Unikernel Guide: Build and Deploy Lightweight, Secure Apps

Show HN: Spotilyrics – See synchronized Spotify lyrics inside VS Code

Show HN: FilterQL – A tiny query language for filtering structured data

Show HN: FilterQL – A tiny query language for filtering structured data Hey all, I just released v2.0.0 of FilterQL, a query language and TypeScript library. This version adds support for Operations, which allow you to transform the data after filtering.If you think this would be useful in a project you're working on, give it a try and let me know what you think!

Show HN: MCP Security Suite

Show HN: MCP Security Suite Hi HN!We kept seeing devs get pwned through MCP tools in ways that security scanners completely miss. So we built an open-source analyzer to catch these attacks. Our first OSS by Mighty team.The problem: At Defcon, we saw MCP exploits with 100% success rate against Claude and Llama. Three attack patterns:Hidden Unicode in "error messages" - Paste a colleague's error into Claude, your SSH keys get exfiltrated Trusted tool updates - That database tool you've used for months? Last week's update added credential theft Tool redefinition - Malicious tool redefines "deploy to prod" to run attacker's scriptTraditional scanners (CodeQL, SonarQube) catch <15% of these. They're looking for SQLi, not prompt injections hidden in tool descriptions.What we built: git clone <a href="https://github.com/NineSunsInc/mighty-security" rel="nofollow">https://github.com/NineSunsInc/mighty-security</a>python analyzers/comprehensive_mcp_analyzer.py /path/to/your/mcp/toolScans for prompt injection, credential exfil, suspicious updates, tool shadowing. Runtime wrapper adds <10ms overhead. Fully local, no telemetry.Why this matters: 43% of MCP tools have command injection vulns. GitHub's own MCP server was exploitable. We found Fortune 500s running database-connected MCP tools that hadn't been audited since installation. We went from paranoid code review to "AI said it works" in 18 months. The magic is real, but so are the vulnerabilities.Demo: <a href="https://www.loom.com/share/e830c56d39254a788776358c5b03fdc3" rel="nofollow">https://www.loom.com/share/e830c56d39254a788776358c5b03fdc3</a>GitHub: <a href="https://github.com/NineSunsInc/mighty-security" rel="nofollow">https://github.com/NineSunsInc/mighty-security</a>Would love feedback - what MCP security issues have you seen?

Show HN: Stagewise (YC S25) – Front end coding agent for existing codebases

Show HN: Stagewise (YC S25) – Front end coding agent for existing codebases Hey HN, we're Julian and Glenn, and we're building stagewise (<a href="https://stagewise.io">https://stagewise.io</a>), a frontend coding agent that lives inside your browser on localhost and operates on local codebases.You can spawn the agent into locally running web apps in dev mode with `npx stagewise` from the project root. The agent lets you then click on HTML Elements in your app, enter prompts like 'increase the height here' and will implement the changes in your source code.Before stagewise, we were building a vertical SaaS for logistics from scratch and loved using prototyping tools like v0 or lovable to get to the first version. But when switching from v0/ lovable to Cursor for local development, we felt like the frontend magic was gone. So, we decided to build stagewise to bring that same magic to local development.The first version of stagewise just forwarded a prompt with browser context to existing IDEs and agents (Cursor, Cline, ..) and went viral on X after we open sourced it. However, the APIs of existing coding agents were very limiting, so we figured that building our own agent would unlock the full potential of stagewise.Here's how it works: When you run `npx stagewise`, our cli proxies your running web application in dev mode and injects a toolbar containing the coding agent on top of it. Each prompt you send will be enriched with browser context and sent to our cli, which will call our backend and modify the source code of your local codebase accordingly.Here's a demo of our agent changing the login UI of Cal.com, a popular open-source meeting scheduling app: <a href="https://www.youtube.com/watch?v=BkDcAozK9L4" rel="nofollow">https://www.youtube.com/watch?v=BkDcAozK9L4</a>.So far, we've seen great adoption from non-technical users who wanted to continue building their lovable prototype locally. We personally use the agent almost daily to make changes to our landing page and to build the UI of new features on our console (<a href="https://console.stagewise.io">https://console.stagewise.io</a>).If you have an app running in dev mode, simply `cd` into the app directory and run `npx stagewise` - the agent should appear, ready to play with.We're very excited to hear your feedback!

Show HN: NaturalCron – Human-Readable Scheduling for .NET (With Fluent Builder)

Show HN: NaturalCron – Human-Readable Scheduling for .NET (With Fluent Builder) Hi HN!I built NaturalCron because I was tired of writing and debugging CRON syntax like:/5 * * 5Now you can write something human-readable in .NET:var expression = new NaturalCronExpression("every 5 minutes on friday");Or use a Fluent Builder for strong typing and IDE support:var expression = NaturalCronExpressionBuilder .Every().Minutes(5) .On(DayOfWeek.Friday) .Build();Great for: - Code-based scheduling in .NET apps - Overriding schedules from configs or databases - Displaying easy-to-read rules in UIsNuGet: <a href="https://www.nuget.org/packages/NaturalCron" rel="nofollow">https://www.nuget.org/packages/NaturalCron</a> GitHub: <a href="https://github.com/hugoj0s3/NaturalCron">https://github.com/hugoj0s3/NaturalCron</a>Would love your feedback on syntax, builder design, and what features you'd like to see next!

Show HN: Rewindtty – Record and replay terminal sessions as structured JSON

Show HN: Lotas – Cursor for RStudio

Show HN: Lotas – Cursor for RStudio Hey HN! We’re Jorge and Will from Lotas (<a href="https://www.lotas.ai/" rel="nofollow">https://www.lotas.ai/</a>), and we’ve built an AI coding assistant into RStudio (think Cursor for RStudio).RStudio is used by about 2 million data scientists and academics, but they currently lack a coding assistant within their IDE. Developers in other environments benefit from tools like Cursor and Windsurf, but R users don’t have any equivalent tools to speed up their workflow. Since ~80% of R programmers prefer to use RStudio over other IDEs like VSCode to write R code, we figured a tool like this one could be quite useful.Both of us were PhD students at Harvard. Jorge was in the biophysics program and Will was in the biostatistics program where most people used RStudio every day. We saw how integrated code assistants were taking off in other IDEs, but we noticed that the RStudio integrations were still lagging far behind. Many R users were copying and pasting code from ChatGPT to build their workflows, and this was clearly slow and fragile.To bring the Cursor-like experience to RStudio users, we built Rao (<a href="https://www.lotas.ai/" rel="nofollow">https://www.lotas.ai/</a>): a fork of RStudio with an embedded AI assistant that is aware of the user’s local context (both files and variable environment), can read and write files, can run code or commands, and can interpret textual or visual output. It works with any of the file formats already in RStudio (R, notebooks including RMDs and QMDs, Python, Stan, etc.), allowing R programmers to iteratively perform entire data analyses inside their preferred IDE.Other AI data science tools are either (1) built on the web or in environments people don’t already use, (2) are completely focused on python notebooks, or (3) are weak package-based assistants with limited functionality. Rao is exactly like the RStudio IDE that millions of data scientists already use, but it incorporates a powerful AI assistant and works with all the standard file types.You can download Rao at <a href="https://www.lotas.ai/download" rel="nofollow">https://www.lotas.ai/download</a>, watch our demo on the homepage (<a href="https://www.lotas.ai/" rel="nofollow">https://www.lotas.ai/</a>), and work through some example use cases on our GitHub (<a href="https://github.com/lotas-ai/rao/tree/main/demos">https://github.com/lotas-ai/rao/tree/main/demos</a>). We have a one-week free trial (no card required) and provide 500 queries/month for $20/month after that. We’d love to hear feedback from the HN community to make Rao as useful as possible! You can reach us at founders@lotas.ai.P.S. We have zero data retention (ZDR) agreements with OpenAI and Anthropic, but we currently recommend users do not input sensitive or regulated data like PHI into Rao until we sign BAAs with both model providers. For more information on our security practices, please visit the security page on our website <a href="https://www.lotas.ai/security" rel="nofollow">https://www.lotas.ai/security</a>.

Logical implication is a comparison operator

Show HN: ggc – A terminal-based Git CLI written in Go

Show HN: ggc – A terminal-based Git CLI written in Go Hi HN,I built ggc (<a href="https://github.com/bmf-san/ggc">https://github.com/bmf-san/ggc</a>), a terminal-based Git CLI tool written in Go.ggc provides: - A fast interactive UI (like `fzf`) for common Git operations- Traditional subcommands (e.g. `ggc add`, `ggc commit`)- Git-compatible config support (`ggc config` reads from `git config`)- Built-in aliases and workflow automation (e.g. `ggc addcommitpush`)The goal is to improve developer productivity by combining interactive workflows with scriptable CLI operations.It's still under active development, but I'd love feedback from the community!GitHub: <a href="https://github.com/bmf-san/ggc">https://github.com/bmf-san/ggc</a> Demo GIF: <a href="https://github.com/bmf-san/ggc#demo">https://github.com/bmf-san/ggc#demo</a>Thanks!