🛠️ All DevTools

[Other] Days since last GitHub incident

[CLI Tool] Show HN: Chess-TUI Play Lichess games in your terminal (Rust) Hi HN, I’ve released a new version of chess-tui, a Rust terminal UI for playing live games against Lichess opponents.<p>The update includes a cleaner TUI, better performance, improved keybindings, and smoother real-time integration with the Lichess API. It’s designed as a simple, fast way to play chess without leaving the terminal.<p>Repo:<a href="https:&#x2F;&#x2F;github.com&#x2F;thomas-mauran&#x2F;chess-tui" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;thomas-mauran&#x2F;chess-tui</a><p>Feedback and bug reports are welcome. Happy to answer questions!

[DevOps] Ship AI Agents to Google Cloud in minutes, not months. Production-ready templates with built-in CI/CD, evaluation, and observability.

[DevOps] Show HN: Titan – JavaScript-first framework that compiles into a Rust server Hi HN,<p>I built Titan, a backend framework where you write routes and logic in JavaScript, and the CLI compiles everything into a single Rust + Axum binary using the Boa JS engine. No Node.js is required in production.<p>The idea is to keep JS developer experience while getting Rust performance and a self-contained deployable server.<p>Current features:<p>JS route DSL<p>Action system mapped to Rust<p>esbuild bundling<p>Generated Rust server with Axum<p>Hot-reload dev server<p>Single-binary output<p>Repo: <a href="https:&#x2F;&#x2F;github.com&#x2F;ezet-galaxy&#x2F;-ezetgalaxy-titan" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;ezet-galaxy&#x2F;-ezetgalaxy-titan</a><p>Would love feedback on the architecture, DX, and whether this hybrid JS→Rust approach is useful.<p>Thanks for reading!

[API/SDK] A modern data client for React & tRPC fate is a modern data client for React and tRPC inspired by Relay and GraphQL. It combines view composition, normalized caching, data masking, Async React features, and tRPC's type safety. fate is designed to make data fetching and state management in React applications more composable, declarative, and predictable. The framework has a minimal API, no DSL, and no magic—it's just JavaScript.

[CLI Tool] State-of-the-art Devstral 2: 123B-parameter open-source coding model achieving 72.2% on SWE-bench Verified. Mistral Vibe CLI: Native coding assistant solving software engineering tasks.

[Other] All-in-one local data converter. Many tools, 100% privacy. Free, secure, and privacy-focused developer tools. Convert CSV, JSON, SQL, YAML, and contacts locally in your browser. No server-side processing.

[DevOps] Debugging TLS failures in distroless containers

[Other] Useful patterns for building HTML tools

[Other] Show HN: Cupcake – Better performance and security for coding agents (via OPA) We&#x27;re releasing early efforts on coding agent governance with Cupcake [1] - an open-source policy enforcement layer with native integrations. You write rules in policy-as-code (OPA&#x2F;Rego), and Cupcake integrates them into the agent runtime via Hooks.<p>See it in action (Desktop only): <a href="https:&#x2F;&#x2F;cupcake-policy-studio.vercel.app&#x2F;example-policies&#x2F;security&#x2F;protecting-paths?harness=claude-code&amp;format=rego" rel="nofollow">https:&#x2F;&#x2F;cupcake-policy-studio.vercel.app&#x2F;example-policies&#x2F;se...</a><p>Help us build: <a href="https:&#x2F;&#x2F;github.com&#x2F;eqtylab&#x2F;cupcake" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;eqtylab&#x2F;cupcake</a><p>We are EQTY Lab, our mission is verifiable AI (identity, provenance, and governance). With the rise of capable agents like Claude Code, it became immediately clear that those deploying these agents need the ability to conduct their own alignment and safety controls. We can’t rely solely on the frontier labs.<p>This is why we created the feature request for Hooks in Claude Code [2], and pivoted away from filesystem and OS-level monitoring once those hooks were implemented. Hooks provide the critical points we need:<p>* Evaluation: Checking agent intent and actions.<p>* Prevention: Stopping unsafe or unwanted actions.<p>* Modification: Adjusting the agent&#x27;s output before execution.<p>Policy-as-Code with OPA&#x2F;Rego - While many agent security papers suggest similar policy architectures using invented DSLs, Cupcake is fundamentally built on Open Policy Agent (OPA) and its policy language, Rego [3].<p>We chose Rego because it is:<p>* Industry-Robust: Widely adopted across enterprise DevSecOps and cloud-native environments.<p>* Purpose-Built: Offers unique, mature advantages for defining, managing, and enforcing policy as code.<p>* Enterprise-Oriented: This makes Cupcake compatible with existing enterprise governance frameworks.<p>Cupcake is released under the Apache-2.0 license. We will formalize a path to v1.0.0 in Q1 of 2026. This is an early preview version. The goal with Cupcake is not suppression, but to ensure an agent is able to drive fast without crashing. To collaborate, or join forces: ramos at eqtylab dot io.<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;eqtylab&#x2F;cupcake" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;eqtylab&#x2F;cupcake</a><p>[2] <a href="https:&#x2F;&#x2F;github.com&#x2F;anthropics&#x2F;claude-code&#x2F;issues&#x2F;712" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;anthropics&#x2F;claude-code&#x2F;issues&#x2F;712</a><p>[3] <a href="https:&#x2F;&#x2F;www.openpolicyagent.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.openpolicyagent.org&#x2F;</a>

[Other] Show HN: Wirebrowser – A JavaScript debugger with breakpoint-driven heap search Hi HN!<p>I&#x27;m building a JavaScript debugger called Wirebrowser. It combines network inspection, request rewriting, heap snapshots, and live object search.<p>The main experimental feature is BDHS (Breakpoint-Driven Heap Search): it hooks into the JavaScript debugger and automatically captures a heap snapshot at every pause and performs a targeted search for the value or structure of interest. This reveals the moment a value appears in memory and the user-land function responsible for creating it.<p>Another interesting feature is the Live Object Search: it inspects runtime objects (not just snapshots), supports regex and object similarity, and lets you patch objects directly at runtime.<p>Whitepaper: <a href="https:&#x2F;&#x2F;fcavallarin.github.io&#x2F;wirebrowser&#x2F;BDHS-Origin-Trace" rel="nofollow">https:&#x2F;&#x2F;fcavallarin.github.io&#x2F;wirebrowser&#x2F;BDHS-Origin-Trace</a><p>Feedback very welcome, especially on whether BDHS would help your debugging workflow.

[Other] AI that finds and fixes security bugs in your code GitSafe is your AI security co-pilot: connect your GitHub repo, and it’ll scan your code for real risks like data leaks or injection bugs, then explain them like a teammate, and even fix for you. No jargon, no false alarms. Just faster, safer shipping.

[IDE/Editor] Own your code Vishwa is an open-source AI-powered terminal coding assistant with VS Code integration for smart diffs and autocomplete. Built for developers who want intelligent code assistance without breaking the bank

[Other] Clean,predictable slug generation for modern TypeScript apps sluggit is a lightweight, TypeScript-native utility for generating clean, predictable, SEO-friendly slugs. It removes emojis, accents, and special characters while giving you full control over separators, casing, and custom replacements. With no dependencies and consistent output, it’s ideal for blogs, CMS platforms, APIs, and any project that needs reliable URL-safe strings. Try it and share your feedback.

[Other] Show HN: Fate, a new data framework for React and tRPC, inspired by Relay

[API/SDK] Show HN: Durable Streams – Kafka-style semantics for client streaming over HTTP Hey, I&#x27;m a co-founder at ElectricSQL. Durable Streams is the delivery protocol underneath our Postgres sync engine—we&#x27;ve been refining it in production for 18 months.<p>The core idea: streams get their own URL and use opaque, monotonic offsets. Clients persist the last offset they processed and resume with &quot;give me everything after X.&quot; No server-side session state, CDN-cacheable, plain HTTP.<p>We kept seeing teams reinvent this for AI token streaming and real-time apps, so we&#x27;re standardizing it as a standalone protocol.<p>The repo has a reference Node.js server and TypeScript client. Would love to see implementations in other languages—there&#x27;s a conformance test suite to validate compatibility.<p>Happy to dig into the design tradeoffs—why plain HTTP over WebSockets, etc.

[Other] Show HN: Detail, a Bug Finder Hi HN, tl;dr we built a bug finder that&#x27;s working really well, especially for app backends. Try it out and send us your thoughts!<p>Long story below.<p>--------------------------<p>We originally set out to work on technical debt. We had all seen codebases with a lot of debt, so we had personal grudges about the problem, and AI seemed to be making it a lot worse.<p>Tech debt also seemed like a great problem for AI because: 1) a small portion of the work is thinky and strategic, and then the bulk of the execution is pretty mechanical, and 2) when you&#x27;re solving technical debt, you&#x27;re usually trying to preserve existing behavior, just change the implementation. That means you can treat it as a closed-loop problem if you figure out good ways to detect unintended behavior changes due to a code change. And we know how to do that – that&#x27;s what tests are for!<p>So we started with writing tests. Tests create the guardrails that make future code changes safer. Our thinking was: if we can test well enough, we can automate a lot of other tech debt work at very high quality.<p>We built an agent that could write thousands of new tests for a typical codebase, most &quot;merge-quality&quot;. Some early users merged hundreds of PRs generated this way, but intuitively the tool always felt &quot;good but not great&quot;. We used it sporadically ourselves, and it usually felt like a chore.<p>Around this point we realized: while we had set out to write good tests, we had built a system that, with a few tweaks, might be very good at finding bugs. When we tested it out on some friends&#x27; codebases, we discovered that almost every repo has tons of bugs lurking in it that we were able to flag. Serious bugs, interesting enough that people dropped what they were doing to fix them. Sitting right there in peoples codebases, already merged, running in prod.<p>We also found a lot of vulns, even in mature codebases, and sometimes even right after someone had gotten a pentest.<p>Under the hood: - We check out a codebase and figure out how to build it for local dev and exercise it with tests. - We take snapshots of the built local dev state. (We use Runloop for this and are big fans.) - We spin up hundreds of copies of the local dev environment to exercise the codebase in thousands of ways and flag behaviors that seem wrong. - We pick the most salient, scary examples and deliver them as linear tickets, github issues, or emails.<p>In practice, it&#x27;s working pretty well. We&#x27;ve been able to find bugs in everything from compilers to trading platforms (even in rust code), but the sweet spot is app backends.<p>Our approach trades compute for quality. Our codebase scans take hours, far beyond what would be practical for a code review bot. But the result is that we can make more judicious use of engineers’ attention, and we think that’s going to be the most important variable.<p>Longer term, we think compute is cheap, engineer attention is expensive. Wielded properly, the newest models can execute complicated changes, even in large codebases. That means the limiting reagent in building software is human attention. It still takes time and focus for an engineer to ingest information, e.g. existing code, organizational context, and product requirements. These are all necessary before an engineer can articulate what they want in precise terms and do a competent job reviewing the resulting diff.<p>For now we&#x27;re finding bugs, but the techniques we&#x27;re developing extend to a lot of other background, semi-proactive work to improve codebases.<p>Try it out and tell us what you think. Free first scan, no credit card required: <a href="https:&#x2F;&#x2F;detail.dev&#x2F;" rel="nofollow">https:&#x2F;&#x2F;detail.dev&#x2F;</a><p>We&#x27;re also scanning on OSS repos, if you have any requests. The system is pretty high signal-to-noise, but we don&#x27;t want to risk annoying maintainers by automatically opening issues, so if you request a scan for an OSS repo the results will go to you personally. <a href="https:&#x2F;&#x2F;detail.dev&#x2F;oss" rel="nofollow">https:&#x2F;&#x2F;detail.dev&#x2F;oss</a>

[IDE/Editor] Show HN: I got tired of switching AI tools, so I built an IDE with 11 of them Each AI has strengths - Claude reasons well, Gemini handles long context, Codex integrates with GitHub. But switching between them means losing context.<p>Built HiveTechs: one workspace where Claude Code, Gemini CLI, Codex, DROID, and 7 others run in integrated terminals with shared memory.<p>Also added consensus validation - 3 AIs analyze independently, 4th synthesizes.<p>Real IDE with Monaco editor, Git, PTY terminals. Not a wrapper.<p>Looking for feedback: hivetechs.io

[Other] Mistral Releases Devstral 2 (72.2% SWE-Bench Verified) and Vibe CLI

[API/SDK] Fate: A modern data client for React and tRPC