🛠️ Hacker News Tools

[Other] Mounting Git commits as folders with NFS

[API/SDK] Show HN: Hsrs – Type-Safe Haskell Bindings Generator for Rust Hey everyone! I&#x27;ve been working on hsrs, a type-safe Haskell Bindings Generator for Rust.<p>I couldn&#x27;t really find any bindings generator that would create type-safe, rich bindings for Haskell from Rust. Naturally, both languages have rich type systems, so I was amazed that no awesome bindings generator already existed, hence I decided to write my own. hsrs feels very similar to pyo3 and napi-rs, and if you&#x27;ve used those, hsrs will feel right at home.<p>What&#x27;s unique about hsrs as opposed to hs-bindgen is that it has type-safe bindings for rich types, like Result, Maybe, etc. while also generating Haskell bindings. The repo contains a minimal example, and more details are available in the haskell discourse: <a href="https:&#x2F;&#x2F;discourse.haskell.org&#x2F;t&#x2F;ann-hsrs-ergonomic-haskell-bindings-for-rust&#x2F;14129" rel="nofollow">https:&#x2F;&#x2F;discourse.haskell.org&#x2F;t&#x2F;ann-hsrs-ergonomic-haskell-b...</a>

[Other] LLMCap – A proxy that hard-stops LLM API calls when you hit a dollar cap

[Code Quality] Sieve – scans Cursor/Claude chat history for leaked API keys Background: I was using Cursor to set up an OpenAI integration.The agent read my .env file, added the key to the config, and everything worked. What I didn&#x27;t think about: that key was now sitting in a plaintext SQLite database at ~&#x2F;Library&#x2F;ApplicationSupport&#x2F;Cursor&#x2F;User&#x2F;workspaceStorage&#x2F;..<p>AI coding tools (Cursor, Claude Code, Copilot, Cline) routinely read .env files as part of normal operation. Every secret they touch gets embedded in their local transcript&#x2F;state files — unencrypted, outside .gitignore, persisted indefinitely.<p>Standard secret scanners (gitleaks, detect-secrets) scan git repos. Nobody scans AI transcript stores. That&#x27;s the gap.<p>Sieve scans those files locally on your Mac. Flags exposed keys by severity. Redacts them in-place. Stores fingerprints in Keychain — never plaintext. Covers Cursor, Claude Code, Claude Desktop, Copilot, Cline, Roo Cline, Windsurf, Gemini CLI, and .env files.<p>Happy to answer questions about how the SQLite parsing works or the detection rules.

[Other] Show HN: Tracecast – open-source generative data apps built on top of Marimo Hi HN, I&#x27;m Malachy, the founder of Tracecast. This project lets you generate interactive data apps on top of your data, using a Cursor-style AI chat. It stitches together Marimo, LangGraph agents, and data warehouse query tools. It has an Apache 2.0 license.<p>The initial use case that spurred this project was business analytics, specifically generating product usage dashboards.<p>This project&#x27;s main inspiration is Marimo, an open source python notebook that can be &quot;queried with SQL, run as a script, and deployed as an app&quot; [1]. The recent release of Marimo Pair [2] demonstrated the power of connecting AI agents like Claude Code to Marimo notebooks directly. This project seeks to build on that work by incorporating a LangGraph agent with two key abilities: (1) the ability to execute queries against a connected data warehouse (such as Snowflake); (2) the ability to write Marimo notebooks.<p>When prompted, the LangGraph agent will run exploratory data analysis using database query tools. Then, it creates a polished Marimo notebook that&#x27;s presented to the user in read-only mode. This project intentionally hides the Marimo edit mode. That means that the end user only ever sees a finished, read-only data app. Ease of use and trust in AI output were the main drivers behind this decision.<p>4 data sources are currently supported: Snowflake, BigQuery, Postgres, and Metabase. The code for the database query tools was derived from Google&#x27;s open source MCP Toolbox for Databases.<p>There is currently no support for MCP. Instead, data query tools are hardcoded. This decision was made to ensure high quality AI queries and limit tool bloat.<p>This is an early stage project, and is configured to only run locally at this time.<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;marimo-team&#x2F;marimo" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;marimo-team&#x2F;marimo</a> [2] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47678844">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47678844</a>

[IDE/Editor] Loopmaster – Livecoding Music IDE

[Code Quality] Show HN: Haystack – Review the PRs that need human attention Hey HN! We&#x27;re building Haystack (<a href="https:&#x2F;&#x2F;haystackeditor.com&#x2F;">https:&#x2F;&#x2F;haystackeditor.com&#x2F;</a>) to help teams deal with the explosion in the number of pull requests that need to be reviewed due to the rise of coding agents.<p>Haystack replaces the GitHub PR review system with a queue that triages each PR before a human has to read any diffs. It looks at the diffs, the codebase, and the coding-agent conversation that produced the PR. Haystack then routes it into one of three buckets:<p>1. Safe to merge. This means the PR has enough evidence behind it that the team can merge it without another human&#x27;s review.<p>Some examples:<p>-- A small UI copy change that includes a screenshot showing the final state<p>-- A backend change where the author clearly tested the important paths and ran the changes in a real environment<p>2. Needs fixes. This means that the PR has bugs or violates a rule in your codebase and therefore the PR needs to be fixed by the author.<p>Some examples:<p>-- The agent was asked to make loading a large table faster by adding pagination, but the PR still loads every result at once and &quot;implements&quot; pagination in the UI<p>-- The PR silently catches an error instead of logging, surfacing, or handling it. This violates the team&#x27;s &quot;no silent error swallowing&quot; rule<p>3. Needs human review. This means that the PR could not be sufficiently verified by the author or is touching a sensitive part of the codebase (determined by user-input guidelines) and thus requires human review.<p>Some examples:<p>-- The PR changes a significant amount of logic in billing<p>-- The PR changes an important user flow like onboarding, but the author only ran unit tests and never opened the app to check the flow end-to-end. That violates the team&#x27;s rule that high-impact user-facing changes need manual verification.<p>Instead of starting with line-by-line diffs, Haystack immediately tells the reviewer the goal behind the PR, what design decisions the author made (informed by their coding-agent conversation), and how much the author did to verify that the pull request works (e.g. run scripts, checked the frontend, etc.).<p>In this way, review shifts from &quot;what changed?&quot; to &quot;is this the right behavior and is there evidence that it works?&quot;.<p>Here&#x27;s a quick demo: <a href="https:&#x2F;&#x2F;www.tella.tv&#x2F;video&#x2F;streamlining-code-reviews-with-haystack-65zj" rel="nofollow">https:&#x2F;&#x2F;www.tella.tv&#x2F;video&#x2F;streamlining-code-reviews-with-ha...</a><p>We previously launched Haystack as a tool for understanding large PRs (<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=45201703">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=45201703</a>). As many of you can probably relate to, the release of Opus 4.5 completely shattered our conception of how fast an engineer could craft a PR.<p>And as coding agents got even better from 4.5, we realized that pull requests did not scale along with our coding velocity. With each member of our team being able to pump out more than 20 pull requests a day, code review quickly became cognitively exhausting and less helpful.<p>After talking with other folks, we learned many feel similarly, and currently face the binary option of either not doing review at all or trying to keep up with a fire hose of pull requests.<p>Haystack is our attempt at a third path. We still believe in code review, but as coding agents produce more code, human reviewer attention becomes more valuable and more expensive.<p>Haystack helps teams spend that attention on the PRs where a human can meaningfully change the outcome of that PR. And for such PRs, Haystack shows the reviewer what the PR intended to do, whether the author showed that it works, and what design decisions need a second pair of eyes.<p>We&#x27;re still quite early and are figuring out whether Haystack truly makes code review better. We would love any and all feedback!

[Other] The Interview That Ships to Production: replacing whiteboards with pull requests

[Other] We stopped AI bot spam in our GitHub repo using Git's –author flag

[Other] Show HN: Auto-identity-remove – Automated data broker opt-out runner for macOS

[Other] NASA still maintains some of the Voyager spacecraft code from the 70s era

[Other] Show HN: Pdf2md – 10MB Rust PDF-to-Markdown Tool with a Free API

[Code Quality] Show HN: How to Kill the Dead Internet Ok, so maybe &quot;how to revive the internet&quot; would be more accurate, but if you&#x27;re reading this, I got your attention, right? Here&#x27;s why I want you to read on: I built a free extension, D-slop, to disincentivize anyone from posting AI writing, and eventually images and video as well, on the internet.<p>For writing, it checks known vocab and punctuation tells, as well as subtler tells related to cadence, and assigns it a score subject to an adjustable threshold. If the text fails, users have the option to flag offending text, hide it, or block the page entirely (with the option to see anyway).<p>For media, it&#x27;s admittedly fairly weak, as it relies on C2PA metadata which is stripped from all of the social media sites where it would be most helpful. (Anyone else have chronically online boomer parents continually gobbling up slop like it&#x27;s real information?)<p>I have a D-slop+ version in the works that should be able to handle the media itself, but it&#x27;s going to have to make API calls to have real teeth, which means I can&#x27;t offer it for free. If this extension validates the concept, I&#x27;m happy to build it for y&#x27;all.<p>Yes, I vibe-coded it, but an ancillary bonus to the project accrued when it inspired me to cook dinner listening to Metallica&#x27;s &quot;Fight Fire with Fire,&quot; which in turn brought my 5 y&#x2F;o running into the kitchen with every musical instrument in the house for an impromptu karaoke speed metal session.<p>It&#x27;s MIT license open-source, full brief at <a href="https:&#x2F;&#x2F;github.com&#x2F;jared-the-automator&#x2F;d-slop" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;jared-the-automator&#x2F;d-slop</a>; This forum is full of people smarter than me, so I&#x27;m open to suggestions.

[Other] Show HN: Semble – Code search for agents that uses 98% fewer tokens than grep Hey HN! We (Stephan and Thomas) recently open-sourced Semble. We kept running into the same problem while using Claude Code on large codebases: when the agent can&#x27;t find something directly, it falls back to grep, reading full files or launching subagents. This uses a lot of tokens, and often still misses the relevant code. There are existing tools for this, but they were either too slow to index on demand, needed API keys, or had poor retrieval quality.<p>Semble is our solution for this. It combines static Model2Vec embeddings (using our latest static model: potion-code-16M) with BM25, fused via RRF and reranked with code-aware signals. Everything runs on CPU since there&#x27;s no transformers involved. On our benchmark of ~1250 query&#x2F;document pairs across 63 repos and 19 languages, it uses 98% fewer tokens than grep+read and reaches 99% of the retrieval quality of a 137M-parameter code-trained transformer, while being ~200x faster.<p>Main features:<p>- Token-efficient: 98% fewer tokens than grep+read<p>- Fast: ~250ms to index a typical repo on our benchmark, ~1.5ms per query on CPU (very large repos may take longer)<p>- Accurate: 0.854 NDCG@10, 99% of the best transformer setup we tested<p>- MCP server: drop-in for Claude Code, Cursor, Codex, OpenCode<p>- Zero config: no API keys, no GPU, no external services<p>Install in Claude Code with: claude mcp add semble -s user -- uvx --from &quot;semble[mcp]&quot; semble<p>Or check our README for other installation instructions, benchmarks, and methodology:<p>Semble: <a href="https:&#x2F;&#x2F;github.com&#x2F;MinishLab&#x2F;semble" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;MinishLab&#x2F;semble</a><p>Benchmarks: <a href="https:&#x2F;&#x2F;github.com&#x2F;MinishLab&#x2F;semble&#x2F;tree&#x2F;main&#x2F;benchmarks" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;MinishLab&#x2F;semble&#x2F;tree&#x2F;main&#x2F;benchmarks</a><p>Model: <a href="https:&#x2F;&#x2F;huggingface.co&#x2F;minishlab&#x2F;potion-code-16M" rel="nofollow">https:&#x2F;&#x2F;huggingface.co&#x2F;minishlab&#x2F;potion-code-16M</a><p>Let us know if you have any feedback or questions!

[Other] Handling the great code forge fragmentation

[API/SDK] Nim-Presto – REST API Framework for Nim Language

[Other] When can the C++ compiler devirtualize a call?

[Other] kharp – k version 3 Language Interpreter in C#

[Other] Grafana Labs internal source code accessed

[Other] Show HN: Serene Bach – a Go weblog engine that runs as CGI or HTTP I originally made Serene Bach in the 2000s as a weblog engine written in Perl CGI. I rebuilt it from scratch in Go as a single binary that can run either as a CGI program or as a normal HTTP server.<p>I know CGI is generally considered legacy technology now, but I still rely on it for shared hosting. In this version, I added Markdown support, a responsive default theme, Open Graph image generation, and static output generation.<p>It is still in beta, but the repository includes a Docker image published on GHCR, documentation, and a local quick start. I&#x27;d appreciate feedback from anyone interested in small self-hosted publishing tools, especially if you still care about shared hosting or CGI-style deployment.