34 Dev Tools Just Dropped on Hacker News Worth Knowing

The GitHub Awesome channel just dropped their third Hacker News Show roundup, and it's 34 projects in under 15 minutes. That's aggressive curation—roughly 26 seconds per project—which means they're skipping the fluff and hitting what actually matters. I went through the whole thing to see what's worth your attention.

The AI Agent Infrastructure Wave is Here

The most obvious pattern across this batch: developers are building infrastructure for AI agents like it's 2015 and everyone just discovered microservices. Except this time, the coordination problems are weirder.

Take Lockpaw—it's a 3.4MB Mac app that exists to solve one hyper-specific problem: you lock your screen to grab coffee, and your long-running AI agent session dies. Lockpaw drops a black privacy screen and blocks input without triggering sleep, so your agents keep running. Touch ID brings it back. That's it. That's the whole app. And honestly? That's the kind of boring-but-essential tooling that separates people who actually use agents from people who talk about using agents.

Odyssey tackles the deployment side. Right now, if you want to run the same AI agent locally, in an SDK, and on a shared server, you're rewriting deployment logic three times. Odyssey is a Rust-based runtime that lets you define an agent once and run the same artifact everywhere, with OS-level sandboxing baked in. The pitch is "bundle-first," which feels like the agent equivalent of Docker containers—package once, run anywhere.

But the coordination tooling gets more interesting. WIT is a lightweight daemon that solves the merge conflict problem when multiple AI agents work the same codebase simultaneously. An agent locks a specific symbol before editing it, and any other agent trying to touch the same function gets a lock conflict warning. It's using a local SQLite database to track agent states, which is almost too simple—and that's probably why it'll work.

Anvil goes full IDE on the problem. It's a desktop app that organizes agents into an interactive grid, each running in an isolated git worktree. Multiple agents code simultaneously without stepping on each other. Then there's Orca from Stably AI, which puts everything on a spatial canvas with native terminal tracking and git status visible in one unified control plane. For anyone who's outgrown the scattered-terminal-tabs approach to multi-agent workflows, these are the tools being built to replace it.

The Database Performance Obsession Continues

Cloud databases are still slow, and people are still mad about it. Turbolite is a SQLite virtual file system written in Rust that serves queries directly from S3 buckets. ZSTD page-level compression and intelligent B-tree prefetching bring cold join queries under 250 milliseconds over the network. As the video puts it: "Local database performance, cloud storage scale. The gap between the two just got a lot smaller."

Then there's DuckDB-HNSW-ACORN, which fixes the two-step inefficiency of vector search with metadata filtering. Normally you find the nearest neighbors, then filter—meaning you're doing extra work on results you'll discard. This pushes the metadata filter directly into the HNSW graph traversal using the ACORN algorithm, so filtering happens during search instead of after. Faster queries, higher recall on filtered results.

PG Semantic takes a different approach to the same space. Adding semantic search to an existing Postgres database usually means schema changes or migrating data. PG Semantic skips that—you install it, point it at your database, pick a text column, and it syncs rows and generates embeddings in the background without touching your schema. Search gets exposed natively to AI agents as well.

The "Just Use Files" Rebellion

Foundry is a Go-based CMS that uses markdown files as the source of truth. No database. API-first architecture, clean admin UI, plugin system that extends both backend and frontend. Blogs, docs, landing pages—all driven by files you already own. For anyone who's overengineered a content site with a database it didn't need, this is the simpler path.

Similarly, Aerko is a fitness web app built entirely with vanilla JavaScript and native web components. No React, no node modules, no framework overhead. Runs completely offline. Stores health data locally encrypted with AES-GCM via IndexedDB. Fast, private, your data never touches a server. The video calls it "the most advanced fitness web app in history," which is a bold claim, but the engineering decisions are genuinely sound.

The Security Tooling Nobody Talks About

Git repos get scanned for secrets routinely. Docker image layers? Not so much. LayerLeak tears apart DockerHub image histories and metadata hunting for accidentally baked-in API keys and secrets. Completely agentless, no infrastructure required. If you're pushing images to DockerHub and haven't scanned the layers, this should be the next thing you run.

SentinelGate sits between your AI agent and your system as an MCP proxy firewall. It intercepts every tool call and evaluates it against role-based access control and CEL policies before anything executes. Dangerous commands get blocked instantly, full audit trail captures everything. Giving an agent terminal access without any layer of control is a risk most people are quietly accepting—this is the boring infrastructure that makes that risk manageable.

The Weird Stuff That Might Actually Matter

Outworked gives every Claude Code agent its own pixel art sprite sitting at a desk in an 8-bit office. You're the boss, they're the employees. Assign tasks, watch them walk around the screen, collaborate while they write your code. Completely unnecessary, deeply charming, and somehow makes waiting for an agent to finish feel more entertaining. I can't tell if this is brilliant UX design or just delightful nonsense, but I kind of want to try it.

QuickBEAM embeds a full JavaScript runtime directly inside the Erlang VM. Every Elixir stack eventually gets a Node.js process bolted on for JavaScript SSR, and it never feels clean. This fixes that—JS environments run as native gen_server processes inside your OTP supervision trees. Elixir spawns isolated runtimes, sends messages, sets memory limits for untrusted code. It's the kind of elegance that only matters if you're deep in the Elixir ecosystem, but if you are, this is significant.

xmloxide might be the wildest entry on the list. A developer used an autonomous AI agent to iteratively rebuild the entire libxml2 library in Rust, producing a memory-safe, high-performance XML parser with a C API that passes 100% of the W3C conformance tests. libxml2 going unmaintained left a critical gap in the XML parsing ecosystem, and this fills it—built by an AI agent, for humans who need to parse XML safely.

What This Batch Actually Tells Us

Thirty-four projects in one week's Show HN posts, and the through-line is clear: developers are building infrastructure for a world where AI agents are as common as microservices. Agent coordination, agent deployment, agent security, agent memory, agent monitoring—these are the problems people are solving right now, in public, on GitHub.

The database performance obsession hasn't gone anywhere, but it's shifting from "make queries faster" to "make cloud storage feel local" and "make semantic search not require rewriting your entire stack." The simplicity rebellion continues—markdown files instead of databases, vanilla JavaScript instead of React, files you own instead of platforms you rent.

And then there's the security tooling nobody talks about until something breaks. Docker layer scanning, AI agent firewalls, lock coordination for concurrent agents—the boring infrastructure that keeps the exciting stuff from exploding.

Some of these projects will be abandoned in six months. Some will become critical infrastructure. The interesting part is watching developers figure out which problems are worth solving before the rest of us even realize those problems exist.

— Tyler Nakamura, Consumer Tech & Gadgets Correspondent