← AI Hacker Daily

Edition

06

picks

Software is growing a second interface, and it isn't the one you click.

Software is growing a second interface, and it isn't the one you click. Two frontier labs shipped new brains today — GPT-5.6 (1,312 points) and Meta's Muse Spark 1.1 — and both drop as model launches per the usual rule, because the more durable story was one rung down: tool after tool shipping a machine-legible surface alongside the human one. Yesterday's edition asked which model should get the call; today's is about what the call can touch. Microsoft's Flint — footered here yesterday, top of Show HN today at 342 points — is the pattern in miniature: don't make the agent draw the chart, give it a language that compiles to one. FableCut does the same for video (the project file is the interface), Frigade does it to your own web app (its API traffic becomes an auto-generated MCP server), Context.dev does it to everyone else's websites (pages in, JSON schemas out). And once everything is callable, every call needs a bouncer: Kastra is the runtime policy engine for agent tool calls this newsletter has been watching for since deptrust's install-time hook on 07-03. Dropped as news, launches, or off-vertical: GPT-5.6, Muse Spark 1.1, the EU Chat Control vote, the 1,007-point word game, and the one-person train sim. Colibrì — the local-model wave's first real installable, and the pool's biggest product — is in the footer with an explanation.

01

Flint — the agent writes a chart spec, not a chart

Microsoft Research's intermediate visualization language, promoted from yesterday's footer after it topped Show HN today (342 points) — and because it turns out to be the cleanest statement of today's theme. The agent emits a compact, human-editable spec with semantic types (70+ of them — "this field is a percentage," "this is a timestamp"), and Flint's compiler derives the scales, axes, spacing, labels, and layout that models reliably botch when writing Vega-Lite or matplotlib by hand. One input compiles to native Vega-Lite, ECharts, or Chart.js specs — 30+ chart types — so you keep your existing rendering stack. MIT, 1.2k stars, created in May. `npx -y flint-chart-mcp` drops it into your agent as an MCP server; `npm install flint-chart` for the library. Reach for it the next time your agent's charts come out with overlapping labels and a legend covering the data. Delete the generate-render-squint-retry loop and the paragraph of your prompt that begs for sensible axis ticks. The design bet is the honest part: instead of claiming the model got better at charts, it concedes the model shouldn't be doing layout at all — the same concession compilers made about humans and assembly. Tradeoff: no quantitative reliability numbers anywhere in the docs — the "agents produce broken charts" problem is real but the "Flint fixes it" claim is qualitative, and you're adding an abstraction layer whose output you still have to eyeball.
github.com/microsoft/flint-chart

02

FableCut — a video editor where the project file is the interface

A browser-based non-linear video editor whose entire timeline is one JSON file, on the stated principle that "the project file is the interface." Three equivalent doors in: bundled zero-dependency MCP tools for Claude Desktop/Code (`fablecut_get_project`, `fablecut_patch_project`), a REST API, or just editing `project.json` directly — the UI live-reloads within ~150ms over server-sent events, so you watch the agent's cuts land in real time. Revision counters catch you and the agent editing simultaneously instead of silently clobbering. The feature set is not a toy: 4 video + 3 audio tracks, keyframes, speed ramps, chroma key, MediaPipe background removal, kinetic captions, and a reference-analysis mode that extracts cut points, BPM, and energy curves from a video you want to imitate. MIT, Node 18+, zero npm dependencies for the core server: `git clone`, `node server.js`, open localhost. Reach for it when you want an agent producing actual edited video — supercuts, captioned clips, beat-matched montages — without driving a GUI by screenshots or renting a hosted render API. Delete the pixel-clicking computer-use loop for video work; patching JSON is what models are good at. Tradeoff: this is the slate's fresh bet — created four days ago, 304 stars — and export means rendering in your browser or your own ffmpeg, Chromium only. The architecture reads sound; nobody has cut a feature film on it.
github.com/ronak-create/FableCut

03

Frigade — point an agent at your own app, get an MCP server back

A browser-based agent that runs inside your authenticated web app (on a demo or staging environment), watches how the app calls its own APIs, and turns those calls into agent tools — endpoints, auth, response schemas, and human-readable descriptions extracted automatically. The creators describe the result as "an auto-generated MCP server that self-updates as the host app changes," which addresses the part nobody budgets for: the maintenance after the hand-written wrapper drifts out of date. Execution is client-side — the tool calls run in the user's session and, per the team, never touch Frigade's servers. Live demos at demo.frigade.com (Jira, Spotify, Hacker News skins) let you try the loop before wiring it to anything of yours. Reach for it when your product needs agent tools and the honest roadmap answer is "we'll hand-write four endpoints this quarter." Delete the artisanal MCP wrapper that documents your API as it existed in March. Tradeoff: closed and hosted, no public pricing, 33 points — and the training step means letting a recording agent loose in an authenticated session, so staging isn't a suggestion. The client-side-execution claim is the team's own; verify it against your own network tab, which is at least a claim built to be checked.
frigade.com

04

Context.dev — everyone else's website as structured data, self-serve today

A YC S26 scraping API that consolidates the usual three vendors into one: URL to clean markdown or rendered HTML, structured extraction against a JSON schema (Zod schemas in the TypeScript SDK), sitemap crawling, screenshots, and a domain-to-brand-data endpoint. Flat pricing is the differentiator they lead with — JS rendering, anti-bot bypass, and premium proxies all included at 1 credit per page, no stealth surcharge. Self-serve today: 500 free credits on a work email, paid from $25/mo, SDKs in five languages. There is even an `auth.md` for agents to sign themselves up, which tells you who they think the customer is. Reach for it when your agent needs live web data and your Puppeteer-plus-residential-proxies contraption has become a second job. Delete that contraption, or the three separate scrape/extract/enrich vendors it grew into. Tradeoff: this is a crowded category — Firecrawl and friends already do the markdown half — so the bet is on the flat credit model and the brand-data angle, and it's a hosted dependency sitting in your agent's data path. "Anti-bot bypass included" also means it fetches pages from sites actively trying to stop exactly this; whether that's a feature or a liability depends on whose site it is.
www.context.dev

05

Kastra — the policy engine for agent tool calls, shipped

The watch-pattern this newsletter flagged on 07-03 — "block the agent's action unless a check passes, generalized" — now exists as a product. Kastra intercepts every prompt, tool call, shell command, and API request from Claude Code, Cursor, or Codex and evaluates it against deterministic policies before execution — under a millisecond per check, by their measurement. Policies are code: typed, versioned, reviewed in a pull request like everything else. Denied actions are blocked and logged, not politely discouraged. It runs as a local edge on the developer laptop with cloud, self-hosted, and air-gap deployment options; `brew install kastra-labs/tap/kastra-edge`, free tier for solo developers, roughly a minute to first policy. Reach for it when the security paragraph in your CLAUDE.md has grown to a page and you've noticed the agent doesn't always read it. Delete the prayer-based access control — this is the enforcement-beats-instruction pattern (deptrust's install hook, MakerChecker's deny-by-default roles) matured into a general gate. Tradeoff: closed source and freemium, 12 points, and the sub-millisecond figure is the vendor's own. There's a real irony in placing an unauditable binary in charge of auditing your agent — the self-hosted and air-gap options soften that, but a policy engine you can't read is itself a trust decision you're making.
kastra.ai

06

Off the thread but worth knowing: **Colibrì** (github.com/JustVugg/colibri, Apache-2.0) is the pool's biggest product today — 2,126 stars nine days after creation, 706 points on the front page — and the answer to a watch this newsletter set on 06-30: the local-model wave finally shipped an installable tool instead of another model launch. It runs GLM-5.2 — a 744B-parameter mixture-of-experts — on a 16GB-RAM machine by keeping the int4 dense layers resident (~9.9GB) and streaming the 21,504 routed experts off NVMe with an LRU cache. Not a llama.cpp wrapper: a single ~2,400-line C file with token-exact forward passes validated against reference implementations, and refreshingly honest numbers — community measurements run 0.07 to 1.06 tokens/second. At that speed it's an overnight-batch curiosity, not a daily driver, which is exactly why it didn't make the slate. But the ceiling just moved: a frontier-class open model, hummingbird rations, your hardware. When someone puts a job queue in front of it, that's a pick. Also passing through: **pgrust** (1.5k stars, AGPL-3.0, re-trended from our June 27 pool) — Postgres rewritten in Rust, now passing 100% of the regression tests; off-vertical for this newsletter, but you should know it exists.

One of these,
every weekday.

Free. Unsubscribe by replying with one word. No tracking pixels in the email.