🛠️ Hacker News Tools

[Monitoring/Observability] Show HN: RePlaya – self-hosted browser session replay with live tailing Hi HN, I&#x27;m one of the founders of s2.dev. RePlaya (<a href="https:&#x2F;&#x2F;github.com&#x2F;s2-streamstore&#x2F;replaya" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;s2-streamstore&#x2F;replaya</a>) is a self-hosted browser session replay tool using rrweb (<a href="https:&#x2F;&#x2F;github.com&#x2F;rrweb-io&#x2F;rrweb" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;rrweb-io&#x2F;rrweb</a>).<p>It occurred to me that a durable stream per session would be a much neater architectural foundation for much of what you&#x27;d want from such a tool. As a unique feature, it also made live tailing straightforward because the player can read from the same stream the recorder is appending to.<p>The alternative architecture is likely an ingest firehose which is then indexed, with associated complexity and latency. You&#x27;d have to string together multiple data systems like a message queue, a metadata database, and blob storage and&#x2F;or an OLAP database.<p>Here the only dependency is S2, which has an open source version you can self-host called s2-lite (<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=46708055">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=46708055</a>).<p>How it works:<p>- one S2 stream per browser session<p>- large rrweb events (like a full snapshot) get framed across multiple binary S2 records and reassembled on read<p>- active sessions are tailed with an S2 read session, and bridged to the browser over SSE<p>- session listing relies on stream names encoding reverse timestamps, as S2 returns a lexicographic order listing<p>- relying on fencing tokens so a stopped session can&#x27;t be written to again by a late recorder<p>- retention and GC are handled via S2 stream config, so no background job needed<p>Curious to hear from folks on the tool or the stream-per-session model!

[Other] QBE – Compiler Backend – 1.3

[Other] Show HN: I built a way to find and install Claude skills I&#x27;ve been experimenting with ways to increase AI adoption for non-technical people. Basically, all companies are pushing for AI because it&#x27;s all over the news and they feel left behind but most people have no clue where to start. I think 90% of people (ie non coders) are sufficiently well served by using cowork instead of claude code or something similar. If we can get people from sales, customer support, marketing, etc to collaborate with skills and cowork to form a company brain, I think it&#x27;s gold. So I think there&#x27;s opportunity for the community to share skills that work well for 1000s of use cases. However, it&#x27;s currently quite hard to find good skills and figure out if they&#x27;re worth it. Gstack has had immense success because of Gary&#x27;s reach and credibility. Can something like Claudinho.xyz host skills built by the community? What are your thoughts &#x2F; concerns?

[Other] Show HN: MetaBrain – A local document memory for AI agents Hello there HN<p>I experimented with agentic coding recently and I felt the need to track more contextual data by project. Also I felt the need to be able to go beyond the 1D chat to communicate with agents.<p>So I created a local document memory, that is discoverable by agents themselves. The CLI is designed to be easy to pick up by agents. It allows humans to collaborate too by reading &#x2F; searching &#x2F; editing documents in the store.<p>I have a Mac native GUI in the review process, I hope it will show up in the App Store soon.<p>You can try it easily, instructions here: <a href="https:&#x2F;&#x2F;metabrain.eu&#x2F;" rel="nofollow">https:&#x2F;&#x2F;metabrain.eu&#x2F;</a> Here is the GitHub <a href="https:&#x2F;&#x2F;github.com&#x2F;OpenCow42&#x2F;metaBrain" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;OpenCow42&#x2F;metaBrain</a><p>The project is also an experiment for me to build some swift project truly cross platform (Mac &#x2F; Linux &#x2F; Windows) It is open-sourced with the same license as LevelDB that I wrapped in swift to do this project.<p>The agents (and humans) can retrieve content quickly with a search, allowing to re-injecting specific knowledge in a specific context during agentic work. It’s funny, I’ve thought of &quot;inference rule base&quot; as something of a derelict idea of the old functional expert systems. Now that I start working with agents I feel more and more the need to go pick previously working solutions dynamically in such a base.<p>I’d be happy to get feedback. Product fit wise, would this be useful to you or is this just me who is happy with it ?<p>Finally I had fun with the compression of documents, it tries ZSTD quick, if it does not compress the data by more than 10 percent it stores data uncompressed, else it does a ZSTD level 9 compression on the data. I picked up this trick form OpenZFS.<p>Thanks

[Other] Rethinking Search as Code Generation

[Other] 1-Click GitHub Token Stealing via a VSCode Bug

[Other] Show HN: A searchable archive of declassified UAP/UFO files, news, and analysis Hey HN! Y’all are great. It is so fun to build things these days.<p>I wanna show off this archive that I conjured to run at home for consuming the recently releases of UFO files from the US government. This started as a Mac Mini-hosted project that I executed with my OpenClaw over Discord. After showing this to a few friends, I decided to get it online and find a catchy domain. Cloudflare was the perfect hosting choice.<p>There’s a lot of bonkers things out there going on, so I added human curated “Signals” - news, analysis and discussion of UFO and adjacent news. The backlog of signals was informed by the links shared between myself and my first tech boss. We have both seen things that these files help confirm.<p>As part of a reason to bring people back, I asked my assistant to do some digging into the data and come up with “Insights”, a dedicated section on the site that includes the responsible LLM in the byline. There a media pipeline for these insights using Remotion to generate social-media ready videos that I can upload to TT, IG, and YouTube.<p>I built this for fun. Mostly with Ollama-powered GLM 5.1. Runs on Cloudflare Workers, D1, R2. Keyboard navigation within the doc viewer is blazing fast. OpenClaw is my CMS.<p>Eventually, I hope to find some passive revenue through ethical ads if I get enough traffic. I think there is an audience for this. Right now, this is helpful with sharing the WTFs (and psyops) of the world with friends.<p>Hit me up with questions!<p>Stay rad, HN!

[Other] Show HN: Wikigraph – an interactive visualization of all of English Wikipedia Hi! This is a visualization I&#x27;ve always wanted but never quite found. It&#x27;s a navigable map of the Wikipedia link graph structure, with search and shortest-path finding.<p>Offline, I parsed the May 2026 English Wikipedia full-text dump into a directed graph, used cuGraph on a GPU to run PageRank, Leiden clustering, and ForceAtlas2 for the layout. I did some post processing to get rid of lingering overlapping nodes and rendered a tiled map of raster base images (using Skia) and JSON metadata. Tiles are bundled into PMTiles. The frontend is Deck.gl.<p>Everything is hosted on Cloudflare. Search and shortest-path are served by a Rust backend in CF Containers which uses Tantivy and bidirectional BFS.<p>Happy to answer any questions!

[Other] Show HN: Build Your Own AI Agent CLI in 150 Lines I can&#x27;t tell if HN is the right kind of place for this stuff anymore since people are so advanced in their use but I thought it was interesting to leverage my existing Go microservices framework and turn it into the core of what would provide tools for an agent cli or whatever beyond that. Extensibility is key. Thought I&#x27;d share and get a conversation going.

[Other] Apple rejected my dictation app for using the accessibility API

[Testing] Show HN: NUA an agent that tests for product correctness We’ve been using background Claude loops a lot recently, and we would wake up to PRs that didn’t solve the problem we wanted, made on assumptions that were wrong. Furthermore, the tests that the agents wrote were usually tautological, and didn’t test for intent. We wanted an agent that took all the context a company has, and writes tests that check for product correctness as well.<p>For example, we work in reg tech, so bugs aren’t always technical. What we often see is things like insider trading alerts that should’ve fired that didn’t. We wanted an agent that turns laws and regulations into tests.<p>For now, users can upload PDF, MD, TXT, and DOCX files, but we’re planning integrations like Slack, Notion, Linear, and Zoom in the future.<p>We’re early on, so we would love to know what you all think!

[Other] OpenAI frontier models and Codex are now available on AWS

[Other] Alphabet announces $80B equity capital raise to expand AI infra and compute

[Other] Debug Project

[Other] Build a Basic AI Agent from Scratch: Tools

[Package Manager] Show HN: DepsGuard – one command to harden NPM/pnpm/yarn/bun/uv configs I kept seeing every npm&#x2F;pnpm&#x2F;yarn&#x2F;bun&#x2F;uv supply chain post end with the same advice (set a minimum release age, turn off install scripts), and while I know cooldowns are &quot;controversial&quot;, they do work. But even if you convince people that they should set cooldowns, it seems many don&#x27;t end up following through, not sure why, maybe because it means hand-editing five config files in five formats with five different time units, or perhaps the &quot;it won&#x27;t happen to me&quot; syndrome (or &quot;I&#x27;ll do it later, it seems complicated&quot; where it&#x27;s actually very simple). So I created a tool that checks what you have set and fixes it for you. I looked for an existing one first and couldn&#x27;t find it. It started as a small weekend project and turned into a small research project on the nuances of cooldowns across package managers. Not a proof of P vs NP, but a small convenience that can save you and your loved ones from the next supply chain attack. I&#x27;ve raised this in a couple of HN threads since (<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47878158">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47878158</a> and <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=48156360">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=48156360</a>) but never actually did a Show HN for the tool itself.<p>If you know how to edit your ~&#x2F;.npmrc, which settings apply to npm vs pnpm, and which one wants minutes vs days vs seconds, you probably don&#x27;t need this. But if you vibe code and just want a one click fix (or you have a PhD in CS from Stanford, ex-FAANG, started 3 YC companies, now work at Anthropic, and still just want a one click fix), read on.<p>DepsGuard is a single Rust binary, no runtime deps, MIT. Run depsguard and it scans your user-level and repo-level configs, shows a table of what is and isn&#x27;t set, you pick what to change, hit d for the diff, and apply. It writes a timestamped backup first and depsguard restore rolls it back. depsguard scan is read-only if you just want the report.<p>The settings are the simple ones that work: min-release-age &#x2F; minimumReleaseAge (npm, pnpm, yarn, bun, and uv all name it differently and use days vs minutes vs seconds, which is half of why doing this by hand is annoying), ignore-scripts, and on newer pnpm block-exotic-subdeps, trust-policy: no-downgrade, and strict-dep-builds. It also handles Renovate and Dependabot cooldowns.<p>The whole thing is a bet on timing. The malicious @bitwarden&#x2F;cli 2026.4.0 was up ~19 hours and got 334 installs. axios was pulled in ~3h, ua-parser-js in hours, node-ipc in days. A 7-day gate means your installer never resolves any of those, they&#x27;re gone before the window even opens. It does nothing for the slow ones (event-stream sat 2+ months), and it&#x27;s not SCA, it won&#x27;t scan your existing lockfile for known CVEs, that&#x27;s a different layer.<p>Disclosure: I&#x27;m a co-founder and CTO at Arnica (a commercial appsec startup) and built this because putting the same recommendations on each blog post felt like yelling at the clouds. It&#x27;s free and MIT, no account, no telemetry. I&#x27;m also not the only one who had the idea (didn&#x27;t know at the time), cooldowns.dev does the cooldown part across more ecosystems with a shell helper and is worth a look. DepsGuard covers fewer ecosystems but adds the other settings and the diff&#x2F;backup&#x2F;restore flow.<p>If you want to try it: cargo install depsguard, or brew&#x2F;apt&#x2F;winget&#x2F;scoop, all in the README.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;arnica&#x2F;depsguard" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;arnica&#x2F;depsguard</a> (full settings table and FAQ at depsguard.com)<p>Is this an overkill that could have been a shell script? Probably yes (but I wanted windows support, why not).<p>Did it save someone from a supply chain attack? Also probably yes.<p>Do I know personally someone that without it wouldn&#x27;t have bothered changing their settings after repeatedly asking, but eventually did it when I gave them depsguard? Absolutely yes.

[Testing] Show HN: A desktop app for manual QA testing and evidence gathering

[Other] Malicious npm packages detected across Red Hat Cloud Services

[Database] Show HN: Prela – Purely Algebraic Relation Combinators Prela is an embedded query language based on Tarski&#x27;s Algebra of Relations. Its queries are concise, clear, and fast. It is implemented by shallow embedding in a host programming language: Prela operators are regular functions in the host. The implementation follows continuation-passing style which compiles to efficient columnar execution.

[Other] Announcing Zstandard in Rust