Show stories

Hi HN, I'm Mohammed, a technical founder who loves shipping and giving back to the community. I'm open-sourcing the full-stack engine that powers my B2B product, apflow.co.

What it is: A production B2B starter with a Go backend and Next.js frontend. Both are fully Dockerized with separate containers. No Vercel. No Supabase. Deploy the whole thing on a $6 VPS, or split frontend and backend across different providers. You own the infrastructure.

The problem I was solving:

Every SaaS starter I evaluated had the same issue: they locked me into someone else's platform. Vercel for hosting. PlanetScale for the database. Serverless functions billing per invocation. Fine for prototypes, but costs become unpredictable at scale and migrating away is painful.

I wanted something I could deploy on any Linux box with docker-compose up. Something where I could host the frontend on Cloudflare Pages and the backend on a Hetzner VPS if I wanted. No vendor-specific APIs buried in my code.

Why Go for the backend:

Go gives me exactly what I need for a SaaS backend:

Tiny footprint. The backend idles at ~50MB RAM. On a cheap VPS, that headroom lets me run more services without upgrading. Concurrency without complexity. Billing webhooks, file uploads, and AI calls run concurrently without callback hell. Compile-time type safety. Using SQLC, my SQL compiles to type-safe Go. If the query is wrong, it fails at build time, not in production. Predictable performance. No garbage collection pauses that surprise you under load. The architecture (Modular Monolith):

I didn't want microservices complexity for a small team, but I needed clean separation. I built a Modular Monolith: features like Auth, Billing, and AI are isolated Go modules with explicit interfaces, but they deploy as a single binary.

This structure also made AI coding tools (Cursor, Claude Code) dramatically more effective. Because every module has strict boundaries, the AI knows exactly where new code belongs and doesn't break other modules.

Full-stack, not just backend:

Backend: Go 1.25 + Gin + SQLC (type-safe SQL, no ORM) + PostgreSQL with pgvector Frontend: Next.js 16 + React 19 + Tailwind + shadcn/ui Communication: The frontend consumes a clean REST API. You can swap Next.js for any framework that speaks HTTP. Infrastructure: Separate Dockerfiles for frontend and backend. Deploy together or apart. What's pre-built:

The boring infrastructure is solved so you can focus on your actual product:

Auth + RBAC: Stytch B2B integration with Organizations, Teams, and Roles. Multi-tenant data isolation enforced at the query level. Billing: Polar.sh as Merchant of Record. Handles subscriptions, invoices, and global tax/VAT. No Stripe webhook edge cases. AI Pipeline: OpenAI RAG using pgvector. The retrieval service enforces strict context boundaries to minimize hallucinations. OCR: Mistral integration for document extraction. File Storage: Cloudflare R2 integration. Each feature is a separate module. Don't need OCR? Remove it. Want Stripe instead of Polar? The billing interface is abstracted.

Real-world proof:

This isn't a template I made for GitHub stars. It's the exact code running apflow.co in production. When I added document OCR, I built it as a new module without touching Auth or Billing. The architecture held.

How to try it:

Clone the repo, read setup.md to check the prerequisite, run ./setup.sh, and you have a working B2B environment locally in minutes.

Feedback I want:

I'd appreciate feedback from Go developers on the module boundaries and cross-module interfaces. Also curious if anyone has suggestions for the Docker setup in production deployments.

GitHub: https://github.com/moasq/production-saas-starter

Live: https://apflow.co

I find that the drag and drop experience can quickly become a nightmare, especially on mobile. To tap, hold, drag, and scroll, all at the same time, is both difficult to achieve, and prone to errors. I've always had in mind this 2-step approach, where picking an element and placing it were two separate steps. So I implemented this basic version to showcase my idea.

While it might take more time than a regular drag and drop, the benefit is for people who struggle with holding down the mouse button. With picknplace.js, you only need two clicks and some scrolling.

This solution is meant as an experiment, so I'm open to discussion.

The article discusses the rise of NewsMax, a conservative media company, and its growing influence in the political landscape. It explores the company's strategy of appealing to right-wing audiences and its potential impact on the future of news and politics.

Alright so if you run a self-hosted blog, you've probably noticed AI companies scraping it for training data. And not just a little (RIP to your server bill).

There isn't much you can do about it without cloudflare. These companies ignore robots.txt, and you're competing with teams with more resources than you. It's you vs the MJs of programming, you're not going to win.

But there is a solution. Now I'm not going to say it's a great solution...but a solution is a solution. If your website contains content that will trigger their scraper's safeguards, it will get dropped from their data pipelines.

So here's what fuzzycanary does: it injects hundreds of invisible links to porn websites in your HTML. The links are hidden from users but present in the DOM so that scrapers can ingest them and say "nope we won't scrape there again in the future".

The problem with that approach is that it will absolutely nuke your website's SEO. So fuzzycanary also checks user agents and won't show the links to legitimate search engines, so Google and Bing won't see them.

One caveat: if you're using a static site generator it will bake the links into your HTML for everyone, including googlebot. Does anyone have a work-around for this that doesn't involve using a proxy?

Please try it out! Setup is one component or one import.

(And don't tell me it's a terrible idea because I already know it is)

package: https://www.npmjs.com/package/@fuzzycanary/core gh: https://github.com/vivienhenz24/fuzzy-canary

Orbit is a web-based platform that allows users to explore and visualize scholarly communication data, enabling analysis of research trends, collaboration networks, and citation patterns across various disciplines.

A proof-of-concept language learning app that uses LLMs to generate definitions of unknown words using only previously mastered vocabulary.

AGENTS.md is a great idea but it stops working once a codebase or agent workflow gets large.

I built AGENTS.db which keeps the spirit of AGENTS.md while scaling it into a layered, append‑only, vectorized flatfile database for LLM agents.

Instead of one mutable markdown file, context lives in layers:

- Base - immutable, human‑verified source of truth

- User - durable human additions

- Delta - proposed / reviewable changes

- Local - ephemeral session notes

Higher layers override lower ones (`local > user > delta > base`), with full provenance and fast local semantic search.

No server. No SaaS. Works offline. Source‑control friendly. Exposes an MCP server so agents can read/write context safely instead of rewriting docs.

This is an early reference implementation targeting a public spec, and I’m trying to pressure‑test whether this is a better long‑term primitive than “just keep adding to AGENTS.md”.

Repo: https://github.com/krazyjakee/AGENTS.db

- NanoAI unifies prompt-led generation, guided image transforms, and a precision browser canvas inside one localizedworkspace so teams can jump from concept to polished assets without context switching.

- Remix uploaded references through Image to Image, refine every brush stroke directly in the canvas editor, andfinish deliverables with built-in resizer/converter tools before publishing.

Helix is a dynamic mock server that generates data on the fly using LLMs (supports Ollama, DeepSeek, Groq).

Key difference from other AI generators: Schema Enforcement. One of the biggest issues with LLMs is non-deterministic output. To solve this, Helix allows you to provide a "System Schema" (using TypeScript interfaces, JSON Schema, or plain text rules). The engine ensures the generated JSON strictly adheres to your defined keys and types, while still generating realistic values for the content.

Features: - Local-First: Works completely offline with Ollama (Llama 3.2 is recommended). - Schema Safety: You can force strict structure compliance so your frontend doesn't break. - Chaos Mode: Optionally simulate latency and error rates. - Stack: Python 3.11, FastAPI, Redis, Docker.

It's open source (AGPLv3). I'd love to hear your feedback, especially regarding the schema validation approach!

Repo: https://github.com/ashfromsky/helix

Hey HN! I’m a researcher working on Bitcoin smart contracts, and today I’m releasing Bithoven—a high-level imperative language that compiles to native Bitcoin Script (Legacy, SegWit, and Taproot).

The Goal:

Raw Bitcoin Script is notoriously difficult to reason about. Writing raw Bitcoin Script today feels like writing Assembly in the 1970s. You have to mentally juggle the stack (`OP_SWAP`, `OP_ROT`), manually manage distinct execution branches, and pray you didn't leave a stack item unconsumed (which crashes the script). My goal was to bridge the gap between complex contract logic and raw opcodes, allowing developers to write readable, compile-time-safe code.

Key Features:

- Imperative Syntax: Write logic using familiar if/else and return statements instead of mental stack juggling.

- Type Safety: First-class support for bool, signature, string, and number types to prevent runtime errors.

- Targeted Compilation: Support for Legacy, SegWit, and Taproot compilation targets.

- Native Primitives: Built-in keywords for timelocks (older, after) and cryptography (sha256, checksig).

You can try it in the browser here (runs via WASM): https://bithoven-lang.github.io/bithoven/ide/

Here is an example of a Hashed Time-Locked Contract (HTLC):

  (condition: bool, sig_alice: signature)
  (condition: bool, preimage: string, sig_bob: signature)
  {
      if condition {
          // Relative locktime (Sequence)
          older 1000;
          return checksig (sig_alice, alice_pk);
      } else {
          // Hashlock verification
          verify sha256 sha256 preimage == hash;
          return checksig (sig_bob, bob_pk);
      }
  }

Everyone's shipping AI tools right now, and here I am with a visual editor. Still, I think many teams are very familiar with the problem of "marketing wants to change the landing page again."

I've run into this for years. Campaign pages come in, engineers get pulled in, and tickets stack up. It's usually the same components, just rearranged.

A few years ago, at a startup I worked at, we built an internal tool to deal with this. You register your existing React components, they show up as drag-and-drop blocks, and the result is a JSX string. No schema to learn, no changes to your component code.

We used it in production, handling real traffic in a messy, legacy-heavy environment. It held up well. Over time, it powered roughly 60% of our traffic. Marketing shipped pages without filing tickets, and product teams ran layout-level A/B tests. That experience eventually led me to clean it up and open-source it.

Composify sits somewhere between a no-code page builder and a headless CMS. Page builders like Wix or Squarespace offer drag-and-drop, but lock you into their components. There are also solid tools like Builder.io, Puck, and Storyblok, but many require you to adapt your components to their model. Composify is intentionally minimal: it lets you use your actual production components as they are.

It's still early. The docs need work, and there are rough edges. But it's running in production and has solved a real problem for us. If you already have a component library and want non-devs to compose pages from it, it might be useful.

Homepage: https://composify.js.org

Happy to answer questions or hear feedback!

This hobby project was created using stolen code from deno tbh. Also I have submitted my framework to TechEmpower benchmarks and other bench marks. I'm attaching the framework score for your reference.

https://www.techempower.com/benchmarks/#section=test&runid=2...

Hi HN, we’re Luke and Phillip, and we’re building Spice.ai OSS - a lightweight, portable data and AI engine and powered by Apache DataFusion & Ballista for SQL query, hybrid-search, and LLM-inference across disaggregated-storage used by enterprises like Barracuda Networks and Twilio.

We first introduced Spice [1] on HN in 2021 and re-launched it on HN [2] in 2024 re-built from the ground up in Rust.

Spice includes the concept of a Data Accelerator [3], which is a way to materialize data from disparate sources, such as other databases, in embedded databases like SQLite and DuckDB.

Today we’re excited to announce a new Ducklake-inspired Data Accelerator built on Vortex [3], a highly performant, extensible columnar data format that claims 100x faster random access, 10-20x faster scans, 5x faster writes with a similar compression ratio vs. Apache Parquet.

In our tests with Spice, Vortex performs faster than DuckDB with a third of the memory usage, and is much more scalable (multi-file). For real-world deployments, we see the DuckDB Data Accelerator often capping out around 1TB, but Spice Cayenne can do Petabyte-scale.

You can read about it at https://spice.ai/blog and in the Spice OSS release notes [4].

This is just the first version, and we’d love to get your feedback!

GitHub: https://github.com/spiceai/spiceai

[1] https://news.ycombinator.com/item?id=28448887

[2] https://news.ycombinator.com/item?id=39854584

[3] https://github.com/vortex-data/vortex

[4] https://spiceai.org/blog/releases/v1.9.0

Well, I certainly tried. I had to, because it has a certain quirk inspired by "digital minimalism."

The quirk is that it only allows you to fetch new articles once per day (or X days).

Why? Let me explain...

I want my internet content to be like a boring newspaper. You get it in the morning, and you read the whole thing while sipping your morning coffee, and then you're done! No more new information for today. No pings, no alerts, peace, quiet, zen, etc.

But with that, I needed it to be able to fetch all articles from my hundreds of feeds in one sitting. This is where Zig and curl optimisations come in. I tried to do all the tricks in the book. If I missed something, let me know!

First off, I'm using curl multi for the network layer. The cool thing is it automatically does HTTP/2 multiplexing, which means if your feeds are hosted on the same CDN it reuses the same connection. I've got it configured to handle 50 connections total with up to 6 per host, which seems to be the sweet spot before servers start getting suspicious. Also, conditional GETs. If a feed hasn't changed since last time, the server just says "Not Modified" and we bail immediately.

While curl is downloading feeds, I wouldn't want CPU just being idle so the moment curl finishes downloading a single feed, it fires a callback that immediately throws the XML into a worker thread pool for parsing. The main thread keeps managing all the network stuff while worker threads are chewing through XML in parallel. Zig's memory model is perfect for this. Each feed gets its own ArenaAllocator, which is basically a playground where you can allocate strings during parsing, then when we're done, we just nuke the entire arena in one go.

For parsing itself, I'm using libexpat because it doesn't load the entire XML into memory like a DOM parser would. This matters because some podcast feeds especially are like 10MB+ of XML. So with smart truncation we download the first few X mb's (configurable), scan backwards to find the last complete item tag, cut it there, and parse just that. Keeps memory usage sane even when feed sizes get massive.

And for the UI I just pipe everything to the system's "less" command. You get vim navigation, searching, and paging for free. Plus I'm using OSC 8 hyperlinks, so you can actually click links to open them on your browser. Zero TUI framework needed. I've also included OPML import/export and feed groups as additional features.

The result: content from hundreds of RSS feeds retrieved in matter of seconds, and peace of mind for the rest of the day.

The code is open source and MIT licensed. If you have ideas on how to make it even faster or better, comment below. Feature requests and other suggestions are also welcome, here or GitHub.

OpenMemory is an open-source project that aims to develop a decentralized, privacy-focused memory storage and retrieval system. The project leverages blockchain technology and distributed storage to create a secure and censorship-resistant platform for storing and accessing personal data.

Hi HN, We are the OpenDCAI group from Peking University. We built Paper2Any, an open-source tool designed to automate the "Paper to Slides" workflow based on our DataFlow-Agent framework. The Problem: Writing papers is hard, but creating professional architecture diagrams and slides (PPTs) is often more tedious. Most AI tools just generate static images (PNGs) that are impossible to tweak for final publication. The Solution: Paper2Any takes a PDF, text, or sketch as input, understands the research logic, and generates fully editable PPTX (PowerPoint) files and SVGs. We prioritize flexibility and fidelity—allowing you to specify page ranges, switch visual styles, and preserve original assets. How it works: 1. Multimodal Reading: Extracts text and visual elements from the paper. You can now specify page ranges (e.g., Method section only) to focus the context and reduce token usage. 2. Content Understanding: Identifies core contributions and structural logic. 3. PPT Generation: Instead of generating one flat image, it generates independent elements (blocks, arrows, text) with selectable visual styles and organizes them into a slide layout. Links: - Demo: http://dcai-paper2any.cpolar.top/ - Code (DataFlow-Agent): https://github.com/OpenDCAI/DataFlow-Agent We'd love to hear your feedback on the generation quality and the agent workflow!

I built a Rust-powered Wavelet Matrix library for Python.

There were surprisingly few practical Wavelet Matrix implementations available for Python, so I implemented one with a focus on performance, usability, and typed APIs. It supports fast rank/select, top-k, quantile, range queries, and even dynamic updates.

Feedback welcome!

Hi HN,

I’m building MephistoMail, a privacy-focused disposable email service designed to decouple digital identity from online services. After seeing how many "temp mail" providers log IP addresses or sell metadata, I wanted to build something that prioritizes total digital hygiene.

New Key Features:

Volatile Memory Storage: We use a RAM-only infrastructure. No incoming messages or session data are ever written to a physical HDD. Once the session terminates, the data is cryptographically wiped.

Client-Side Password Generator: Integrated entropy-based generator that runs locally in your browser. Create high-security passwords for your registrations without them ever touching our servers.

Secure QR Handoff: Transfer your active "burner" session from desktop to mobile instantly via an encrypted QR link. No need to type complex random addresses on your phone.

Multi-Account Tunneling: Manage multiple anonymous identities simultaneously through a unified interface.

Custom Alias Creation: Define your own usernames on our secure domains for more professional-looking temporary identities.

The Stack:

Frontend: React, Tailwind CSS, Lucide icons.

Backend Logic: Powered by Mail.tm's stable API for zero-latency delivery.

Privacy: Strict No-Logs policy, TLS 1.3 encryption, and no tracking cookies.

I’m looking for technical feedback on the UX and the "Persona" tool integration.

URL: https://www.mephistomail.site/ Source: https://github.com/jokallame350-lang/temp-mailmephisto

Happy to answer any questions about the implementation!

I needed to generate invoices in a Node.js app. jsPDF is 229KB. I only needed text, rectangles, lines, and JPEG images.

  So I wrote tinypdf: <400 lines of TypeScript, zero dependencies, 3.3KB minified+gzipped.

  What it does:
  - Text (Helvetica, colors, alignment)
  - Rectangles and lines
  - JPEG images
  - Multiple pages, custom sizes

  What it doesn't do:
  - Custom fonts, PNG/SVG, forms, encryption, HTML-to-PDF

  That's it. The 95% use case for invoices, receipts, reports, tickets, and labels.

  GitHub: https://github.com/Lulzx/tinypdf
  npm: npm install tinypdf

I work mostly in the terminal but found myself constantly switching to bloated GUIs like SSMS only for the simple task of browsing tables and run queries. And I didn't find Existing SQL TUIs intuitive, having to read documentation to learn keybindings and CLI flags to connect. Given I had recently switched to linux, I found myself using vs code's sql database extension. Something was awfully wrong.

I wanted something like lazygit for databases – run it, connect, and query and frankly just make it enjoyable to access data.

  Sqlit is a keyboard-driven SQL TUI with:

  - Context-based keybindings (always visible)
  - Neovim-like interface with normal and insert mode for query editing
  - Browse databases, tables, views, stored procedures
  - Adapters for SQL Server, SQLite, PostgreSQL, Turso & more
  - SSH tunneling support
  - Themes (Tokyo Night, Nord, Gruvbox etc.)

  Inspired by lazygit, neovim and lazysql. Built with Python/Textual.

https://github.com/Maxteabag/sqlit

I've created a networking library in C++ which works on Linux, Windows, & MacOS and made the core of it based on C++ coroutines and native asyncio from each of these platforms. Check it out: https://github.com/adityarao2005/WebCraft. It has an official vcpkg port. Here is an example of how to use it https://github.com/adityarao2005/http-server-webcraft.

The article discusses the importance of setting boundaries and priorities in one's personal and professional life. It provides strategies for identifying and communicating your boundaries, as well as tips for maintaining a healthy work-life balance.

In the past I've used tools like Postman for API testing but I always found myself wanting to stay in my terminal without switching contexts.

So I started building a new tool to bridge the gap, combining terminal-native workflow with the API collection management we get from GUI tools.

It's definitely in the early stage of development but if you work with APIs from the command line, I'd love to hear your thoughts and feedback on this post or even a feature request in a Github issue!

Feel free to check it out here and give it a spin: https://github.com/pranav-cs-1/nexus

Most products that touch PDFs or images quietly rebuild the same thing: a hacked-together “router” that picks which OCR/vision API to call, normalizes the responses, and prays the bill is sane at the end of the month.

DocsRouter is that layer as a product: one stable API that talks to multiple OCR engines and vision LLMs, lets you route per document based on cost/quality/latency, and gives you normalized outputs (text, tables, fields) so your app doesn’t care which provider was used.

It’s meant for teams doing serious stuff with documents: invoices/receipts, contracts, payroll, medical/admin forms, logistics docs, etc., who are either stuck on “the OCR we picked years ago” or are overwhelmed by the churn of new vision models.

Right now you get a REST API, simple SDKs (coming soon), a few pluggable backends (classic OCR + newer vision models), some basic routing policies, and a playground where you can upload a doc and compare outputs side by side.

I’d love feedback from HN on two things:

1- If you already juggle multiple OCR/vision providers, what does your homegrown router look like, and what would you need to trust an external one?

2 - Would you prefer this or use the LLM/OCR providers directly, with the possibility of changing the provider every so often?

Demo and docs are here: https://docsrouter.com

I created this because sometimes I want more than rlwrap but less than emacs. icl aims to hit that middle sweet spot.

It's a terminal application with context-aware auto-complete, an interactive object inspector, auto-indentation, syntax colouring, persistent history, and much more. It uses sly to communicate with the child lisp process and aims to be compatible with any sly-supporting implementation. I hope others find it useful!

Hello HN,

I basically don't use notifications for anything. The noise is too much. Slack is too loud. Email is too slow. But sometimes you do need a note in your face.

I found myself missing 1990s pagers. I wanted a digital equivalent - something that does one thing: beep until I ack it.

So I built UDP-7777.

Concept:

- 0% Cloud: It listens on UDP Port 7777. No accounts, no central servers. You don't need Tailscale/ZeroTier/WG/etc, it's just easy for device sets.

- CAPCODES: It maps your IP address (LAN or Tailscale) to a retro 10-digit "CAPCODE" that looks like a phone number (e.g., (213) 070-6433 for loopback).

- Minimalism: Bare-bones interface. Just a box, a few buttons, and a big red blinker.

The Tech:

It's a single binary written in Go (using Fyne). It implements "burst fire" UDP (sending packets 3x) to ensure delivery without the handshake overhead of TCP.

New in v2.2.7:

- Frequency Tuning: Bind specifically to your Tailscale/ZeroTier interface.

- Squelch: Optional shared-secret keys to ignore unauthorized packets.

- Heartbeat: Visual/Audio alerts that persist until you physically click ACK.

I built this for anyone looking to cut through the noise—DevOps teams handing off the "on-call IP", or deep-work focus where you only want interruptions from a high-trust circle.

I'd love to hear your thoughts on the IP-to-Phone-Number mapping logic (it's purely visual, but I'm really into it).

Site & Binaries (Signed for Mac/Win): https://udp7777.com

Hi HN, I’m Safoan, founder of Narrativee.

We built Narrativee because we realized how it sucks it to get a clear picture from raw spreadsheet files. I found myself spending hours staring at rows and columns, trying to extract context and manually turn that data into documents I could actually share with my team.

The Problem Spreadsheets are great for calculation, but terrible for communication. To get the "story" behind the data, you usually have to screenshot charts or write long emails explaining what the numbers mean.

This is why we built Narrativee to remove that friction in minutes.

> You upload your spreadsheet (CSV/XLS), > Get an narrative document that explains the "what" and "why" behind your data > Edit & Share a readable report instead of raw numbers

We have a free plan, give it a try and let us know what we can improve !

I’m a former Systems Architect (Cisco/VMware) turned builder in Thailand. TheAuditor v2.0 is a complete architectural rewrite (800+ commits) of the prototype I posted three months ago.

The "A-ha" moment for me didn't come from a success; it came from a massive failure. I was trying to use AI to refactor a complex schema change (a foundation change from "Products" to "ProductsVariants"), and due to the scope of it, it failed spectacularly. I realized two things:

* Context Collapse: The AI couldn't keep enough files in its context window to understand the full scope of the refactor, so it started hallucinating, "fixing" superficial issues. If I kept pressing it, it would literally panic and make up problems "so it could fix them," which only resulted in the situation going into a death spiral. That’s the villain origin story of this tool. :D * Stale Knowledge: It kept trying to implement Node 16 patterns in a Node 22 project, or defaulting to obsolete libraries (like glob v7 instead of v11) because its training data was stale.

I realized that AI agents are phenomenal at outputting working code, but they have zero understanding of it. They optimize for "making it run at any cost"—often by introducing security holes or technical debt just to bypass an error. This is a funny paradox because when "cornered/forced" to use cutting-edge versions, syntax, and best practices, it has zero issue executing or coding it. However, it’s so hilariously unaware of its surroundings that it will do anything else unless explicitly babysat.

I built v2 to be the "Sanity Check" that solves a lot of these issues, and it aims to continue solving more of the same and similar issues I face. Instead of letting the AI guess, TheAuditor indexes the entire codebase into a local SQLite Graph Database. This gives the AI a queryable map of reality, allowing it to verify dependencies and imports without needing to load "all" files into context.

A/B Demo: https://www.youtube.com/watch?v=512uqMaZlTg As seen in the demo video, instead of trying to read 10+ full files and/or grepping to make up for the hallucinations, it can now run "aud explain" and get 500 lines of deterministic "facts only" information. It gets just what it needs to see versus reading 10+ files, trying to keep them in context, finding what it was looking for, and trying to remember why it was looking to begin with.

I also learned that regex/string/heuristics don't scale at all and are painfully slow (hours vs minutes). I tried the regex-based rules/parsers approach, but they kept failing silently on complex files and suffered constant limitations (the worst offender was having to read all files per set of rules). I scrapped that approach and built a "Triple-Entry Fidelity" system. Now, the tool acts like a ledger: the parser emits a manifest, the DB emits a receipt. If they don't match, the system crashes intentionally.

It’s no longer just a scanner; it’s a guardrail. In my daily workflow, I don't let the AI write a line of code until the AI (my choice just happens to be CC/Codex) has run a pre-investigation for whatever problem statement I'm facing at the moment. This ensures it's anchored in facts and not inference assumptions or, worse, hallucinations.

With that said, my tool isn't perfect. To support it all, I had to build a pseudo-compiler for Python/JS/TS, and that means preparing extractors for every framework, every syntax—everything, really. Sometimes I don't get it right, and sometimes I just won't have had enough time to build it out to support everything.

So, my recommendation is to integrate the tool WITH your AI agent of choice rather than seeing it as a tool for you, the human. I like to use the tool as a "confirm or deny," where the AI runs the tool, verifies in source code, and presents a pre-implementation audit. Based on that audit, I will create an "aud planning."

Some of the major milestones in v2.0

* Hybrid Taint: I extended the Oracle Labs IFDS research to track data flow across microservice boundaries (e.g., React fetch → Express middleware → Controller).

* Triple-Entry Fidelity: This works across every layer (Indexer -> Extractor -> Parser -> Storage). Every step has fidelity checks working in unison. If there is silent data loss anywhere in the pipeline, the tool crashes intentionally.

* Graph DB: Moved from file-based parsing to a SQLite Graph Database to handle complex relationships that regex missed.

* Scope: Added support for Rust, Go, Bash, AWS CDK, and Terraform (v1 was Python/JS only).

* Agent Capabilities: Added Planning and Refactor engines, allowing AI agents to not just scan code but safely plan and execute architectural changes

got tired of paying $29–99/month for simple contact forms on landing pages and side projects (Typeform, Tally, etc.).So I built GitForms: an open-source contact form that stores submissions as GitHub Issues.How it works:Form runs on your Next.js 14 site (Tailwind + TypeScript) On submit → creates a new Issue in your repo via GitHub API You get instant email notifications from GitHub (free)

Zero ongoing costs:No database, no backend servers Deploy on Vercel/Netlify free tier in minutes Configurable via JSON (themes, text, multi-language)

Perfect for MVPs, landing pages, portfolios, or any low-volume use case.Repo: https://github.com/Luigigreco/gitforms License: CC-BY-NC-SA-4.0 (non-commercial only – fine for personal projects, not client work).Curious what HN thinks: would you use this? Any obvious improvements or edge cases I missed?Thanks!