Back to All Tools

Show HN: Tangent – Security log pipeline powered by WASM

Hacker News (score: 11)
Visit Tool
Found: November 20, 2025
ID: 2456

Description

Other
Show HN: Tangent – Security log pipeline powered by WASM Hi HN! We’re Ethan and Danny, the authors of Tangent (https://github.com/telophasehq/tangent), a Rust-based log pipeline where all normalization, enrichment, and detection logic runs as WASM plugins.

We kept seeing the same problems in the OCSF (https://ocsf.io) community: 1) Schemas change constantly. Large companies have whole teams dedicated to keeping vendor→OCSF mappings up to date. 2) There’s no shared library of mappings, so everyone recreates the same work. 3) Writing mappers is tedious, repetitive work. 4) Most pipelines use proprietary DSLs that are hard to share and hard for tools/LLMs to generate.

Tangent takes a different approach: no DSLs – mappings and enrichments are just normal code compiled to WASM, shareable plugins – we maintain a community library (https://github.com/telophasehq/tangent-plugins), interoperability – we can run other engines’ DSLs (e.g., Bloblang) inside WASM for easy migration, full flexibility – plugins can validate schemas, call external APIs (https://github.com/telophasehq/tangent/blob/main/examples/en...), or perform complex transforms (https://github.com/telophasehq/tangent-plugins/blob/main/zee...).

Here's an example Python transformation plugin to drop all fields from a log except `message`:

  import json
  
  from typing import List
  
  from wit_world.imports import log
  
  # `log.Logview` is Tangent's zero-copy JSON accessor type.
  
  def process_logs(self, logs: List[log.Logview]) -> bytes:
  
      out = bytearray()
  
      for lv in logs:
  
          msg = lv.get("msg")
  
          value = msg.value if msg is not None else ""
  
          out.extend(json.dumps({"message": value}).encode() + b"\n")
  
      return bytes(out)
We have plenty more examples in the repo.

Because plugins are just Go/Python/Rust, LLMs can create new mappers with ease. For example, I asked:

  Generate a mapper from AWS Security Hub Finding to OCSF
and only had to make a few minor tweaks. (https://github.com/telophasehq/tangent-plugins/blob/main/aws...)

Performance-wise, a 16-core Amazon Linux box processes ~480 MB/s end-to-end (TCP → Rust-WASM transform → sink) on ~100-byte JSON logs. The CLI includes tooling to scaffold, test, and benchmark plugins locally. Here's a deep dive into how we are able to get this performance: https://docs.telophasehq.com/runtime.

We’d love to get your feedback! What do you think?

More from Hacker

Bare metal programming with RISC-V guide (2023)

Bare metal programming with RISC-V guide (2023)

Fly's Sprites.dev addresses dev environment sandboxes and API sandboxes together

Fly's Sprites.dev addresses dev environment sandboxes and API sandboxes together

Show HN: FP-pack – Functional pipelines in TypeScript without monads

Show HN: FP-pack – Functional pipelines in TypeScript without monads Hi HN,<p>I built fp-pack, a small TypeScript functional utility library focused on pipe-first composition.<p>The goal is to keep pipelines simple and readable, while still supporting early exits and side effects — without introducing monads like Option or Either.<p>Most code uses plain pipe&#x2F;pipeAsync. For the few cases that need early termination, fp-pack provides a SideEffect-based pipeline that short-circuits safely.<p>I also wrote an “AI agent skills” document to help LLMs generate consistent fp-pack-style code.<p>Feedback, criticism, or questions are very welcome.

Show HN: HN Sentiment API – I ranked tech CEOs by how much you hate them

Show HN: HN Sentiment API – I ranked tech CEOs by how much you hate them I built an API that extracts entities from Hacker News comments and classifies sentiment towards them as positive, negative, or neutral. It also classifies overall comment sentiment and assigns each entity a label (person, location, date, technology, organization, other).<p>505k+ comments, Oct 31 - Present.<p>Here&#x27;s the leaderboard:<p>LOVED:<p>- Steve Jobs: 44% positive, 7% negative<p>- Linus Torvalds: 43% positive, 5% negative<p>- Gabe Newell: 34% positive, 8% negative<p>MID:<p>- Bill Gates: 22% positive, 8% negative<p>- Tim Cook: 15% positive, 30% negative<p>- Bezos: 12% positive, 18% negative<p>HATED:<p>- Zuckerberg: 4% positive, 35% negative<p>- Sam Altman: 8% positive, 38% negative<p>- Musk: 5% positive, 45% negative<p>Try it yourself:<p># Who does HN talk about the most?<p>curl &quot;<a href="https:&#x2F;&#x2F;api.hnpulse.com&#x2F;entities?label=person&amp;sort=mentions" rel="nofollow">https:&#x2F;&#x2F;api.hnpulse.com&#x2F;entities?label=person&amp;sort=mentions</a>&quot;<p># What are people saying about remote work?<p>curl &quot;<a href="https:&#x2F;&#x2F;api.hnpulse.com&#x2F;comments?entity=remote" rel="nofollow">https:&#x2F;&#x2F;api.hnpulse.com&#x2F;comments?entity=remote</a> work&amp;limit=3&quot;<p># Is OpenAI&#x27;s reputation getting worse?<p>curl &quot;<a href="https:&#x2F;&#x2F;api.hnpulse.com&#x2F;trends?entity=openai&amp;bucket=day" rel="nofollow">https:&#x2F;&#x2F;api.hnpulse.com&#x2F;trends?entity=openai&amp;bucket=day</a>&quot;<p># What technology gets mentioned alongside SF?<p>curl &quot;<a href="https:&#x2F;&#x2F;api.hnpulse.com&#x2F;entities?co-occur=SF&amp;label=technology&amp;sort=mentions" rel="nofollow">https:&#x2F;&#x2F;api.hnpulse.com&#x2F;entities?co-occur=SF&amp;label=technolog...</a>&quot;<p>Stack: Go, PostgreSQL, GPT-4o mini for entity extraction<p>Docs: <a href="https:&#x2F;&#x2F;docs.hnpulse.com" rel="nofollow">https:&#x2F;&#x2F;docs.hnpulse.com</a> API: <a href="https:&#x2F;&#x2F;api.hnpulse.com" rel="nofollow">https:&#x2F;&#x2F;api.hnpulse.com</a>

No other tools from this source yet.