惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
LINUX DO - 热门话题
S
Secure Thoughts
TaoSecurity Blog
TaoSecurity Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threat Research - Cisco Blogs
AI
AI
B
Blog RSS Feed
S
Schneier on Security
雷峰网
雷峰网
Schneier on Security
Schneier on Security
Help Net Security
Help Net Security
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
罗磊的独立博客
有赞技术团队
有赞技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
The Cloudflare Blog
Webroot Blog
Webroot Blog
Last Week in AI
Last Week in AI
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
美团技术团队
L
Lohrmann on Cybersecurity
T
The Blog of Author Tim Ferriss
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Vercel News
Vercel News
Know Your Adversary
Know Your Adversary
O
OpenAI News
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cybersecurity and Infrastructure Security Agency CISA
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
PCI Perspectives
PCI Perspectives
H
Heimdal Security Blog
I
InfoQ
GbyAI
GbyAI
T
Threatpost
C
Cisco Blogs

Hacker News

Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Retrofitting JIT Compilers into C Interpreters IPv6 – Google The Accursèd Alphabetical Clock Cybersecurity Looks Like Proof of Work Now Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent When moving fast, talking is the first thing to break Too much Discussion of the XOR swap trick – Heather Cafe Introduction to Spherical Harmonics for Graphics Programmers The Grand Line Building a Z-Machine in the worst possible language High-Level Rust: Getting 80% of the Benefits with 20% of the Pain GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The air throughout our homes is infused with microplastics. But there are things you can do to breathe less of them The disturbing white paper Red Hat is trying to erase from the internet – OSnews The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong Artemis II crew splashes down near San Diego after historic moon mission We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Cooperative Vectors Introduction | Evolve Keeping a Postgres queue healthy — PlanetScale Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? The Zettelkasten Method in Obsidian: A Practical Setup Guide Artemis II Is Competency Porn and We Are Starving For It WeakC4 Flight Viz — Cockpit View A Mexican surveillance giant you’ve never heard of is now watching the U.S. border Surelock: Deadlock-Free Mutexes for Rust RISC-V 101 – what is it and what does it mean for Canonical? | Ubuntu The Problem That Built an Industry How Much Linear Memory Access Is Enough? | Solidean Investigating Split Locks on x86-64 Simplest hash functions Sybilproof reputation mechanisms (2005) [pdf] What is a property? How Complex is my Code? Static code analysis in Kotlin — tools overview Toffoli gates are all you need PGLite evangelism dcmake: a new CMake debugger UI Clojure on Fennel part one: Persistent Data Structures Fragments: April 2 Python Release Python install manager 26.1 The Life and Death of the Book Review - Liberties Introducing Database Traffic Control — PlanetScale Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Building slogbox Apple Silicon and Virtual Machines: Beating the 2 VM Limit Who was “Not Even Wrong” first? Pokemon Evolution Vs Darwinian Evolution The APL Programming Language Source Code
GitHub - raiyanyahya/recall: Stop wasting tokens and re-explaining your project every session. Recall gives Claude Code durable memory — entirely offline.
2026-06-22 · via Hacker News

🔁

Recall — fully-local project memory for Claude Code

Built for Claude Code CI CodeQL Coverage License: MIT

Claude Code starts every session cold. Recall keeps a local log of your sessions and condenses it into a resume-ready summary — entirely on your machine. No API key, no external model, nothing sent anywhere. It's built for people running Claude Code locally on a subscription: the only AI in the loop is Claude Code itself; the summarization is done by a classical Python summarizer.

Why Recall

  • Free on your subscription. It solves the cold-start problem — no more re-explaining the project each session — without a metered summarizer running up a bill. The summary is a local algorithm, not an LLM call, so persistent memory costs you nothing beyond the subscription you already pay for.
  • Saves your usage credits. Two ways: (1) the summary is built locally, so capturing and updating your memory spends zero model tokens; and (2) resuming from a compact context.md (~1–2K tokens) instead of re-explaining the project from scratch each session means far fewer tokens spent per session — stretching your subscription's usage limits (or, on the API, lowering billed credits).
  • Nothing leaves your machine. Your transcripts (code, paths, sometimes secrets) are never sent to any API. Most "memory" tools pipe your context to a model endpoint; Recall makes a privacy guarantee they can't.
  • Zero-friction. No pip install, no local model to run, no key to configure, works offline. It starts working the moment the plugin loads.

Two files, written into your project under .recall/:

  • history.mdthe log. Append-only. Every session is captured here as it happens (your prompts, Claude's replies, the files touched and commands run).
  • context.mdthe summary. Overwritten by the local summarizer — the condensed "where are we right now" you load into the next session: goal, summary, next steps / open threads, files touched, and where you left off.

How it works

Moment What happens
During the session The Stop / SessionEnd hooks append new activity to .recall/history.md. Capture is incremental (only new turns) and fully local.
At session start The SessionStart hook surfaces context.md and has Claude ask you two things: resume from the saved context? and keep logging this session?
Before you wrap up You run /recall:save. The local summarizer reads history.md and (over)writes context.md.
…or automatically Set auto_save_context: "on_end" and context.md regenerates every time a session ends — no /recall:save needed.

There is no LLM call anywhere — the summary is produced by TF-IDF + TextRank (extractive summarization) running locally.

The summarizer

scripts/summarizer.py ranks the most central sentences of your session:

  1. TF-IDF sentence vectors
  2. a cosine-similarity graph between sentences
  3. TextRank — PageRank power iteration over that graph — to score sentences
  4. the top N are kept in original order

context.md wraps that summary with deterministic facts pulled straight from the transcript and git: the goal (your first ask), files touched, commands run, where you left off, and git diff --stat.

No installs required. The whole TF-IDF + TextRank implementation is vendored in summarizer.py. If numpy happens to be importable it's used to vectorize the math (faster on big sessions); if not, an identical pure-Python TextRank runs instead. Same algorithm, same result — numpy is an optional accelerator, never a requirement. The save output tells you which path ran.

Commands

  • /recall:save — run the local summarizer → (over)write context.md.
  • /recall:show — print context.md.
  • /recall:log — tail history.md.

Configuration — recall.config.json

Drop this in your project root to override defaults:

Key Default Purpose
output_dir ".recall" Where history.md / context.md live.
capture_history true Append session activity to history.md.
auto_save_context "off" Regenerate context.md when a session ends: "off" or "on_end".
summary_sentences 8 How many sentences the summary keeps.
redact true Strip obvious secrets before writing the md files.
include_git true Add git diff --stat + recent commits to context.md.
max_input_chars 200000 Cap on text fed to the summarizer (oldest dropped).

Pause logging for a project without editing config: create .recall/.capture-paused. Delete it to resume.

Privacy & security

Recall makes no network calls, uses no API key, and loads no third-party model. The summarizer is local Python; the hooks are stdlib-only (numpy is an optional accelerator). It reads your session transcript and writes only under output_dir. Concretely:

  • No credentials, ever. The plugin has zero references to API keys, auth, ANTHROPIC_*, or HTTP. If claude itself shows "Invalid API key", that's the CLI's own auth — usually a stale ANTHROPIC_API_KEY env var shadowing your subscription login. unset ANTHROPIC_API_KEY (or run env -u ANTHROPIC_API_KEY claude …). It has nothing to do with Recall.
  • Redaction. A best-effort pass strips common secret shapes (API keys, tokens, .env assignments, PEM keys) before writing, since context.md / history.md may be committed. Best-effort, not a guarantee — review before committing.
  • Hardened git. git diff/log are run with core.fsmonitor, diff.external, hooks, and the pager disabled, so an untrusted cloned repo can't use its own git config to execute code when Recall reads ground-truth. Set include_git: false to skip git entirely.
  • Confined writes. output_dir is forced to stay inside the project; a project-shipped config can't redirect writes to an absolute path or ../...
  • Scoped transcript. Recall only reads the transcript for the current project (matched by cwd); it never falls back to another project's sessions.
  • Trust boundary for shared memory. context.md is injected into the model at session start. If you commit .recall/ as shared team memory, treat it like any other shared input: a teammate (or a bad actor with repo write access) could craft a context.md to attempt prompt-injection. SessionStart fences the content and labels it untrusted data, and Claude asks before relying on it — but if you don't fully trust who can write the repo, keep .recall/ git-ignored (the default).

Committing .recall/

Both are fine. Commit it for shared team memory, or git-ignore it for personal memory (.gitignore ships ignoring it by default — flip the comment to commit).

Install

From the marketplace (this repo is its own marketplace):

/plugin marketplace add raiyanyahya/recall
/plugin install recall@recall

Local dev (no install step):

claude --plugin-dir /path/to/recall

No pip install — the summarizer is vendored and stdlib-only (numpy used as an optional accelerator if present). Work a session, run /recall:save, and open a fresh session — Recall greets you with where you left off.

Development

python -m venv .venv && . .venv/bin/activate
pip install pytest ruff bandit numpy   # numpy optional

ruff check scripts tests               # lint
bandit -c pyproject.toml -r scripts    # security static analysis
pytest                                 # run the suite (also test without numpy)
claude plugin validate .               # official manifest validation

CI (.github/workflows/) runs lint + Bandit, the test suite across Python 3.9–3.13 with and without numpy (both summarizer paths), CodeQL, secret scanning, and manifest JSON validation on every push and PR. See CONTRIBUTING.md and SECURITY.md.

Layout

recall/
├── .claude-plugin/plugin.json   # manifest
├── hooks/hooks.json             # SessionStart (ask/resume) · Stop+SessionEnd (capture)
├── commands/                    # /recall:save · show · log
├── scripts/
│   ├── summarizer.py            # vendored TF-IDF + TextRank (numpy optional)
│   ├── make_context.py          # build/overwrite context.md
│   ├── capture.py               # append session activity to history.md
│   ├── session_start.py         # surface context + ask the start questions
│   ├── parse_transcript.py      # transcript → events + renderers
│   └── config.py · common.py · redact.py
├── tests/                       # pytest suite (summarizer, capture, security, …)
├── .github/                     # CI, CodeQL, secret scan, dependabot
├── recall.config.json        # config template / defaults
├── pyproject.toml               # ruff / pytest / bandit config (no runtime deps)
├── LICENSE · SECURITY.md · CONTRIBUTING.md
└── .gitignore

Contributing & issues

Bugs and ideas are welcome — open an issue (bug-report and feature templates provided) or a pull request. See CONTRIBUTING.md before submitting, and report security vulnerabilities privately per SECURITY.md rather than in a public issue.