frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

DoNotNotify is now Open Source

https://donotnotify.com/opensource.html
157•awaaz•3h ago•24 comments

Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

https://github.com/localgpt-app/localgpt
237•yi_wang•9h ago•112 comments

Reverse Engineering Raiders of the Lost Ark for the Atari 2600

https://github.com/joshuanwalker/Raiders2600
12•pacod•1h ago•1 comments

Matchlock: Linux-based sandboxing for AI agents

https://github.com/jingkaihe/matchlock
23•jingkai_he•3h ago•1 comments

Haskell for all: Beyond agentic coding

https://haskellforall.com/2026/02/beyond-agentic-coding
133•RebelPotato•9h ago•39 comments

SectorC: A C Compiler in 512 bytes (2023)

https://xorvoid.com/sectorc.html
316•valyala•17h ago•61 comments

Modern and Antique Technologies Reveal a Dynamic Cosmos

https://www.quantamagazine.org/how-modern-and-antique-technologies-reveal-a-dynamic-cosmos-20260202/
9•sohkamyung•5d ago•0 comments

LLMs as the new high level language

https://federicopereiro.com/llm-high/
132•swah•5d ago•227 comments

The Architecture of Open Source Applications (Volume 1) Berkeley DB

https://aosabook.org/en/v1/bdb.html
42•grep_it•5d ago•6 comments

Software factories and the agentic moment

https://factory.strongdm.ai/
235•mellosouls•20h ago•396 comments

Speed up responses with fast mode

https://code.claude.com/docs/en/fast-mode
195•surprisetalk•16h ago•198 comments

LineageOS 23.2

https://lineageos.org/Changelog-31/
72•pentagrama•5h ago•14 comments

Stories from 25 Years of Software Development

https://susam.net/twenty-five-years-of-computing.html
208•vinhnx•20h ago•23 comments

Hoot: Scheme on WebAssembly

https://www.spritely.institute/hoot/
196•AlexeyBrin•22h ago•36 comments

uLauncher

https://github.com/jrpie/launcher
36•dtj1123•4d ago•8 comments

In the Australian outback, we're listening for nuclear tests

https://www.abc.net.au/news/2026-02-08/australian-outback-nuclear-tests-listening-warramunga-faci...
12•defrost•1h ago•1 comments

Brookhaven Lab's RHIC concludes 25-year run with final collisions

https://www.hpcwire.com/off-the-wire/brookhaven-labs-rhic-concludes-25-year-run-with-final-collis...
83•gnufx•16h ago•66 comments

Vocal Guide – belt sing without killing yourself

https://jesperordrup.github.io/vocal-guide/
373•jesperordrup•1d ago•111 comments

Wood Gas Vehicles: Firewood in the Fuel Tank (2010)

https://solar.lowtechmagazine.com/2010/01/wood-gas-vehicles-firewood-in-the-fuel-tank/
56•Rygian•3d ago•24 comments

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

https://github.com/Momciloo/fun-with-clip-path
111•momciloo•17h ago•24 comments

First Proof

https://arxiv.org/abs/2602.05192
154•samasblack•19h ago•94 comments

Rabbit Ear "Origami": programmable origami in the browser (JS)

https://rabbitear.org/book/origami.html
4•molszanski•3d ago•2 comments

Substack confirms data breach affects users’ email addresses and phone numbers

https://techcrunch.com/2026/02/05/substack-confirms-data-breach-affecting-email-addresses-and-pho...
68•witnessme•6h ago•30 comments

Start all of your commands with a comma (2009)

https://rhodesmill.org/brandon/2009/commands-with-comma/
617•theblazehen•3d ago•222 comments

Al Lowe on model trains, funny deaths and working with Disney

https://spillhistorie.no/2026/02/06/interview-with-sierra-veteran-al-lowe/
114•thelok•19h ago•25 comments

The AI boom is causing shortages everywhere else

https://www.washingtonpost.com/technology/2026/02/07/ai-spending-economy-shortages/
353•1vuio0pswjnm7•23h ago•585 comments

Where did all the starships go?

https://www.datawrapper.de/blog/science-fiction-decline
190•speckx•4d ago•281 comments

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

https://openciv3.org/
928•klaussilveira•1d ago•282 comments

LLMs as Language Compilers: Lessons from Fortran for the Future of Coding

https://cyber-omelette.com/posts/the-abstraction-rises.html
13•birdculture•2h ago•2 comments

Show HN: A luma dependent chroma compression algorithm (image compression)

https://www.bitsnbites.eu/a-spatial-domain-variable-block-size-luma-dependent-chroma-compression-...
49•mbitsnbites•3d ago•7 comments
Open in hackernews

Show HN: Autofix Bot – Hybrid static analysis and AI code review agent

37•sanketsaurav•1mo ago
Hi there, HN! We’re Jai and Sanket from DeepSource (YC W20), and today we’re launching Autofix Bot, a hybrid static analysis + AI agent purpose-built for in-the-loop use with AI coding agents.

AI coding agents have made code generation nearly free, and they’ve shifted the bottleneck to code review. Static-only analysis with a fixed set of checkers isn’t enough. LLM-only review has several limitations: non-deterministic across runs, low recall on security issues, expensive at scale, and a tendency to get ‘distracted’.

We spent the last 6 years building a deterministic, static-analysis-only code review product. Earlier this year, we started thinking about this problem from the ground up and realized that static analysis solves key blind spots of LLM-only reviews. Over the past six months, we built a new ‘hybrid’ agent loop that uses static analysis and frontier AI agents together to outperform both static-only and LLM-only tools in finding and fixing code quality and security issues. Today, we’re opening it up publicly.

Here’s how the hybrid architecture works:

- Static pass: 5,000+ deterministic checkers (code quality, security, performance) establish a high-precision baseline. A sub-agent suppresses context-specific false positives.

- AI review: The agent reviews code with static findings as anchors. Has access to AST, data-flow graphs, control-flow, import graphs as tools, not just grep and usual shell commands.

- Remediation: Sub-agents generate fixes. Static harness validates all edits before emitting a clean git patch.

Static solves key LLM problems: non-determinism across runs, low recall on security issues (LLMs get distracted by style), and cost (static narrowing reduces prompt size and tool calls).

On the OpenSSF CVE Benchmark [1] (200+ real JS/TS vulnerabilities), we hit 81.2% accuracy and 80.0% F1; vs Cursor Bugbot (74.5% accuracy, 77.42% F1), Claude Code (71.5% accuracy, 62.99% F1), CodeRabbit (59.4% accuracy, 36.19% F1), and Semgrep CE (56.9% accuracy, 38.26% F1). On secrets detection, 92.8% F1; vs Gitleaks (75.6%), detect-secrets (64.1%), and TruffleHog (41.2%). We use our open-source classification model for this. [2]

Full methodology and how we evaluated each tool: https://autofix.bot/benchmarks

You can use Autofix Bot interactively on any repository using our TUI, as a plugin in Claude Code, or with our MCP on any compatible AI client (like OpenAI Codex).[3] We’re specifically building for AI coding agent-first workflows, so you can ask your agent to run Autofix Bot on every checkpoint autonomously.

Give us a shot today: https://autofix.bot. We’d love to hear any feedback!

---

[1] https://github.com/ossf-cve-benchmark/ossf-cve-benchmark

[2] https://huggingface.co/deepsource/Narada-3.2-3B-v1

[3] https://autofix.bot/manual/#terminal-ui

Comments

nickphx•1mo ago
"shifted bottleneck to code review"... understatement of decade.
_pdp_•1mo ago
What is the difference between this and let's say Claude Code using something like semgrep as a tool?

Also I don't think this tool should be in the developer flow as in my experience it is unlikely to run it on the regular. It should be something that is done as part of the QA process before PR acceptance.

I hope this helps and good luck.

dolftax•1mo ago
On the OpenSSF CVE Benchmark[1], Semgrep CE hits 56.97% accuracy vs our 81.21%, and nearly 3x higher recall (75.61% vs 26.83%).

On when to run it, fair point. Autofix Bot is currently meant for local use (TUI, Claude Code plugin, MCP). We're integrating this pipeline into DeepSource[2], which will have inline comments in pull requests, that fits the QA/pre-merge flow you're describing.

That said, if you're using AI agents to write code, running it at checkpoints locally keeps feedback tight.

Thanks for the feedback!

[1] https://github.com/ossf-cve-benchmark/ossf-cve-benchmark

[2] https://deepsource.com/

tarun_anand•1mo ago
Congratulations!! Anchoring is important. What about other parts of the code review like coding guidelines, perf issues etc?
dolftax•1mo ago
We flag performance issues today alongside security and code quality. We're working on respecting AGENTS.md, detecting code complexity (AI generated code tends toward verbose, tangled logic), and letting users/teams define custom coding guidelines.
tarun_anand•1mo ago
The AI tools already have a rules engine for coding guidelines etc.

I guess the real question is can Deepsource be the "judge" of whether the guidelines were followed, NFR will be met by humans and AI alike

ramon156•1mo ago
How does this compare to gemini-code-assist? Rn its one of the best imo
sanketsaurav•1mo ago
We haven't included Gemini Code Assist or Gemini CLI's code review mode in our benchmarks[1] (we should do that), but functionally, it'll do the same thing as any other AI reviewer. Our differentiator is that since we're using static analysis for grounding, you'll see more issues with lower false positives.

We also do secrets detection out of the box, and OSS scanning is coming soon.

[1] https://autofix.bot/benchmarks/

yoelhacks•1mo ago
$8/100k tokens strikes me as potentially a TON if the idea is that we're going to be running this as part of the iterative local development cycle (or god forbid letting agents run it whenever they decide). As you mentioned, one of the issues with AI generated code is often that it writes too much and needs direction on shrinking down.

I could easily see hitting 10k+ LOC on routine tickets if this is being run on each checkpoint. I have some tickets that require moving some files around, am I being charged on LOC for those files? Deleted files? Newly created test files that have 1k+ lines?

sanketsaurav•1mo ago
> $8/100k tokens strikes me as potentially a TON

It's $8/100K lines of code. Since we're using a mix of models across our main agent and sub-agents, this normalizes our cost.

> I could easily see hitting 10k+ LOC on routine tickets if this is being run on each checkpoint. I have some tickets that require moving some files around, am I being charged on LOC for those files? Deleted files? Newly created test files that have 1k+ lines?

We basically look at the files changed that need to be reviewed + the additional context that is required to make a decision for the review (which is cached internally, so you'd not be double-charged).

That said, we're of course open to revising the pricing based on feedback. But if it's helpful, when we ran the benchmarks on 165 pull requests [1], the cost was as follows:

- Autofix Bot: $21.24 - Claude Code: $48.86 - Cursor Bugbot: $40/mo (with a limit of 200 PRs per month)

We have several optimization ideas in mind, and we expect pricing to become more affordable in the future.

[1] https://github.com/ossf-cve-benchmark/ossf-cve-benchmark

yoelhacks•1mo ago
Ah sorry, you were very clear on the pricing page and I meant 100k LoC, not tokens.

In your explanation here, you mention running it per PR - does this mean running it once? Several times?

dlahoda•1mo ago
we use rust, sql, typescript. how statically covered these?
dolftax•1mo ago
All three covered — TypeScript, Rust, and SQL[1].

[1] https://deepsource.com/directory