Wednesday, July 8, 2026

Show HN: Onboard-CLI, a LLM powered and AST-based tool to visualize codebase https://ift.tt/Ap03trd

Show HN: Onboard-CLI, a LLM powered and AST-based tool to visualize codebase https://ift.tt/I3JzxYt July 9, 2026 at 12:09AM

Show HN: Skill-extractor turns coding agent transcripts into reusable skills https://ift.tt/rjNzpvD

Show HN: Skill-extractor turns coding agent transcripts into reusable skills https://ift.tt/czvlwK1 July 9, 2026 at 12:03AM

Show HN: Hnwork.app – UI for Who is hiring posts https://ift.tt/lVYsoOL

Show HN: Hnwork.app – UI for Who is hiring posts Hey HN, I built a UI on top of the "Who is hiring" posts. Take a look at https://hnwork.app ! One of the downsides of unstructured text posts is the readability due to it being free-form and having little to no format. While there are other tools that have been built over the years to make perusing Who is hiring posts easier, I took a try on making my own (I actually tried to build this at a YC hackathon a few years back, but got around to completing it recently). Features: - Text search and search filters - Original post text with call outs to important information - Removes posts that aren’t on topic (complaints, seeking work, vague or missing contact info) - Analytics - API In addition, job posters can create accounts to submit postings through the app. While I don’t expect posting to move over to this app, it’s what I envisioned what a Who is hiring thread would like as an app: - Structured postings with required fields (e.g., salary range required) - Job posters get notifications about comments on their posts - Job posters get verified through their email before posting (e.g., someone posting a Sony job has a Sony email address) - Companies with multiple job posters can coordinate postings and view past postings - Admins can audit and approve companies and posts Job seekers can also create an account to post comments or get access to a simple API but otherwise browsing doesn’t require any kind of signup/signin. I’m open to feedback: let me know if you’d like me to ingest more data from past months, something is missing or broken, or there’s a new feature you’d like to see. Thanks! https://hnwork.app/ July 9, 2026 at 12:00AM

Show HN: REST - Living Without Burnout. A manifesto about sustainable discipline https://ift.tt/2crsx45

Show HN: REST - Living Without Burnout. A manifesto about sustainable discipline Lately, I’ve been thinking a lot about what gives me energy and what slowly takes it away. Those thoughts eventually turned into a small manifesto I called REST. https://themanifesto.rest/ July 8, 2026 at 11:42PM

Tuesday, July 7, 2026

Show HN: CLRK, an open-source agent runtime with gVisor and MitM guardrails https://ift.tt/svxomWr

Show HN: CLRK, an open-source agent runtime with gVisor and MitM guardrails TL;DR: we built a framework-agnostic agent runtime that uses gVisor for isolation and runs on k8s. It’s open-source under AGPLv3 Recently we’ve been working on a customer support “AI assistant” - essentially an interactive knowledge base/L1 support but with an option to touch resources that belong to a customer it’s talking to. We found existing tools to be lacking in these aspects: 1. Fully intercepted i/o. We wanted to trace out LLM calls as well as any other networking calls attempted by the harness so that guardrails and audit trails apply to all current and future systems uniformly. Nobody’s agent can accidentally make raw database calls or send PII data to an overseas LLM provider. 2. Coherent API and framework agnostic. There’re a lot of frameworks out there that do similar things in slightly different way and most we found had telemetry, guardrails and other tooling tightly bound into the framework. We wanted something with an infrastructure-first approach because we think it’s a more flexible way to compose such systems. 3. k8s compatible runtime. We run part of our stack on k8s and know it well so we wanted to take advantage of this if we could. We searched for an existing solution, but especially with Daytona going closed sourced recently, there were no options we could find that were open-source and met our needs, so we built one. A more in-depth design writeup can be found here: https://ift.tt/uWxbMQn Questions, FRs, hot takes or funny insults are welcome! https://ift.tt/rAjmNfg July 7, 2026 at 11:45PM

Show HN: Halo – open-source, tamper-evident runtime evidence for AI agents https://ift.tt/L9JGeMA

Show HN: Halo – open-source, tamper-evident runtime evidence for AI agents Hi HN, I'm Brian, I spent the last few years at Vanta (YC W18), helping startups and enterprises become compliant and I recently started exploring what that might look like in a post-agentic world. The problem Halo solves is: when a company buys an AI agent from a vendor and gives it access to their data, they have no way to check what the agent did with that data. Vendors may have built observability dashboards and audit logs, but those are editable and partisan. SOC 2 and ISO 27001 audit a company's controls, but controls are less predictive when the software is agentic. TLDR: give an agent the same prompt 50 times, and you get 50 slightly different actions/answers - so the only thing worth auditing in a post-agentic world is what happened at runtime. Halo is an open-source project that produces agent runtime evidence. It's a small recorder that records every action an agent takes (eg. tool calls, model calls, data access, etc), and becomes a record in an append-only log. It's hash-chained, so anyone can re-verify. Run the following command to see a fictional example: uvx --from halo-record halo demo --serve Then, delete a line from one of the .jsonl files and reload, and the report will catch that it's been tampered with. To wire up your own agent, run this line of Python: agent = trace(run_my_agent, profile="my-agent", log="audit.jsonl") Then use this to generate a real report and give it to your customers: halo report audit.jsonl -o report.html Disclaimer: this proves integrity, not completeness (as a self-held chain proves nothing was edited but does NOT prove that nothing was omitted). Catching this requires a witness outside the vendor and is what I'm working on next. Halo is Apache-2.0, contains zero runtime dependencies, and is about 4,300 lines of Python with 125 tests (if you prefer TypeScript, here's that repo: https://ift.tt/IbjQTE7 ). Give it a try, and please let me know if you have any feedback! https://ift.tt/7t9W4wb July 7, 2026 at 06:07PM

Monday, July 6, 2026