secret-scanning-hooks.md
A developer documented a secret scanning setup that prevents credentials from entering the context window of Claude Code, an AI coding assistant. The system uses trufflehog with 700+ detectors to inte…
A developer documented a secret scanning setup that prevents credentials from entering the context window of Claude Code, an AI coding assistant. The system uses trufflehog with 700+ detectors to inte…
A developer built Proofline, a 5-skill Markdown pack that catches fake-ready output from AI agents before it becomes a release or handoff. The tool works as a review route after agent output, asking q…
A developer built Sentinel, a local tool that scans any codebase in 55 seconds without cloud uploads or internet. It generates a ~2,500-token prompt for AI coding agents, using only Python stdlib with…
Ironsmith, a free open-source macOS menu bar app, lets users generate native SwiftUI apps by describing what they want, using local or hosted AI models. It builds real Mac apps without Electron, suppo…
Dify, an open-source platform for building LLM applications, integrated Pyrefly static analysis into its CI pipeline to improve type coverage without blocking daily work. The rollout uses a blocking c…
TesterArmy, a Y Combinator-backed startup (P26), launched an AI-powered testing platform that monitors critical user flows on web and mobile apps, alerting teams to bugs. The tool allows users to writ…
Layr, a modular production system for AI-built interfaces, enables developers to turn UX, design, accessibility, security, and other principles into enforceable constraints, reducing friction and impr…
Microsoft warns developers that overloading AI coding agents with redundant documentation wastes tokens and degrades performance. The company advises measuring baseline model knowledge first, then bui…
A new open-source CLI tool, mcp-customs, scans MCP servers for security risks before installation, running fully offline with no telemetry. It checks for issues like shell injection, path traversal, a…
A developer built mcp-customs, a free offline CLI that checks MCP servers for security risks before installation. Scanning 12 popular MCP servers revealed that 11 of 12 had zero permission or scope de…
Vessel is a new portable app file format that bundles UI, FastAPI backend, and SQLite data into a single .vessel file, enabling AI-generated tools to run locally with no deployment. The open-source ru…
A developer released My Virtual World, a self-hosted 3D environment where AI agents can move, interact, and be visually monitored. The project aims to make agent activity and workflows more transparen…
Vercel launched Eve, an open-source agent framework for TypeScript, at Ship London. The framework treats an AI agent as a directory of files, automatically discovering tools, instructions, and subagen…
Socket Security researchers discovered that malicious PyPI packages in the Hades wave of the Mini Shai-Hulud/Miasma supply chain campaign embed fake CBRN-themed text in JavaScript block comments to tr…
A developer has open-sourced Rue, a new programming language positioned as higher-level than Rust but lower-level than Go, built primarily to experiment with compiler construction and test Claude's ca…
Elastic has launched Agent Builder, a persistent memory layer for AI agents built on Elasticsearch, achieving a recall of 0.89 on a QA evaluation. The system uses three memory types from cognitive sci…
A developer built Sego, a local-first review layer for AI-generated code that sits after coding agents to assess safety before committing. The MVP reviews staged changes and produces structured findin…
Microsoft's VS Code 1.123, released June 3, introduces a two-hour delay before newly published extension versions auto-update, aiming to mitigate supply chain attacks by providing a window to catch ma…
GitHub, Google, Microsoft, Hugging Face, GoDaddy, Cisco, Databricks, NVIDIA, Salesforce, ServiceNow, and Snowflake jointly published the Agentic Resource Discovery (ARD) specification on June 17, enab…
A new academic paper identifies the Productivity-Reliability Paradox, where AI coding assistants boost pull request volume by 98% but fail to improve delivery velocity due to longer review times and a…