;trash code&quot; or incomplete experiments. I forced RTTR in C++ to achieve reflection, but I&#x27;m not convinced by it. Please skip those; they aren&#x27;t relevant to the architectural discussion.<p>I’d love to focus the discussion on memory-managed languages (like C#&#x2F;.NET) and ask you:<p>-Architecture: Does this inverted architecture (Apps &quot;dialing home&quot; via IPC) make sense for local agents compared to the standard Server&#x2F;API model?<p>-Performance: Regarding the use of Reflection for every call—would it be worth implementing a mechanism to cache methods as Delegates at startup? Or is the optimization irrelevant considering the latency of the LLM itself?<p>-Security: Since we are effectively bypassing the API layer, what would be a hypothetical security layer to prevent malicious use? (e.g., a capability manifest signed by the user?)<p>I would love to hear architectural comparisons and critiques.

[Other] Show HN: difi – A Git diff TUI with Neovim integration (written in Go)

[Other] The browser catches homograph attacks, the terminal doesn't

[Other] Skills Catalog for Codex

[Other] LNAI – Define AI coding tool configs once, sync to Claude, Cursor, Codex, etc.

[Other] View Wi-Fi & ethernet details from the menubar Ever wonder why your connection feels slow? Curious about what Wi-Fi standard you're really using? Put advanced network diagnostics right into your macOS menu bar. Designed for IT professionals, developers, and anyone who wants to understand their network better, Network Connection Info provides a clean, at-a-glance view of your most important connection stats. See your connection status, IP address, link speed, or Wi-Fi signal strength directly in the menu bar.

[CLI Tool] Terminal for Claude Code with GUI controls Caudex is a lightweight terminal app for Claude Code. Features: - Multi-tab & split terminals for parallel development - Tab overview to monitor all sessions at a glance - Context & cost monitoring - One-click setup for Skills and MCP servers - Keyboard-first workflow macOS/Windows available now. Linux coming soon.

[DevOps] One command to switch your entire DevOps context Most tools manage one piece: direnv for env vars, kubectx for K8s, aws-vault for AWS. You're still juggling multiple tools. ctx_ is different - it treats your entire DevOps environment (cloud providers, orchestration, tunnels, VPNs) as one switchable context. One command replaces dozens. It's stateful, meaning active SSH tunnels and connections switch too. Built for people managing 5+ environments daily.

[Other] Convert text to natural-sounding speech with AI TextToSpeech.tech is an AI-powered online tool that converts text into natural-sounding speech instantly. Free to use, and works directly in your browser. Perfect for content creators, teachers, and developers.

[IDE/Editor] Local AI IDE. Your code stays yours. Kalynt is a privacy-first AI IDE that runs entirely on your machine. Your code never leaves your computer unless you explicitly choose. Unlike Cursor or GitHub Copilot, Kalynt runs local LLMs (Qwen, Devstral 24B) directly on your hardware – even on 8GB RAM. Real-time P2P collaboration uses encrypted signals, not cloud servers. Built with AIME (context management engine), CRDTs, WebRTC. Open-core (AGPL-3.0). Beta v1.0 – shipping fast, iterating based on feedback.

[CLI Tool] Show HN: Latex-wc – Word count and word frequency for LaTeX projects I was revising my proposal defense and kept feeling like I was repeating the same term. In a typical LaTeX project split across many .tex files, it’s awkward to get a quick, clean word-frequency view without gluing everything together or counting LaTeX commands&#x2F;math as “words”.<p>So I built latex-wc, a small Python CLI that:<p>- extracts tokens from LaTeX while ignoring common LaTeX “noise” (commands, comments, math, refs&#x2F;cites, etc.)<p>- can take a single .tex file or a directory and recursively scan all *.tex files<p>- prints a combined report once (total words, unique words, top-N frequencies)<p>Fastest way to try it is `uvx latex-wc [path]` (file or directory). Feedback welcome, especially on edge cases where you think the heuristic filters are too aggressive or not aggressive enough.

[CLI Tool] Show HN: Latex-wc – Word count and word frequency for LaTeX projects I was revising my proposal defense and kept feeling like I was repeating the same term. In a typical LaTeX project split across many .tex files, it’s awkward to get a quick, clean word-frequency view without gluing everything together or counting LaTeX commands&#x2F;math as “words”.<p>So I built latex-wc, a small Python CLI that:<p>- extracts tokens from LaTeX while ignoring common LaTeX “noise” (commands, comments, math, refs&#x2F;cites, etc.)<p>- can take a single .tex file or a directory and recursively scan all *.tex files<p>- prints a combined report once (total words, unique words, top-N frequencies)<p>Fastest way to try it is `uvx latex-wc [path]` (file or directory). Feedback welcome, especially on edge cases where you think the heuristic filters are too aggressive or not aggressive enough.

[DevOps] Show HN: 127 PRs to Prod this wknd with 18 AI agents: metaswarm. MIT licensed A few weeks ago I posted about GoodToGo <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=46656759">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=46656759</a> - a tool that gives AI agents a deterministic answer to &quot;is this PR ready to merge?&quot; Several people asked about the larger orchestration system I mentioned. This is that system.<p>I got tired of being a project manager for Claude Code. It writes code fine, but shipping production code is seven or eight jobs — research, planning, design review, implementation, code review, security audit, PR creation, CI babysitting. I was doing all the coordination myself. The agent typed fast. I was still the bottleneck. What I really needed was an orchestrator of orchestrators - swarms of swarms of agents with deterministic quality checks.<p>So I built metaswarm. It breaks work into phases and assigns each to a specialist swarm orchestrator. It manages handoffs and uses BEADS for deterministic gates that persist across &#x2F;compact, &#x2F;clear, and even across sessions. Point it at a GitHub issue or brainstorm with it (it uses Superpowers to ask clarifying questions) and it creates epics, tasks, and dependencies, then runs the full pipeline to a merged PR - including outside code review like CodeRabbit, Greptile, and Bugbot.<p>The thing that surprised me most was the design review gate. Five agents — PM, Architect, Designer, Security, CTO — review every plan in parallel before a line of code gets written. All five must approve. Three rounds max, then it escalates to a human. I expected a rubber stamp. It catches real design problems, dependency issues, security gaps.<p>This weekend I pointed it at my backlog. 127 PRs merged. Every one hit 100% test coverage. No human wrote code, reviewed code, or clicked merge. OK, I guided it a bit, mostly helping with plans for some of the epics.<p>A few learnings:<p>Agent checklists are theater. Agents skipped coverage checks, misread thresholds, or decided they didn&#x27;t apply. Prompts alone weren&#x27;t enough. The fix was deterministic gates — BEADS, pre-push hooks, CI jobs all on top of the agent completion check. The gates block bad code whether or not the agent cooperates.<p>The agents are just markdown files. No custom runtime, no server, and while I built it on TypeScript, the agents are language-agnostic. You can read all of them, edit them, add your own.<p>It self-reflects too. After every merged PR, the system extracts patterns, gotchas, and decisions into a JSONL knowledge base. Agents only load entries relevant to the files they&#x27;re touching. The more it ships, the fewer mistakes it makes. It learns as it goes.<p>metaswarm stands on two projects: <a href="https:&#x2F;&#x2F;github.com&#x2F;steveyegge&#x2F;beads" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;steveyegge&#x2F;beads</a> by Steve Yegge (git-native task tracking and knowledge priming) and <a href="https:&#x2F;&#x2F;github.com&#x2F;obra&#x2F;superpowers" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;obra&#x2F;superpowers</a> by Jesse Vincent (disciplined agentic workflows — TDD, brainstorming, systematic debugging). Both were essential.<p>Background: I founded Technorati, Linuxcare, and Warmstart; tech exec at Lyft and Reddit. I built metaswarm because I needed autonomous agents that could ship to a production codebase with the same standards I&#x27;d hold a human team to.<p>$ cd my-project-name<p>$ npx metaswarm init<p>MIT licensed. IANAL. YMMV. Issues&#x2F;PRs welcome!

[Other] GitHub experience various partial-outages/degradations

[Code Quality] Show HN: HoundDog.ai – Ultra-Fast Code Scanner for Data Privacy Hi HN,<p>I&#x27;m one of the creators of HoundDog.ai (<a href="https:&#x2F;&#x2F;github.com&#x2F;hounddogai&#x2F;hounddog" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;hounddogai&#x2F;hounddog</a>). We currently handle privacy scanning for Replit&#x27;s 45M+ creators.<p>We built HoundDog because privacy compliance is usually a choice between manual spreadsheets or reactive runtime scanning. While runtime tools are useful for monitoring, they only catch leaks after the code is live and the data has already moved. They can also miss code paths that aren&#x27;t actively triggered in production.<p>HoundDog traces sensitive data in code during development and helps catch risky flows (e.g., PII leaking into logs or unapproved third-party SDKs) before the code is shipped.<p>The core scanner is a standalone Rust binary. It doesn&#x27;t use LLMs so it&#x27;s local, deterministic, cheap, and fast. It can scan 1M+ lines of code in seconds on a standard laptop, and supports 80+ sensitive data types (PII, PHI, CHD) and hundreds of data sinks (logs, SDKs, APIs, ORMs etc.) out of the box.<p>We use AI internally to expand and scale our rules, identifying new data sources and sinks, but the execution is pure static analysis.<p>The scanner is free to use (no signups) so please try it out and send us feedback. I&#x27;ll be around to answer any questions!

[Other] Show HN: Sklad – Secure, offline-first snippet manager (Rust, Tauri v2) Hi HN, I’m Pavel.<p>I built Sklad because, as a DevOps engineer, I was frustrated with how I handled operational data. I constantly need access to SSH passwords (where keys aren&#x27;t an option), specific IP addresses, and complex CLI one-liners. I realized I was storing them in insecure text files or sticky notes because standard clipboard managers felt too bloated and password managers were too slow for my workflow.<p>I wanted a &quot;warehouse&quot; for this data—something that lives quietly in the system tray, supports deep hierarchy, works completely offline, and looks industrial.<p>The app is built with Rust and Tauri v2. The core technical challenge was mapping a local JSON tree structure directly to a recursive native OS tray menu. This allows you to navigate nested folders just by hovering, without opening a window.<p>For security, I implemented AES-256-GCM encryption with Argon2 for key derivation. When the vault locks, the sensitive data is wiped from memory, and the tray menu collapses to a locked state.<p>It was an interesting journey building this on the Tauri v2 Beta ecosystem. I’d love to hear your feedback on the implementation, especially regarding the Rust-side security logic.<p>Repo: <a href="https:&#x2F;&#x2F;github.com&#x2F;Rench321&#x2F;sklad" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Rench321&#x2F;sklad</a>

[API/SDK] Turn Slack messages into GitHub, Jira, or Linear tickets Ask Ellie is the AI chat agent that brings all your engineering context into Slack. Ask about code changes, PR status, sprint velocity, production issues, or analytics and get instant answers pulled from your actual tools. Create tickets, debug incidents, check what shipped, or find out who's blocking what, all without leaving chat. Connect GitHub, Jira, Linear, Sentry, PostHog, and more. No more dashboard hopping Just answers.

[IDE/Editor] AI IDE that writes and flashes STM32 firmware for your board AI coding agents to speed up STM32 embedded development

[Other] Building a Telegram Bot with Cloudflare Workers, Durable Objects and Grammy