惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
WordPress大学
WordPress大学
N
Netflix TechBlog - Medium
宝玉的分享
宝玉的分享
V
Visual Studio Blog
S
Securelist
P
Palo Alto Networks Blog
A
Arctic Wolf
T
Tor Project blog
P
Proofpoint News Feed
I
InfoQ
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
G
GRAHAM CLULEY
M
MIT News - Artificial intelligence
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Security Blog
Microsoft Security Blog
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Apple Machine Learning Research
Apple Machine Learning Research
S
Secure Thoughts
Cyberwarzone
Cyberwarzone
Blog — PlanetScale
Blog — PlanetScale
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 【当耐特】
大猫的无限游戏
大猫的无限游戏
腾讯CDC
Latest news
Latest news
Project Zero
Project Zero
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
S
SegmentFault 最新的问题
Schneier on Security
Schneier on Security
C
CERT Recently Published Vulnerability Notes
W
WeLiveSecurity
罗磊的独立博客
Stack Overflow Blog
Stack Overflow Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 热门话题
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
C
Cisco Blogs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
爱范儿
爱范儿
T
The Exploit Database - CXSecurity.com
The Last Watchdog
The Last Watchdog
人人都是产品经理
人人都是产品经理
GbyAI
GbyAI
Know Your Adversary
Know Your Adversary
U
Unit 42

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - 0gsd/enough: a personal language system for planning, writing, and translation. GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
GitHub - dipankar/dscode: The code editor you can take apart.
ticktockten · 2026-05-20 · via Show HN

The code editor you can take apart. A familiar VS Code experience on top of a Rust core that ships as libraries — swap the editor, replace the terminal, or embed the whole session in your own app.

License: MIT CI Rust Tauri Svelte

Ecosystem

crates.io: dscode-core crates.io: dscode-lsp crates.io: dscode-dap crates.io: dscode-extension-host crates.io: dscode-terminal crates.io: dscode-session npm: @dscode/monaco-wasm npm: dscode-extension-host PyPI: dscode-core


Built for two audiences

If you want to… DSCode gives you
Edit code, fast A VS Code-like desktop app with sub-second startup and ~60% less memory
Keep your existing extensions A full Node.js extension host with the vscode.* API, sandboxed by default
Build your own tool on top Six Rust crates — text buffer, LSP, DAP, terminal, extension host, session — that compose any way you like
Run an editor headlessly The same session, workspace, and extension layer with no UI attached

For users: a familiar editor that doesn't cost you a gigabyte of RAM

  • Sub-second startup. Native Rust binary, no Electron boot.
  • ~60% less memory than VS Code on the same workspace.
  • Your extensions still work. ESLint, Prettier, GitLens, Python — they run unchanged on the bundled Node.js host.
  • Secure by default. Every extension starts with zero permissions, isolated by an OS-native sandbox (macOS sandbox-exec, Linux bubblewrap, Windows Job Objects).
  • Familiar UI. Monaco editor, xterm.js terminal, VS Code theme compatibility, ARIA-correct components.
  • Cross-platform. macOS, Linux, and Windows.

Download a prebuilt release from the Releases page, or build from source — see Quickstart.


For developers: an IDE that ships as a kit, not a black box

Every subsystem is a separate crate with a clean API. cargo add what you need, ignore the rest. The desktop app itself is just one composition of these crates — yours can be different.

[dependencies]
dscode-core           = "0.3"   # rope text buffer, app directories
dscode-lsp            = "0.3"   # LSP client, manager, pool
dscode-dap            = "0.3"   # Debug Adapter Protocol
dscode-terminal       = "0.3"   # PTY lifecycle, event sender trait
dscode-extension-host = "0.3"   # sandbox, IPC, permissions, rate limiter
dscode-session        = "0.3"   # workspace, configuration, lifecycle

Beyond Rust: npm i @dscode/monaco-wasm, pip install dscode-core.

use dscode_core::{TextBuffer, AppDirectories};

let buffer = TextBuffer::new("Hello, world!");
println!("{} chars", buffer.len_chars());

let dirs = AppDirectories::resolve(None);
println!("Config dir: {:?}", dirs.config_dir);
use dscode_lsp::{LspManager, LspServerPool, LspServerStrategy};

let pool = LspServerPool::new(LspServerStrategy::OnePerLanguage);
let manager = LspManager::new(pool);
manager.register_server("rust", "rust-analyzer", vec!["--stdio".into()]);

Each crate has optional Tauri integration via a feature flag, so the same crate works in a desktop app or a headless CI runner:

dscode-terminal = { version = "0.3", features = ["tauri"] }

See the Library Guide for the full tour.

The crates

Crate What it gives you Install
dscode-core Rope-based TextBuffer, AppDirectories, CoreError cargo add dscode-core
dscode-lsp LSP client, manager, connection pool cargo add dscode-lsp
dscode-dap Debug Adapter Protocol client, manager, pool cargo add dscode-dap
dscode-extension-host Host manager, IPC, sandbox, permissions, rate limiter, secrets cargo add dscode-extension-host
dscode-terminal Terminal manager, PTY lifecycle, TerminalEventSender trait cargo add dscode-terminal
dscode-session Session manager, extension lifecycle, workspace, configuration cargo add dscode-session

For hackers: replace anything

Subsystem Default Swap for
Editor Monaco (via monaco-wasm) A WebGL renderer, a Vim core, or a plain textarea
Extension host Node.js + NNG IPC A Wasm runtime, a Lua engine, or nothing at all
Terminal xterm.js + portable-pty Alacritty, your own ANSI parser, or a remote SSH session
UI framework Svelte 4 React, Solid, Vue, or raw DOM
Session state dscode-session with Tauri The same crate without Tauri, for headless CI
Text storage ropey (dscode-core::TextBuffer) A gap buffer, a piece table, or a CRDT
LSP client dscode-lsp::LspManager Direct LspClient use, or a custom protocol handler

Recipes

  • Headless CI runner — use dscode-session without the tauri feature to scan workspaces, run extensions, and emit diagnostics as JSON.
  • Custom terminal UI — implement TerminalEventSender from dscode-terminal and forward PTY output to a websocket, a log file, or your own renderer.
  • Embed in your own Tauri app — pull in dscode-session with the tauri feature and you have the full IDE session inside your application.
  • Write a different LSP clientdscode-lsp exposes LspClient directly if you'd rather build a bespoke manager.
  • Build a live theme editor — combine dscode-core::AppDirectories with the CSS-custom-property theme layer to preview themes in real time.

Code examples for each are in docs/library-guide.md.


Design principles

  1. Everything is a library. The application is a thin composition layer; the real value is in the crates.
  2. APIs over implementations. We standardise on interfaces (TerminalEventSender, LspClient, TextBuffer) so you can swap implementations without touching the rest of the system.
  3. VS Code compatibility is a feature, not a constraint. We support VS Code extensions because they're useful — but their limitations don't dictate our architecture.
  4. Security by default. Extensions can't read your SSH keys by accident. Deny-by-default sandboxing is non-negotiable.
  5. Performance is table stakes. Sub-second startup and low memory aren't traded for convenience.

Architecture

┌──────────────────────────────────────────────────────────────┐
│             Tauri Window (WebKit/Chromium)                   │
│  ┌────────────────────────────────────────────────────────┐  │
│  │   Frontend (Svelte 4 + TypeScript)                     │  │
│  │   - Monaco Editor                                      │  │
│  │   - Svelte Components (38 components)                  │  │
│  │   - CSS Custom Properties (VS Code theme compat)       │  │
│  │   - ARIA accessibility, focus traps                    │  │
│  └──────────────────────┬─────────────────────────────────┘  │
│                         │ Tauri IPC (invoke/emit)             │
│  ┌──────────────────────▼─────────────────────────────────┐  │
│  │   Rust Binary (src-tauri)                              │  │
│  │   - SessionManager (central coordinator)               │  │
│  │   - Tauri Command Handlers (45 modules)                │  │
│  │   - Bootstrap, Logging, Monitoring, File Watcher       │  │
│  └──────────┬─────────────────────────────────────────────┘  │
└─────────────┼────────────────────────────────────────────────┘
              │ depends on
┌─────────────▼────────────────────────────────────────────────┐
│  Cargo Workspace Library Crates                              │
│  ┌──────────────┐ ┌──────────────┐ ┌──────────────────────┐  │
│  │ dscode-core  │ │  dscode-lsp  │ │    dscode-dap        │  │
│  │ TextBuffer   │ │  LspClient   │ │    DebugAdapter      │  │
│  │ AppDirs      │ │  LspManager  │ │    DebugManager      │  │
│  │ CoreError    │ │  LspPool     │ │    DapPool           │  │
│  └──────────────┘ └──────────────┘ └──────────────────────┘  │
│  ┌──────────────────────┐ ┌──────────────┐                   │
│  │ dscode-extension-host│ │ dscode-term  │                   │
│  │ HostManager          │ │ TermManager  │                   │
│  │ IPC + Sandbox        │ │ PTY          │                   │
│  │ Permissions + Rate   │ │ EventSender  │                   │
│  │ Secrets + Validator  │ │ TermError    │                   │
│  └──────────────────────┘ └──────────────┘                   │
│  ┌──────────────────────────────────────────────────────────┐│
│  │ dscode-session                                           ││
│  │ ConfigStore, ExtensionLifecycle, Workspace, Documents,   ││
│  │ Contributions, EventEmitter, SessionState                ││
│  └──────────────────────────────────────────────────────────┘│
└──────────────────────────────────────────────────────────────┘
              │ NNG IPC (nanomsg, serde_json)
   ┌──────────┴────────────┬─────────────┐
   │                       │             │
 ┌─▼─────────┐     ┌──────▼────┐  ┌────▼────┐
 │ Extension │     │    LSP    │  │  Debug  │
 │   Host    │     │  Server   │  │   DAP   │
 │ (Node.js) │     │           │  │  Server │
 └───────────┘     └───────────┘  └─────────┘

Stack at a glance

Frontend — Svelte 4, Monaco Editor, xterm.js, lucide-svelte, CSS custom properties for VS Code theme compatibility.

Backend (Rust) — Tauri 2.1, Tauri Commands + NNG for out-of-process IPC, ropey text buffers, tree-sitter parsing, tower-lsp, git2, portable-pty, tracing, thiserror, ripgrep-based search.

Extension runtime — a real Node.js process, NNG REQ/REP IPC with worker threads, full vscode.* API surface, OS-keyring-backed SecretStorage, deny-by-default sandbox.


Quickstart

Prerequisites

  • Rust 1.75+ with cargo
  • Node.js 20+ and npm
  • Platform-specific dependencies:
    • Linux: libwebkit2gtk-4.1-dev, libssl-dev, libgtk-3-dev, librsvg2-dev, patchelf
    • macOS: Xcode Command Line Tools
    • Windows: Microsoft Visual C++ Build Tools

Build and run

git clone https://github.com/dipankar/dscode.git
cd dscode
npm install

npm run tauri:dev        # development with hot reload
npm run tauri:build      # production bundle

Production artefacts land in:

  • macOS: src-tauri/target/release/bundle/macos/DSCode.app
  • Linux: src-tauri/target/release/bundle/deb/dscode_*_amd64.deb
  • Windows: src-tauri/target/release/bundle/msi/DSCode_*_x64.msi

Test and lint

cargo test --workspace                       # all crate tests
cargo test -p dscode-core                    # one crate
cargo clippy --workspace -- -D warnings      # lint

Project layout

dscode/
├── Cargo.toml                # workspace root
├── crates/
│   ├── dscode-core/          # TextBuffer, AppDirectories
│   ├── dscode-lsp/           # LSP client, manager, pool
│   ├── dscode-dap/           # Debug Adapter Protocol
│   ├── dscode-extension-host/# Extension host management
│   ├── dscode-terminal/      # Terminal manager
│   └── dscode-session/       # Session management
├── src-tauri/                # Tauri binary (the default app)
│   └── src/
│       ├── main.rs
│       ├── bootstrap.rs
│       ├── session/          # SessionManager + IPC
│       └── commands/         # 45 Tauri command modules
├── monaco-wasm/              # Monaco WASM bindings
├── extension-host/           # Node.js extension runtime
├── src/                      # Svelte frontend (38 components)
├── packages/                 # npm and pypi bindings
└── docs/                     # Documentation

Extension compatibility

DSCode's extension host isn't a compatibility shim — it's a full Node.js runtime speaking the same IPC protocol as VS Code. Extensions are first-class citizens, but they're also sandboxed and observable.

Extension type Compatibility Notes
Pure JavaScript / TypeScript Full ESLint, Prettier, GitLens, etc.
Native Node modules Full Python extension, C/C++ tools
Language providers Full 18+ provider types via IPC
Webview extensions Partial Tauri webview API
Electron API users Partial Shim layer for common APIs
Proprietary (Microsoft) Reimplement Copilot, IntelliCode

Language providers supported with full two-way IPC: Hover, Completion, Diagnostics, SignatureHelp, Rename, CodeLens, CodeActions, Formatting, DocumentHighlights, FoldingRanges, SemanticTokens, DocumentSymbols, WorkspaceSymbols, Definitions, References, DocumentLinks, ColorPresentations, InlineCompletions.

Extras DSCode adds on top of the VS Code API:

  • Sandbox declarations — extensions declare filesystem, network, and shell permissions in package.json. Denied by default.
  • Rate limiting — built-in per-extension quota.
  • OS keyring accessvscode.SecretStorage is backed by the OS-native keyring.
  • Hot reload — extensions reload without restarting the editor.

Security

  • Deny-by-default sandbox — extensions start with no permissions.
  • Platform sandboxes — macOS sandbox-exec, Linux bubblewrap, Windows Job Objects.
  • Path validation — all filesystem access is checked against the workspace allowlist.
  • VSIX hardening — Zip-Slip prevention, SHA256 hash check, package.json cross-validation.
  • OS keyring — extension secrets are stored via the OS-native keyring.
  • Crash recovery — extension host restarts with exponential backoff (max 3 attempts).
  • Stale IPC cleanup — orphaned socket files and pending requests are reaped automatically.
  • Node.js verification — bundled Node binary is hash-verified on startup.

See SECURITY.md for the disclosure process.


Documentation


Contributing

DSCode is a community project. Contributions are welcome — whether you're fixing a bug, adding a feature, or replacing an entire subsystem.

Adding a new crate

  1. Create crates/my-crate/ with a Cargo.toml that inherits [workspace.package].
  2. Add "crates/my-crate" to [workspace].members in the root Cargo.toml.
  3. Write a README.md with badges, install instructions, and a usage example.
  4. Add an examples/ directory with at least one runnable example.
  5. Open a PR. CI checks formatting, clippy, tests, docs, and cargo publish --dry-run.

Replacing a subsystem

  1. Open an issue describing your use case.
  2. We'll help you identify the minimal API surface to implement.
  3. Submit a PR. Hackability beats backwards compatibility in pre-1.0 releases.

Full guidelines in CONTRIBUTING.md.


License

MIT