HackerTrans
TopNewTrendsCommentsPastAskShowJobs

thdxr

no profile record

Submissions

Neki – Sharded Postgres by the team behind Vitess

planetscale.com
251 points·by thdxr·11 months ago·42 comments

Show HN: OpenCode – TUI based coding agent

github.com
3 points·by thdxr·last year·0 comments

Cloudflare joins OpenNext

opennext.js.org
4 points·by thdxr·2 years ago·0 comments

Terminal.shop codebase is open source

github.com
5 points·by thdxr·2 years ago·1 comments

comments

thdxr
·last month·discuss
this is a 1 day old vibe coded experiment where i'm exploring some ideas
thdxr
·4 months ago·discuss
API support was never removed
thdxr
·4 months ago·discuss
this isn't true

it will use whatever small model there is in your provider

we had a fallback where we provided free small models if your provider did not have one (gpt nano)

some configs fell back to this unexpectedly which upset people so we removed it
thdxr
·5 months ago·discuss
we are going to implement this
thdxr
·6 months ago·discuss
the email they found was from a different repo and not monitored. this is ultimately our fault for not having a proper SECURITY.md on our main repository

the issue that was reported was fixed as soon as we heard about it - going through the process of learning about the CVE process, etc now and setting everything up correctly. we get 100s of issues reported to us daily across various mediums and we're figuring out how to manage this

i can't really say much beyond this is my own inexperience showing
thdxr
·6 months ago·discuss
hey maintainer here

we've done a poor job handling these security reports, usage has grown rapidly and we're overwhelmed with issues

we're meeting with some people this week to advise us on how to handle this better, get a bug bounty program funded and have some audits done
thdxr
·12 months ago·discuss
docs for that are here: https://opencode.ai/docs/models/#local
thdxr
·last year·discuss
curious why /clear instead of making a new session?

and nothing expires out from the session until you get near the context window max - at which point we do a compaction process
thdxr
·last year·discuss
we actually do heavily use prompt caching now
thdxr
·last year·discuss
it's implemented in the backend, will expose in frontend soon
thdxr
·last year·discuss
hey one of the authors here

we're a little over a month into development and have a lot on our roadmap

the cli is client/server model - the TUI is our initial focus but the goal is to build alternative frontends, mobile, web, desktop, etc

we think of our task as building a very good code review tool - you'll see more of that side in the following weeks

can answer any questions here
thdxr
·last year·discuss
author here - right now it's all the same prompts as claude code

but we're going to make all this very configurable next week
thdxr
·last year·discuss
author here

we're very focused on UX and less so on LLM performance. we use all the same system prompts/config as claude code

that said people do observe better performance because of out of the box LSP support - edit tools return errors and the LLM immediately fixes them
thdxr
·last year·discuss
what did i do to you!?
thdxr
·last year·discuss
this isn't official and is missing context flagged it
thdxr
·last year·discuss
i think the idea that no one wants it is off

even if the models do not get better there is so much demand even just b2b

we have all these problems we can fix but we are totally limited by availability

cloud providers are overwhelmed by the demand - you can see this in how stingy they are with rate limits and how they don't even talk to you unless you've already spent a lot with them
thdxr
·last year·discuss
build something popular then build a second thing that's as popular that's paid

it's pretty hard but that's what we did
thdxr
·2 years ago·discuss
yes this was the intent
thdxr
·2 years ago·discuss
thanks for writing this up! i have been looking at switching to PASETO instead of jwt

one thing though - the reason we use asymmetric encryption is to allow other clients to validate tokens without calling a central server

eg if you use AWS API Gateway they specifically have jwt authorization support where you can point them to a jwks url and it will validate requests

i need to look into the algorithm again - another constraint was trying to work across everywhere JS runs and i need to check if a better algorithm can be used that still works everywhere
thdxr
·2 years ago·discuss
we will add SAML adapters as well

but the flow between your apps and openauth will always be oauth