frontpage.

Show HN: FISE – A rule-based, keyless semantic envelope for web/API data

https://demo.fise.dev/demo

2•anbkit•2mo ago

Hi HN,

I've been building a small open-source project called FISE, a rule-based "semantic envelope" for web/API data. It's not cryptography and it doesn't try to replace TLS/AES. The goal is to raise the cost of scraping and reverse-engineering client-visible data while keeping the hot path simple and fast (linear-time, parallelizable, works for JSON and media segments).

Key ideas:

- Keyless by design: no long-lived client-side decrypt keys. - Rules-as-code: offsets, length encoding, salt/meta layout, and optional transform are defined as per-app/per-session rules. - No protocol-level universal decoder: each deployment (and even each session/time bucket) can have its own rule family. - Temporal & distribution polymorphism: rotate rules per session/route/time so any decoded pipeline tends to be short-lived and non-reusable. - Simple local ops → emergent complexity: the core ops are just linear byte transforms, but the rule space and rotation make envelopes hard to generalize at scale. - Works for JSON and media (video segments) with framed/chunked mode, block-local decode, and parallel workers.

Threat model:

- In scope: automated scraping, bulk API harvesting, cheap cloning of curated datasets. - Out of scope: strong secrecy for secrets/PII (use TLS/AES/etc.), full client compromise, nation-state adversaries.

Engineering whitepaper (v1.0): - https://github.com/anbkit/fise/blob/main/docs/WHITEPAPER.md

Code: - https://github.com/anbkit/fise

Demo: - https://demo.fise.dev/demo

I'm a full-stack developer, not a cryptographer. FISE came out of working on real projects where API JSON data was exposed on the client side and could be easily scraped. I built it as a simple, rule-based layer to raise scraping cost, and I'm sharing it so others can review, critique, and improve it.

I'd love feedback on:

- The security model & threat boundaries (what did I miss?), - The "rules-as-code" design and the idea of temporal/distribution polymorphism, - Practical deployment concerns (CDN/normalization, mobile/TV/edge), - Any obvious pitfalls or prior art I should explicitly reference.

Thanks for taking a look.

Free Trial: AI Interviewer

FDA Intends to Take Action Against Non-FDA-Approved GLP-1 Drugs

Supernote e-ink devices for writing like paper

We are QA Engineers now

Show HN: Measuring how AI agent teams improve issue resolution on SWE-Verified

Adversarial Reasoning: Multiagent World Models for Closing the Simulation Gap

Show HN: Poddley.com – Follow people, not podcasts

Layoffs Surge 118% in January – The Highest Since 2009

Papyrus 114: Homer's Iliad

DicePit – Real-time multiplayer Knucklebones in the browser

Turn-Based Structural Triggers: Prompt-Free Backdoors in Multi-Turn LLMs

Show HN: AI Agent Tool That Keeps You in the Loop

Why Every R Package Wrapping External Tools Needs a Sitrep() Function

Achieving Ultra-Fast AI Chat Widgets

Show HN: Runtime Fence – Kill switch for AI agents

Researchers surprised by the brain benefits of cannabis usage in adults over 40

Peter Thiel warns the Antichrist, apocalypse linked to the 'end of modernity'

USS Preble Used Helios Laser to Zap Four Drones in Expanding Testing

Show HN: Animated beach scene, made with CSS

An update on unredacting select Epstein files – DBC12.pdf liberated

Was going to share my work

Pitchfork: A devilishly good process manager for developers

You Are Here

Why social apps need to become proactive, not reactive

How patient are AI scrapers, anyway? – Random Thoughts

Vouch: A contributor trust management system

I built a terminal monitoring app and custom firmware for a clock with Claude

Tiny C Compiler

Y Combinator Founder Organizes 'March for Billionaires'

Ask HN: Need feedback on the idea I'm working on