🛠️ Hacker News Tools

[Other] Over-editing refers to a model modifying code beyond what is necessary

[Other] We found a stable Firefox identifier linking all your private Tor identities

[Other] Show HN: Agent Vault – Open-source credential proxy and vault for agents Hey HN! Today we&#x27;re launching Agent Vault - an open source HTTP credential proxy and vault for AI agents. Repo is at <a href="https:&#x2F;&#x2F;github.com&#x2F;Infisical&#x2F;agent-vault" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Infisical&#x2F;agent-vault</a>, and there&#x27;s an in-depth description at <a href="https:&#x2F;&#x2F;infisical.com&#x2F;blog&#x2F;agent-vault-the-open-source-credential-proxy-and-vault-for-agents">https:&#x2F;&#x2F;infisical.com&#x2F;blog&#x2F;agent-vault-the-open-source-crede...</a>.<p>We built Agent Vault in response to a question that been plaguing the industry: How do we give agents secure access to services without them reading any secrets?<p>Most teams building agents have run into this exact problem: They build an agent or agentic system and come to realize at some point that it needs credentials in order to access any services. The issue is that agents, unlike traditional workloads, are non-deterministic, highly-prone to prompt injection, and thus can easily be manipulated to leaking the credentials that they need to operate. This is the problem of credential exfiltration (not to be confused with data exfiltration).<p>In response to this, some teams we&#x27;ve seen have implemented basic guardrails and security controls to mitigate this risk in their agentic environments including using short-lived access tokens. The more advanced teams have started to converge toward a pattern: credential brokering, the idea being to separate agents from their credentials through some form of egress proxy. In this model, the agent makes a request to a proxy that attaches a credential onto it and brokers it through to the target service. This proxy approach is actually used in Anthropic&#x27;s Managed Agents architecture blog with it being that &quot;the harness is never made aware of the credentials.&quot; We&#x27;ve seen similar credential brokering schemes come out from Vercel and in Cloudflare&#x27;s latest Outbound Workers.<p>Seeing all this made us think: What if we could create a portable credential brokering service plugged seamlessly into agents&#x27; existing workflows in an interface agnostic way, meaning that agents could continue to work with APIs, CLIs, SDKs, MCPs without interference and get the security of credential brokering.<p>This led to Agent Vault - an open source HTTP credential proxy and vault that we&#x27;re building for AI agents. You can deploy this as a dedicated service and set up your agent&#x27;s environment to proxy requests through it. Note that in a full deployment, you do need to lock down the network so that all outbound traffic is forced through Agent Vault<p>The Agent Vault (AV) implementation has a few interesting design decisions:<p>- Local Forward Proxy: AV chooses an interface agnostic approach to credential brokering by following a MITM architecture using HTTPS_PROXY as an environment variable set in the agent&#x27;s environment to redirect traffic through it; this also means that it runs its own CA whose certificate must be configured on the client&#x27;s trust store.<p>- MITM architecture: Since AV terminates TLS in order to do credential brokering its able to inspect traffic and apply rules to it before establishing a new TLS connection upstream. This makes it a great to be able to extend AV to incorporate firewall-like features to be applied at this proxy layer.<p>- Portable: AV itself is a single Go binary that bundles a server and the CLI; it can be deployed as a Docker container as well. In practice, this means that you can self-host AV on your own infrastructure and it should work more universally than provider specific approaches like that of Vercel and Cloudflare.<p>While the preliminary design of Agent Vault is a bit clunky to work with and we’d wished to have more time to smoothen the developer experience around it, particularly around the configuration setup for agents to start proxying requests through it, we figured it would be best to open source the technology and work with the community to make gradual improvements for it to work seamlessly across all agentic use cases since each has its own nuances.<p>All in all, we believe credential brokering is the right next step for how secrets management should be done for agents and would love to hear your views, questions, feedback!

[CLI Tool] Show HN: ShellTalk brings deterministic text-to-bash Hi HN! I built a CLI tool called ShellTalk for macOS, Linux, and web (WebAssembly) that maps English text to the corresponding Bash commands.<p>ShellTalk is written in Swift and available under the Apache 2.0 license on GitHub. I was inspired a few weeks ago after reading the Meta-Harness paper and seeing a tool called Hunch that did something similar using the Apple Foundation model. I often forget flag names and orders, but I wanted something that worked consistently. The 3B AFM worked surprisingly well with Hunch, but it felt slow and sometimes slight changes in what I wrote would result in very different outputs.<p>ShellTalk attempts to match the input with an intent category (Git, File I&#x2F;O, etc), then a template, and finally to slot-fill and adapt to the specific command version and BSD vs GNU syntax. It has a few other tricks including using NSSpellChecker on macOS to auto-correct certain typos, and scores the output on safety (i.e. is the action destructive or non-reversible).<p>It&#x27;s clearly far from perfect, but has very tight testing and validation cycles compared to using an LLM, is very portable, and might eventually work in other languages or environments like Windows. I&#x27;m curious to hear what others think.

[DevOps] Show HN: Broccoli, one shot coding agent on the cloud Hi HN — we built Broccoli, an open-source harness for taking coding tasks from Linear, running them in isolated cloud sandboxes, and opening PRs for a human to review.<p>We’re a small team, and our main company supplies voice data. But we kept running into the same problem with coding agents. We’d have a feature request, a refactor, a bug, and some internal tooling work all happening at once, and managing that through local agent sessions meant a lot of context switching, worktree juggling, and laptops left open just so tasks could keep running.<p>So we built Broccoli. Each task gets its own cloud sandbox to be executed end to end independently. Broccoli checks out the repo, uses the context in the ticket, works through an implementation, runs tests and review loops, and opens a PR for someone on the team to inspect.<p>Over the last four weeks, 100% of the PRs from non-developers are shipped via Broccoli, which is a safer and more efficient route. For developers on the team, this share is around 60%. More complicated features require more back and forth design with Codex &#x2F; Claude Code and get shipped manually using the same set of skills locally.<p>Our implementation uses:<p>1. Webhook deployment: GCP 2. Sandbox: GCP or Blaxel 3. Project management: Linear 4. Code hosting &amp; CI&#x2F;CD: Github<p>Repo: <a href="https:&#x2F;&#x2F;github.com&#x2F;besimple-oss&#x2F;broccoli" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;besimple-oss&#x2F;broccoli</a><p>We believe that if you should invest in your own coding harness if coding is an essential part of your business. That’s why we decided to open-source it as an alternative to all the cloud coding agents out there. Would love to hear your feedback on this!

[Database] DuckDB 1.5.2 – SQL database that runs on laptop, server, in the browser

[Other] Qwen3.6-27B: Flagship-Level Coding in a 27B Dense Model

[Other] Our eighth generation TPUs: two chips for the agentic era <a href="https:&#x2F;&#x2F;cloud.google.com&#x2F;blog&#x2F;products&#x2F;compute&#x2F;tpu-8t-and-tpu-8i-technical-deep-dive" rel="nofollow">https:&#x2F;&#x2F;cloud.google.com&#x2F;blog&#x2F;products&#x2F;compute&#x2F;tpu-8t-and-tp...</a>

[CLI Tool] GitHub CLI now collects pseudoanonymous telemetry

[Other] Kernel code removals driven by LLM-created security reports

[Other] Show HN: Gemini Plugin for Claude Code I built a plugin that lets Claude Code delegate work to Gemini CLI.<p>I started this after finding myself reaching for Gemini more often on long context repo work. I have been especially liking Gemini’s codebaseinvestigator for long context.<p>This is inspired by openai&#x2F;codex-plugin-cc.<p>Code Review, adversarial review. Under the hood its Gemini CLI over ACP<p>Would love feedback from people using Claude Code, Gemini CLI, or ACP. I am especially curious whether this feels useful outside my own workflow.<p>Its a great combo with Opus 4.7 + Gemini 3.1 workflows

[Other] Show HN: Open Chronicle – Local Screen Memory for Claude Code and Codex CLI I built an open source version of OpenAI Chronicle.<p>Some design decisions I made:<p>1. Local first: OCR uses Apple Vision, summarization supports local AI providers via Vercel AI SDK. Nothing leaves your computer. 2. Multiple Provider: exposes MCP so any coding agents can use it. 3. Swift menubar app: efficient, low-footprint 4. Blacklist apps: password managers, messaging apps (Slack, WhatsApp, Messenger), mail clients are on default blocklist.<p>Current Limitations: 1. Mac only. Mac-first is a feature. 2. Small local models with weak structured-output support will fail on generateObject. 3. Retrieval is LIKE-query keyword search. FTS and optional embeddings are on the list.<p>Demo video (6s): <a href="https:&#x2F;&#x2F;youtu.be&#x2F;V75tnvIdovc" rel="nofollow">https:&#x2F;&#x2F;youtu.be&#x2F;V75tnvIdovc</a><p>Curious what you think the right balance between exclusionlist allowlists. Happy to answer anything.

[Other] Show HN: MemFactory: Unified Inference and Training Framework for Agent Memory Memory-augmented Large Language Models (LLMs) are essential for developing capable, long-term AI agents. Recently, applying Reinforcement Learning (RL) to optimize memory operations, such as extraction, updating, and retrieval, has emerged as a highly promising research direction. However, existing implementations remain highly fragmented and task-specific, lacking a unified infrastructure to streamline the integration, training, and evaluation of these complex pipelines. To address this gap, we present MemFactory, the first unified, highly modular training and inference framework specifically designed for memory-augmented agents. Inspired by the success of unified fine-tuning frameworks like LLaMA-Factory, MemFactory abstracts the memory lifecycle into atomic, plug-and-play components, enabling researchers to seamlessly construct custom memory agents via a &quot;Lego-like&quot; architecture. Furthermore, the framework natively integrates Group Relative Policy Optimization (GRPO) to fine-tune internal memory management policies driven by multi-dimensional environmental rewards. MemFactory provides out-of-the-box support for recent cutting-edge paradigms, including Memory-R1, RMM, and MemAgent. We empirically validate MemFactory on the open-source MemAgent architecture using its publicly available training and evaluation data. Across the evaluation sets, MemFactory improves performance over the corresponding base models on average, with relative gains of up to 14.8%. By providing a standardized, extensible, and easy-to-use infrastructure, MemFactory significantly lowers the barrier to entry, paving the way for future innovations in memory-driven AI agents.

[CLI Tool] Show HN: gcx – The Official Grafana Cloud CLI Hi HN,<p>We’re excited to share gcx, a new CLI we’ve been building for Grafana Cloud.<p>With the rise of agentic coding tools like Claude Code and Codex we&#x27;re building faster than ever, but these agents are often blind to what’s actually happening in production.<p>gcx brings the full power of Grafana Cloud observability to your terminal. Query production. Investigate alerts. Let the Assistant root-cause issues. Ship fixes with observability built in. Without leaving your editor. gcx also comes packaged with a skills bundle that allow agents to see and act on your production telemetry. You can ask an agent to root-cause a latency spike, and it can actually fetch the telemetry, analyze the spans, and suggest a fix—all while having the full context of your codebase.<p>Do check it out and give us feedback!<p>Github link: <a href="https:&#x2F;&#x2F;github.com&#x2F;grafana&#x2F;gcx" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;grafana&#x2F;gcx</a>

[Other] Show HN: Almanac MCP, turn Claude Code into a Deep Research agent I am Rohan, and I have grown really frustrated with CC&#x27;s search and read tools. They use Haiku to summarise all the search results, so it is really slow and often ends up being very lossy.<p>I built this MCP that you can install into your coding agents so they can actually access the web properly.<p>Right now it can:<p>- search the general web<p>- search Reddit<p>- read and scrape basically any webpage<p>Install it:<p>npx openalmanac setup<p>The MCP is completely free to use. We have also built a central store where you can contribute things you learned while exploring. If you find something useful, you can contribute it to the encyclopedia we&#x27;re building at Almanac using the same MCP.

[Other] Claude Code to be removed from Anthropic's Pro plan? <a href="https:&#x2F;&#x2F;x.com&#x2F;TheAmolAvasare&#x2F;status&#x2F;2046725498592722972" rel="nofollow">https:&#x2F;&#x2F;x.com&#x2F;TheAmolAvasare&#x2F;status&#x2F;2046725498592722972</a><p><a href="https:&#x2F;&#x2F;xcancel.com&#x2F;TheAmolAvasare&#x2F;status&#x2F;2046725498592722972" rel="nofollow">https:&#x2F;&#x2F;xcancel.com&#x2F;TheAmolAvasare&#x2F;status&#x2F;204672549859272297...</a>

[Other] Zindex – Diagram Infrastructure for Agents

[CLI Tool] Show HN: FMQL – graph query and bulk-edit CLI for Markdown and YAML frontmatter

[Other] ChatGPT Images 2.0 Livestream: <a href="https:&#x2F;&#x2F;openai.com&#x2F;live&#x2F;" rel="nofollow">https:&#x2F;&#x2F;openai.com&#x2F;live&#x2F;</a><p>System card: <a href="https:&#x2F;&#x2F;deploymentsafety.openai.com&#x2F;chatgpt-images-2-0&#x2F;chatgpt-images-2-0.pdf" rel="nofollow">https:&#x2F;&#x2F;deploymentsafety.openai.com&#x2F;chatgpt-images-2-0&#x2F;chatg...</a>

[CLI Tool] Show HN: Hydra – Never stop coding when your AI CLI hits a rate limit I built Hydra because I kept losing my flow when Claude Code hit usage limits mid-task. I would copy context, open another tool, and then re-explain everything. This would be super annoying for me.<p>Hydra wraps your AI coding CLIs (Claude Code, Codex, OpenCode, Pi, or any terminal-based tool) in a single command. It monitors terminal output for rate limit patterns, and when one provider runs out, you switch to another with one keypress. Your conversation history, git diff, and recent commits are automatically copied to your clipboard so you can paste and keep going.<p>The fallback chain is configurable. Mine goes Claude Code → OpenCode (free Gemini) → Codex → Pi (free Gemini). The free tiers alone give you ~3000 requests&#x2F;day, so even after burning through paid limits you can keep working.<p>Key details: Full PTY passthrough you see the exact same TUI as running the CLI directly hydra switch from another terminal signals ALL running sessions (rate limits are account-wide) Context extraction parses Claude Code&#x27;s JSONL session files for real conversation history, not just recent output Any CLI that runs in a terminal works as a provider Single Go binary, ~200 lines of core logic<p><a href="https:&#x2F;&#x2F;github.com&#x2F;saadnvd1&#x2F;hydra" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;saadnvd1&#x2F;hydra</a><p>Nothing amazing, but wanted to share with others in case it&#x27;s useful. Feel free to modify it as you see fit.