Hacker News

Article URL: https://cheat.sh/latency

Comments URL: https://news.ycombinator.com/item?id=47189914

Points: 1

# Comments: 0

AGENTS.md (and CLAUDE.md, GEMINI.md, .cursorrules) has become the standard way to tell AI coding agents how your repo works. It's now in 60,000+ repos. Codex, Claude Code, and Gemini CLI read these files before every task.

The problem: nobody keeps them up to date.

Paths get renamed. npm scripts change. Framework patterns go stale. The file that was accurate when you wrote it in September starts giving your agents wrong instructions by December — without a single commit to AGENTS.md.

An ETH Zurich study presented at ICSE 2026 put numbers on this: stale context files reduced agent task success by 2–3% while increasing token costs by over 20%.

agents-lint is a zero-dependency CLI that catches this automatically:

npx agents-lint It runs five independent checks: 1. Filesystem — every path mentioned in your file is verified to exist 2. npm scripts — every `npm run ` is verified against package.json (workspace-aware) 3. Dependencies — deprecated packages (moment, request, tslint) are flagged 4. Framework staleness — Angular NgModules in Angular 14+, ReactDOM.render() in React 19, getInitialProps in Next.js App Router, CommonJS in ESM projects 5. Structure — recommended sections, bloat (>15k chars adds 20% token cost), unresolved TODOs, old year references

Every run produces a freshness score (0–100). The real value is adding it to CI with a weekly schedule — because context rot happens even when the file hasn't changed:

schedule: - cron: '0 9 * * 1' # Every Monday That weekly schedule is the whole point. Your AGENTS.md can rot without a single commit to it.

When multiple agent config files exist (AGENTS.md + CLAUDE.md, etc.), it also cross-checks them for conflicting instructions — e.g. one file says `npm run test`, the other says `npm run test:unit`.

What I found when testing on real repos: absolute home-directory paths that only work on the author's machine, monorepo commands copy-pasted into single-package projects, and framework references to APIs removed two major versions ago. All silently misleading agents on every task.

Landing page: https://giacomo.github.io/agents-lint/ npm: https://www.npmjs.com/package/agents-lint

Would love feedback — especially if you find unexpected issues in your own AGENTS.md.

Comments URL: https://news.ycombinator.com/item?id=47189911

Points: 1

# Comments: 1

Hi HN,

A while back I posted about recall MCP - https://news.ycombinator.com/item?id=45516584 Since then I updated a series of times and received quite a good amount of positive response. I decided to take it a step further and make it an actual product. It has been a super interesting journey.

I built Recall because I was spending 10+ minutes every Claude Code session re-explaining my project. Architecture, conventions, past decisions — all gone after a session restart or context compaction.

Recall is an MCP server that gives Claude Code persistent memory. It works by running four lifecycle hooks:

- session-start: fetches relevant memories and injects them as context - observe: captures key events (git commits, file changes, decisions) silently after Write/Edit/Task operations - pre-compact: saves critical state before Claude's context window gets summarised (this is the most valuable hook — compaction kills nuance) - session-end: records a session summary

Install as a native Claude Code plugin:

/plugin install recall@claude-plugins-official /recall:setup ← connects your API key The plugin bundles the MCP server config, all 4 hooks, and auto-updates itself in the background. Alternatively, hooks-only install is still available for those who prefer it:

curl -fsSL https://recallmcp.com/install-hooks | bash Hooks are pure bash + curl. No daemon, no npm packages, no background processes. Every hook exits 0 on errors so it never blocks Claude.

Memory is stored in Redis with semantic search via embeddings (Voyage AI, Cohere, OpenAI, or others). Each tenant gets isolated storage with AES-256-GCM encryption.

Some features that might be interesting to this audience:

1. Native Claude Code plugin — ships as a proper plugin installable with `/plugin install recall@claude-plugins-official`. Bundles MCP server config + all 4 hooks. Auto-updates in the background.

2. Webhook ingestion — route GitHub/Stripe/any webhook into a Claude session. Your AI becomes event-aware.

3. Self-hosted — `curl -fsSL https://install.recallmcp.com | bash` gives you a Docker Compose stack with Redis + Recall. $12/mo license, air-gapped compatible.

4. Team sharing — one Claude learns, all team Claudes know. Workspace-scoped with selective sharing.

Open source (MIT): https://github.com/joseairosa/recall Hosted: https://recallmcp.com (free tier: 500 memories)

Technical details: TypeScript, Express 5, Redis/Valkey adapters, Drizzle ORM for billing/teams on PostgreSQL, StreamableHTTP MCP transport. 16 consolidated MCP tools exposed.

Happy to discuss the architecture, MCP protocol integration, or the memory/embedding strategy.

Comments URL: https://news.ycombinator.com/item?id=47189906

Points: 1

# Comments: 0

Article URL: https://www.theatlantic.com/ideas/2026/02/anthropic-pentagon-ai/686172/

Comments URL: https://news.ycombinator.com/item?id=47189900

Points: 1

# Comments: 1

For those who remember dot com, any insight into how product pricing changes after a bubble starts to burst?

Trying to think through what it’ll cost to use those that remain standing before making them core to my business.

I’m in my mid-30s. Only thing close to this i remember is the shift of the darlings of the 2010s from growth to profitability. And more than anything I experienced that through less refunds. But that really only occurred after the winners had locked you in (Amazon, Google, DoorDash, etc) and growth ramped down. The dot com bubble burst before winners were crowned and I expect the wave of gen AI will be similar.

Comments URL: https://news.ycombinator.com/item?id=47189893

Points: 1

# Comments: 0

Article URL: https://openai.com/index/continuing-microsoft-partnership/

Comments URL: https://news.ycombinator.com/item?id=47189861

Points: 2

# Comments: 0

Article URL: https://www.reuters.com/business/openai-reaches-deal-deploy-ai-models-us-department-war-classified-network-2026-02-28/

Comments URL: https://news.ycombinator.com/item?id=47189853

Points: 5

# Comments: 2

Article URL: https://en.wikipedia.org/wiki/Simple_machine

Comments URL: https://news.ycombinator.com/item?id=47189838

Points: 1

# Comments: 0

Article URL: https://www.dailymail.co.uk/health/article-15598967/typhoid-fever-surging-drug-resistant-US-UK.html

Comments URL: https://news.ycombinator.com/item?id=47189837

Points: 1

# Comments: 0

Article URL: https://twitter.com/i/status/2027578652477821175

Comments URL: https://news.ycombinator.com/item?id=47189798

Points: 1

# Comments: 0

Article URL: https://pmc.ncbi.nlm.nih.gov/articles/PMC8930857/

Comments URL: https://news.ycombinator.com/item?id=47189780

Points: 2

# Comments: 0

Article URL: https://tattooforge.art

Comments URL: https://news.ycombinator.com/item?id=47189771

Points: 1

# Comments: 0

Article URL: https://twitter.com/sama/status/2027578580159631610

Comments URL: https://news.ycombinator.com/item?id=47189766

Points: 2

# Comments: 0

Article URL: https://defensescoop.com/2025/01/16/openais-gpt-4o-gets-green-light-for-top-secret-use-in-microsofts-azure-cloud/

Comments URL: https://news.ycombinator.com/item?id=47189756

Points: 2

# Comments: 1

Article URL: https://blog.timcappalli.me/p/passkeys-prf-warning/

Comments URL: https://news.ycombinator.com/item?id=47189749

Points: 4

# Comments: 0

Article URL: https://www.nytimes.com/2026/02/27/books/review/a-world-appears-michael-pollan.html

Comments URL: https://news.ycombinator.com/item?id=47189736

Points: 1

# Comments: 0

Article URL: https://twitter.com/jmailarchive/status/2027516806806835548

Comments URL: https://news.ycombinator.com/item?id=47189718

Points: 3

# Comments: 1

Article URL: https://www.sciencealert.com/ancient-killer-is-rapidly-gaining-resistance-to-antibiotics-scientists-warn

Comments URL: https://news.ycombinator.com/item?id=47189713

Points: 1

# Comments: 0

Article URL: https://www.youtube.com/watch?v=luulTI1RKHE

Comments URL: https://news.ycombinator.com/item?id=47189246

Points: 1

# Comments: 0

Hi HN,

I built AxKeyStore, an open-source CLI tool for managing secrets that uses your own private GitHub repository as encrypted storage.

The idea is simple: → All encryption happens locally. → Secrets are stored as encrypted blobs in your private repo. → GitHub is treated as untrusted storage. → No plaintext secrets ever leave your machine. → No plaintext secrets are stored on disk.

Most secret managers either require a hosted backend, a self-hosted server, or trusting a SaaS provider. I wanted something that: → Requires zero infrastructure → Uses tooling developers already have → Keeps the threat model simple

AxKeyStore uses a layered approach to security: → Secrets are encrypted with a Remote Master Key (RMK). → The RMK is encrypted with your master password and stored in the repo. → A Local Master Key (LMK) encrypts your local GitHub token and repo config. → The LMK itself is encrypted using Argon2id-derived keys from your master password. → Encryption uses XChaCha20-Poly1305 (AEAD).

GitHub only sees encrypted binary blobs. Even if someone compromises your repository, they still need your master password to decrypt anything.

Why GitHub? Because it gives: → Private repositories → Version history (commit log as audit trail) → Access control → Free storage → Global availability

Instead of building a backend, I’m leveraging an existing, reliable system - but cryptographically isolating it.

Features → Simple CLI workflow → Hierarchical categories (e.g., cloud/aws/prod) → Version history per secret (via commits) → Retrieve specific versions by SHA → Multi-profile support (separate vaults) → Transactional master password reset → Secure random secret generation

Tech → Written in Rust. Uses tokio, clap, argon2, and chacha20poly1305. → There are unit and integration tests (including mocked GitHub API interactions). → Open source - MIT licensed.

I’d appreciate feedback on: → The threat model - what am I missing? → Whether GitHub as encrypted blob storage is a bad assumption → UX improvements for CLI-based secret workflows → Any crypto or key-handling concerns

I’m especially interested in critique from people who’ve built or audited secret management systems.

Thanks.

Comments URL: https://news.ycombinator.com/item?id=47189172

Points: 1

# Comments: 0