Show HN: Pu.sh – a full coding-agent harness in 400 lines of shell https://ift.tt/MoVyWpG

Show HN: Pu.sh – a full coding-agent harness in 400 lines of shell I originally was just messing with pi-autoresearch. Gave it a sample task to build the most portable coding agent. First cut was 6 KB of shell. Great for one-shots, unusable interactively. I was shocked it actually worked. Started building up -- adding features — but with a self-imposed rule: no new dependencies, and sub 500 LOC. This thing had to be truly portable. Just sh, curl, awk. System primitives only. Which means I did some genuinely disgusting things in awk, including JSON parsing and the OpenAI Responses tool loop with reasoning items carried across turns. It's now ~400 lines. In the box: Anthropic + OpenAI, 7 tools (bash, read, write, edit, grep, find, ls), REPL, auto-compaction, checkpoint/resume, pipe mode, 90 no-API tests. Not in the box: TUI, streaming, images, OAuth, Windows, dignity. Two honest things: 1. I stole/modified the system prompt and the architecture. Pi/Claude/Codex wrote the awk. I cannot read most of this code. This wasn't possible for me a year ago. 2. Heavily inspired by Pi (pi.dev) — same 7-tool surface, same exact-text edit model. Credit where it's due. Pi is awesome -- you should probably use them. The agent loop itself is tiny. Almost everything else in a "real" agent CLI is DX and hardening. You can probably build your own harness exactly how you like it. Mario Zechner's AI Engineer talk on taking back control of your tools nudged me here. The name is because it's a .sh file. The other thing it sounds like is, regrettably, also accurate. https://pu.dev/ May 1, 2026 at 02:25AM

Show HN: Free no-signup site auditor – secrets, subdomain takeover, CVEs https://ift.tt/3bLrPQ0

Show HN: Free no-signup site auditor – secrets, subdomain takeover, CVEs https://ift.tt/hdOPoWc May 1, 2026 at 01:34AM

Show HN: Exploding Hamsters https://ift.tt/HumwgGp

Show HN: Exploding Hamsters https://ift.tt/6cxqH0P May 1, 2026 at 12:20AM

Show HN: An attempt to grow a mind – building software with an inner life https://ift.tt/usiOHYZ

Show HN: An attempt to grow a mind – building software with an inner life https://ift.tt/5D2Utrp April 30, 2026 at 01:27AM

Show HN: Generative UI Library for React https://ift.tt/rnQ65N9

Show HN: Generative UI Library for React https://ift.tt/N7nbaCV April 30, 2026 at 12:58AM

Show HN: Send your first Peppol e-invoice in 5 minutes (EU mandate live) https://ift.tt/r8WueRl

Show HN: Send your first Peppol e-invoice in 5 minutes (EU mandate live) https://getpeppr.dev/ April 29, 2026 at 11:06PM

Show HN: Drive any macOS app in the background without stealing the cursor https://ift.tt/Yp1Iwyh

Show HN: Drive any macOS app in the background without stealing the cursor Hi HN, Francesco from Cua here. I hacked this project together last weekend, inspired by the Codex Computer-Use release and lessons learned from deploying GUI-operating agents for our customers. The main problem: when a UI automation process controls a desktop app today, it usually takes over the human’s session. Your cursor moves, keyboard focus gets stolen, windows jump to the front, and you have to stop working until the agent is done. That is why we have historically avoided encouraging users to run these processes directly on their host machine, instead relying on VMs or GUI containers for concurrency and background execution. But computer-use - the tools we give agents to operate computers like humans - does not scale cleanly that way. As models get smarter, agents need to share hosts safely, run in the background, and avoid collisions with the human or other agents using the same machine. We realized macOS has no first-class API for "drive this app without touching the cursor". CGEventPost routes through the hardware input stream, so it moves your cursor. CGEvent.postToPid avoids the cursor warp, but Chromium treats those events as untrusted and silently drops clicks at the renderer boundary. Activating the target app first raises the window and pulls focus, defeating the point of background execution. Cua Driver is our attempt at a real fix: a background computer-use driver for macOS that lets an agent click, type, scroll, and read native apps while your cursor, frontmost app, and Space stay where they are. The default interface is a CLI, so it is easy to script or call from any coding agent shell. Try it on macOS 14+: /bin/bash -c "$(curl -fsSL https://ift.tt/ThAeNzy... )" The first internal use case was delegated demo recording. We ask Claude Code to drive an app while 'cua-driver recording start' captures the trajectory, screenshots, actions, and click markers. The result is an agent-generated product demo, Screen Studio inspired. Other things we have used it for: - Replacing Vercel’s agent-browser and other browser-use CLIs. With Claude Code and Cua Driver, you do not need Chrome DevTools Protocol at all. - A dev-loop QA agent that reproduces a visual bug, edits code, rebuilds, and verifies the UI while my editor stays frontmost. - Personal-assistant flows that use iMessage from Claude Code, Hermes, or other general-purpose agent CLIs. - Pulling visual context from Chrome, Figma, Preview, or YouTube windows I am not looking at, without relying on their APIs. What made this harder than expected: - CGEventPost warps the cursor because it goes through the HID stream. - CGEvent.postToPid does not warp the cursor, but Chromium drops it at the renderer IPC boundary. - Activating the target first raises the window and can drag you across Spaces. - Electron apps stop keeping useful AX trees alive when windows are occluded without a private remote-aware SPI. The unlock was SkyLight. SLEventPostToPid is a sibling of the public per-PID call, but it travels through a WindowServer channel Chromium accepts as trusted. Pair it with yabai’s focus-without-raise pattern, plus an off-screen primer click at (-1, -1), and the click lands without the window ever raising. One thing we learned: the right addressing mode depends on the app. Native macOS apps usually have rich AX trees, Chromium-family apps often need a hybrid of AX and screenshots, and apps like Blender or CAD tools may expose almost no useful AX surface. The mistake is defaulting to pixels everywhere - or defaulting to AX everywhere. Long technical writeup: https://ift.tt/SPXnfhr... I would like feedback from people building Mac automation, agent harnesses, or accessibility tooling. If it breaks on an macOS app you care about, that is useful data for us. https://ift.tt/uXf2Fsz April 28, 2026 at 09:33PM