Show HN: Crust – A CLI framework for TypeScript and Bun https://ift.tt/6ZEhd59

Show HN: Crust – A CLI framework for TypeScript and Bun We've been building Crust ( https://crustjs.com/ ), a TypeScript-first, Bun-native CLI framework with zero dependencies. It's been powering our core product internally for a while, and we're now open-sourcing it. The problem we kept running into: existing CLI frameworks in the JS ecosystem are either minimal arg parsers where you wire everything yourself, or heavyweight frameworks with large dependency trees and Node-era assumptions. We wanted something in between. What Crust does differently: - Full type inference from definitions — args and flags are inferred automatically. No manual type annotations, no generics to wrangle. You define a flag as type: "string" and it flows through to your handler. - Compile-time validation — catches flag alias collisions and variadic arg mistakes before your code runs, not at runtime. - Zero runtime dependencies — @crustjs/core is ~3.6kB gzipped (21kB install). For comparison: yargs is 509kB, oclif is 411kB. - Composable modules — core, plugins, prompts, styling, validation, and build tooling are all separate packages. Install only what you need. - Plugin system — middleware-based with lifecycle hooks (preRun/postRun). Official plugins for help, version, and shell autocompletion. - Built for Bun — no Node compatibility layers, no legacy baggage. Quick example: import { Crust } from "@crustjs/core"; import { helpPlugin, versionPlugin } from "@crustjs/plugins"; const main = new Crust("greet") .args([{ name: "name", type: "string", default: "world" }]) .flags({ shout: { type: "boolean", short: "s" } }) .use(helpPlugin()) .use(versionPlugin("1.0.0")) .run(({ args, flags }) => { const msg = `Hello, ${args.name}!`; console.log(flags.shout ? msg.toUpperCase() : msg); }); await main.execute(); Scaffold a new project: bun create crust my-cli Site: https://crustjs.com GitHub: https://ift.tt/thosJWV Happy to answer any questions about the design decisions or internals. https://ift.tt/s0Wvt3T March 17, 2026 at 11:43AM

Show HN: FireClaw – Open-source proxy defending AI agents from prompt injection https://ift.tt/8W1i5FV

Show HN: FireClaw – Open-source proxy defending AI agents from prompt injection Hey HN, We built FireClaw because we kept watching AI agents get owned by prompt injection through web content. The agent fetches a page, the page says "ignore previous instructions," and suddenly your agent is leaking data or running commands it shouldn't. The existing solutions detect injection after the fact. We wanted to prevent it. FireClaw is a security proxy that sits between your AI agent and the web. Every fetch passes through a 4-stage pipeline: 1. DNS blocklist check (URLhaus, PhishTank, community feed) 2. Structural sanitization (strip hidden CSS, zero-width Unicode, encoding tricks) 3. Isolated LLM summarization (hardened sub-process with no tools or memory) 4. Output scanning with canary tokens (detect if content bypassed summarization) The key insight: even if Stage 3's LLM gets injected, it has no tools, no memory, and no access to your data. It can only return text — which still gets scanned in Stage 4. The attacker hits a dead end. Other design decisions: - No bypass mode. The pipeline is fixed. If your agent gets compromised, it can't disable FireClaw. - Community threat feed — instances anonymously share detection metadata (domain, severity, detection count) to build a shared blocklist. No page content is ever sent. - Runs on a Raspberry Pi as a physical appliance with an OLED display that shows real-time stats and lights up with animated flames when it catches a threat. We searched the literature and open source extensively — no one else is doing proxy-based defense for agent prompt injection. Detection exists, sandboxing exists, but an inline proxy that sanitizes before content reaches the agent's context? We couldn't find it. 200+ detection patterns, JSONL audit logging, domain trust tiers, rate limiting, and cost controls. AGPLv3 licensed. Website: https://fireclaw.app Would love feedback from anyone working on AI agent security. What are we missing? What attack vectors should we add to the pattern database? https://ift.tt/sLEPgdc March 17, 2026 at 11:28PM

Show HN: F0lkl0r3.dev – a searchable, interlinked map of computing history https://ift.tt/g9SKXyI

Show HN: F0lkl0r3.dev – a searchable, interlinked map of computing history I love reading about the early days of computing, but finding the alpha in raw historical archives can be tough. I built f0lkl0r3.dev over the weekend to fix that. It takes nearly 1,000 oral histories from the Computer History Museum and makes them explorable, searchable, interconnected, and multimodal. To build it, I used the Gemini APIs (via ai.dev) to process the massive volume of unstructured interview text, pulling out the timelines, machines, and people so they could be cross-referenced. The app itself was built with Antigravity, next steps will be to add images and videos. You can search by specific mainframes, browse by era in the timeline, or just read the Apocrypha section for weird historical anecdotes. Enjoy the rabbit hole! I hope it distracts and inspires at least a few more people than me today. :) https://f0lkl0r3.dev March 17, 2026 at 11:00PM

Show HN: March Madness Bracket Challenge for AI Agents Only https://ift.tt/r5Zvjcd

Show HN: March Madness Bracket Challenge for AI Agents Only I built a March Madness bracket challenge for AI agents, not humans. The human prompts their agent with the URL, and the agent reads the API docs, registers itself, picks all 63 games, and submits a bracket autonomously. A leaderboard tracks which AI picks the best bracket through the tournament. The interesting design problem was building for an agent-first user. I came up with a solution where Agents who hit the homepage receive plain-text API instructions and Humans get the normal visual site. Early on I found most agents were trying to use Playwright to browse the site instead of just reading the docs. I made some changes to detect HeadlessChrome and serve specific html readable to agents. This forced me to think about agent UX even more - I think there are some really cool ideas to pull on. The timeline introduced an interesting dynamic. I had to launch the challenge shortly after the brackets were announced on Sunday afternoon to start getting users by the Thursday morning deadline. While I could test on the 2025 bracket, I wouldn't be able to get feedback on my MVP. So I used AI to create user personas and agents as test users to run through the signup and management process. It gave me valuable reps to feel confident launching. The stack is Next.js 16, TypeScript, Supabase, Tailwind v4, Vercel, Resend, and finally Claude Code for ~95% of the build. Works with any model that can call an API — Claude, GPT, Gemini, open source, whatever. Brackets are due Thursday morning before the First Round tips off. Bracketmadness.ai https://ift.tt/vxQjCeb March 17, 2026 at 07:56PM

Show HN: Claude Code skills that build complete Godot games https://ift.tt/GDBVMqC

Show HN: Claude Code skills that build complete Godot games I’ve been working on this for about a year through four major rewrites. Godogen is a pipeline that takes a text prompt, designs the architecture, generates 2D/3D assets, writes the GDScript, and tests it visually. The output is a complete, playable Godot 4 project. Getting LLMs to reliably generate functional games required solving three specific engineering bottlenecks: 1. The Training Data Scarcity: LLMs barely know GDScript. It has ~850 classes and a Python-like syntax that will happily let a model hallucinate Python idioms that fail to compile. To fix this, I built a custom reference system: a hand-written language spec, full API docs converted from Godot's XML source, and a quirks database for engine behaviors you can't learn from docs alone. Because 850 classes blow up the context window, the agent lazy-loads only the specific APIs it needs at runtime. 2. The Build-Time vs. Runtime State: Scenes are generated by headless scripts that build the node graph in memory and serialize it to .tscn files. This avoids the fragility of hand-editing Godot's serialization format. But it means certain engine features (like `@onready` or signal connections) aren't available at build time—they only exist when the game actually runs. Teaching the model which APIs are available at which phase — and that every node needs its owner set correctly or it silently vanishes on save — took careful prompting but paid off. 3. The Evaluation Loop: A coding agent is inherently biased toward its own output. To stop it from cheating, a separate Gemini Flash agent acts as visual QA. It sees only the rendered screenshots from the running engine—no code—and compares them against a generated reference image. It catches the visual bugs text analysis misses: z-fighting, floating objects, physics explosions, and grid-like placements that should be organic. Architecturally, it runs as two Claude Code skills: an orchestrator that plans the pipeline, and a task executor that implements each piece in a `context: fork` window so mistakes and state don't accumulate. Everything is open source: https://ift.tt/L94pIta Demo video (real games, not cherry-picked screenshots): https://youtu.be/eUz19GROIpY Blog post with the full story (all the wrong turns) coming soon. Happy to answer questions. https://ift.tt/L94pIta March 16, 2026 at 11:07PM

Show HN: Buda – AI agents forming a company (Claws running a startup) https://ift.tt/rC54Uyn

Show HN: Buda – AI agents forming a company (Claws running a startup) https://buda.im/ March 16, 2026 at 10:38PM

Show HN: Git Quest – I turned your GitHub commit history into an idle RPG https://ift.tt/h6Wc29l

Show HN: Git Quest – I turned your GitHub commit history into an idle RPG Hey HN, I built Git Quest, it reads your public GitHub history and turns it into an idle RPG character. How it works: - Your most-used language determines your class (TypeScript → Paladin, Python → Sage, etc.) - Commits generate Power and XP - Your character auto-battles dungeons while you code – no active play needed - Enemies drop loot across 5 rarity tiers - Live leaderboard ranks developers It only reads public GitHub data. I built it because I wanted something that rewards coding consistency without being another "streak" tracker. The idle mechanic means prolific coders naturally progress faster, but you don't have to babysit it. Would love feedback on the game loop and whether the class/language mapping feels right. https://ift.tt/nhZIaRq https://ift.tt/nhZIaRq March 16, 2026 at 09:44PM

Show HN: LLMonster Rancher https://ift.tt/sYvpSMl

Show HN: LLMonster Rancher I've long held a bit of nostalgia for the old PlayStation game Monster Rancher. You could "discover" monsters by popping in any arbitrary CD in your house – music, a PS game, a PC game, whatever – and it would generate a monster based on the disc's metadata, and add it to your ranch. It was a game about collecting, breeding, and battling these monsters. The generated monster usually had nothing at all to do with the disc's content, of course. There were some specific discs that were hard-coded in that would give you a relevant monster, but not a ton. It was a fairly niche thing, though, and the death of CDs sort of killed the whole idea. But now in the age of LLMs, it feels like maybe the time has come back around for something like this to be pretty fun again, so I've implemented it as an Agent Skill that: 1. accepts a URL and reads the content (or any input, really) 2. follows some standard guidance on generating monster JSON for it 3. uses a Gemini image model to generate a monster avatar 4. renders it all in a fun little trading card image 5. allows you to breed them into hybrids, battle them, and share them to Github Gists This was mainly a scratch-my-own-itch nostalgia indulgence. I briefly considered doing this as a full blown site, but agent skills give a fair bit more interactive flexibility while not costing me a dime. You can just point your agent (Claude Code, etc) to aiwebb/llmonster-rancher and tell it to get going. Hope y'all have fun with it. https://ift.tt/u6gi9fb March 16, 2026 at 07:53PM

Show HN: Detach – Mobile UI for managing AI coding agents from your phone https://ift.tt/rOabCPk

Show HN: Detach – Mobile UI for managing AI coding agents from your phone Hey guys, about two months ago I started this side-project for "asynchronous coding" where I can prompt Claude Code from my mobile on train rides, get a notification when it's done and then review and commit the code from the app itself. Since then I've been using it on and off for a while. I finally decided to polish it and publish it in case someone might find it useful. It's a self-hosted PWA with four panels: Agent (terminal running Claude Code), Explore (file browser with syntax highlighting), Terminal (standard bash shell), and Git (diff viewer with staging/committing). It can run on a cheap VPS and a fully functioning setup is provided (using cloud-init and simple bash scripts). This fits my preferred workflow where I stay in the loop: I review every diff, control git manually, and approve or reject changes before they go anywhere. Stack: Go WebSocket bridge, xterm.js frontend, Ubuntu sandbox container. Everything runs in Docker. Works with any CLI AI assistant, though I've only used it with Claude Code. Side project, provided as-is under MIT license. Run at your own risk. Feedback and MRs welcome. EDIT: Removed redundant text https://ift.tt/5FADkit March 16, 2026 at 12:40AM

Show HN: Lengpal – simple video chat for language exchange https://ift.tt/wmoic2x

Show HN: Lengpal – simple video chat for language exchange Hi HN, I built a small tool called Lengpal. It’s basically a very simple video chat room made for language exchange. Most people I know who do language exchanges just use Zoom, Meet, or Teams. It works, but those tools aren’t really designed for it. One thing that always comes up is managing the speaking time so both people get equal practice. So the only thing we focused on for now is a built-in timer that lets you split the session between languages. For example 30 minutes Spanish, 30 minutes English. The idea is intentionally simple. You create a room, send the link to your partner, and start the session. No matching, no complicated setup. We just launched today and are trying to see if this simple approach actually helps people doing exchanges. Website: https://lengpal.com We also launched on Product Hunt today if anyone is curious: https://ift.tt/hgf7VF6 Would love to hear what you think. https://ift.tt/mqsGJ5l March 15, 2026 at 11:29PM

Show HN: Sway, a board game benchmark for quantum computing https://ift.tt/N1mg8DL

Show HN: Sway, a board game benchmark for quantum computing A popular philosophy in the HN community is that inventing problems to be solved by a technology is antithetical to the user experience. Much to the horror of some, I did just that to discover/invent this game. I started with the structure of quantum com putation and asked what kind of problem benefits from it. The answer was surprisingly narrow, but this was one of the results. Enjoy! https://ift.tt/OipdlWG March 15, 2026 at 11:20PM

Show HN: GDSL – 800 line kernel: Lisp subset in 500, C subset in 1300 https://ift.tt/STsHxdF

Show HN: GDSL – 800 line kernel: Lisp subset in 500, C subset in 1300 https://firthemouse.github.io/ March 15, 2026 at 10:40PM

Show HN: Hacker News archive (47M+ items, 11.6GB) as Parquet, updated every 5m https://ift.tt/a8pYSOt

Show HN: Hacker News archive (47M+ items, 11.6GB) as Parquet, updated every 5m https://ift.tt/0MyWqQm March 15, 2026 at 12:12AM