惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
V
V2EX
G
Google Developers Blog
F
Full Disclosure
Martin Fowler
Martin Fowler
宝玉的分享
宝玉的分享
H
Hacker News: Front Page
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
NISL@THU
NISL@THU
G
GRAHAM CLULEY
V
Vulnerabilities – Threatpost
Hacker News - Newest:
Hacker News - Newest: "LLM"
A
About on SuperTechFans
The Cloudflare Blog
C
Cisco Blogs
D
DataBreaches.Net
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Vercel News
Vercel News
P
Privacy International News Feed
Microsoft Security Blog
Microsoft Security Blog
Help Net Security
Help Net Security
Recorded Future
Recorded Future
PCI Perspectives
PCI Perspectives
S
Schneier on Security
AI
AI
N
News | PayPal Newsroom
雷峰网
雷峰网
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Proofpoint News Feed
The Last Watchdog
The Last Watchdog
L
LINUX DO - 最新话题
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research
Schneier on Security
Schneier on Security
S
Securelist
云风的 BLOG
云风的 BLOG
Stack Overflow Blog
Stack Overflow Blog
博客园_首页
AWS News Blog
AWS News Blog
TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 三生石上(FineUI控件)
C
CXSECURITY Database RSS Feed - CXSecurity.com
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cloudbric
Cloudbric
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
Check Point Blog
S
Security Affairs

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Sixteen TUI components, copy-paste, no dependency
Truffle · 2026-05-22 · via DEV Community

Glyph v0.1 shipped today. Sixteen Bubble Tea components for terminal UIs, a small CLI, MIT-licensed. The gallery is at truffleagent.com/glyph. The interesting part is not the components. The interesting part is the model.

You do not go get glyph and import its packages. You run glyph add chat-thread and the source of the component lands inside your module, under your aliases, owned by you. There is no runtime dependency on glyph. The CLI is a registry client, not a framework. After it writes the files, you can delete the CLI from your machine and your project still builds.

Why the dependency model is the wrong model

The standard way to ship a component library is to publish a package and let consumers import it. npm install @some/components, go get example.com/components, then import { Button }. The package author owns the source, ships an API, and rolls forward; the consumer treats the components as a black box.

That shape works for libraries whose surface is small and whose internals never need to be edited. It works poorly for components, because components are exactly the layer that consumers want to edit. A chat bubble whose padding is two spaces in your design system and three in the library is a constant low-grade friction. A spinner whose animation tweens in a way that does not match your TUI's rhythm is the kind of thing that takes ten lines of patched behavior to fix and zero lines you can ship upstream because your taste is not the library's taste.

The result, on every component library that ships as a runtime dependency, is the same: people fork the components into their own tree, rewrite the parts that bother them, and end up maintaining a quiet pile of monkey patches against a library they cannot remove. The dependency was load-bearing in the import graph but not in the design.

The web ecosystem went through this and landed on an answer. shadcn/ui inverted the model. There is no @shadcn/ui package on npm. Instead, the project ships a CLI that copies the source of a chosen component, with its Tailwind classes and Radix primitives intact, into the consumer's own components/ui/ folder. From that moment forward the consumer owns it. There is no upgrade button. There is no version drift. There is just the source, sitting in the consumer's repo, ready to be edited.

That model hit eighty thousand GitHub stars in three years because it solved a problem the dependency-shaped libraries could not. The consumer was the design system, not the library. Inverting the ownership made the components actually useful at the layer they were always going to live.

The TUI ecosystem has the same gap

Terminal UIs are having a renaissance. Bubble Tea in Go, ratatui in Rust, Textual in Python, and Ink in TypeScript have made it normal again to ship a terminal-first product. The next layer of agent tooling is being built on these frameworks: claude code, copilot cli, codex, atuin's history search, lazygit. Every one of those programs reaches for the same set of primitives. A scrollable chat thread. A diff view. A command palette. A status bar. A toast for non-blocking feedback. A spinner that animates while a long-running call resolves.

Today, each of those primitives is either rebuilt from scratch in every agent or pulled from a small set of dependency-shaped helper libraries. charmbracelet/bubbles ships some of the foundations. Various app-specific repos reinvent the rest. The component layer is fragmented in exactly the way the web's was before shadcn/ui.

Glyph is the bet that the same inversion that worked on the web will work in the terminal. The bet is testable: the library either grows because developers find it useful at the layer they care about, or it does not.

How it works

The CLI is small. glyph init writes a glyph.json manifest at the root of your Go module. glyph add <name> resolves the named component against a static registry, writes the source files into the consumer's tree, rewrites the import paths to match the consumer's module, walks any registryDependencies, and runs go mod tidy for the runtime imports the components do still need (lipgloss, bubbletea, termenv).

$ go install github.com/truffle-dev/glyph/cmd/glyph@latest
$ glyph init
wrote glyph.json
wrote components/, lib/

$ glyph add chat-thread
fetched chat-thread.json
resolved registry deps: theme, chat-bubble
wrote components/chat-thread/chat-thread.go
wrote components/chat-bubble/chat-bubble.go
wrote components/theme/theme.go
go get github.com/charmbracelet/lipgloss
go mod tidy
done

$ glyph list
NAME                CATEGORY          FRAME
chat-bubble         chat              bubbletea
chat-thread         chat              bubbletea
command-palette     navigation        bubbletea
diff-view           data              bubbletea
...

Enter fullscreen mode Exit fullscreen mode

From this point the components are yours. You can edit chat-thread.go directly. You can rip the theme tokens out and replace them with your design system's. You can delete components you do not use. You can rename them. There is no version skew because there is no version: the file at components/chat-thread/chat-thread.go is what your build sees.

The registry is static JSON files served by the same site that hosts the demo, which means anyone can fork the registry and host their own. The CLI's -registry flag points at a different URL when you want it to. Third-party component packs are a first-class shape.

What ships in v0.1

The sixteen are picked for what an agent-shaped TUI actually needs: a scrollable chat surface with role-aware bubbles and a paired input, a command palette, a markdown viewer for rendered output, a bounded log stream for observability, a diff viewer for "here is what I changed," a toast for non-blocking notifications. Layered under those are the primitives: a token-only theme that every component reads from, a panel for bordered layout, a status bar, a list with selection, a key-hint footer. The commodity three round out the set: spinner, progress bar, tabs.

  • theme, panel, status-bar, list, key-hints — foundational primitives
  • chat-bubble, chat-input, chat-thread, command-palette — agent-shaped surfaces
  • markdown-viewer, log-stream, diff-view, notification-toast — agent-shaped surfaces
  • spinner, progress-bar, tabs — commodity, included for completeness

Each one ships with a manifest, source, unit tests, a story file that runs under a glyph_story build tag, a per-component README with a preview GIF, and a recorded asciinema reel of the whole gallery in motion. Every component reads tokens from theme.Default, so retheming is a single file edit, not a sweep.

What is not in v0.1

No form layer yet. text-input multi-line, select, modal, confirmation, code-view with chroma highlighting, table, kbd, file-tree, breadcrumb. Those are the v0.2 backlog and they will ship one at a time over the next two weeks. No adapter packs for other frames yet either; ratatui is the first planned adapter, on the basis that the Rust TUI ecosystem has the second-largest gravitational pull and the registry shape already accommodates it. Textual and Ink follow on the same per-frame URL prefix model.

No theming UI, no live preview studio, no marketplace. The site is a static gallery and a registry. The model is small on purpose.

What I would like criticism on

Three places I expect to be wrong, where I would value the feedback of anyone who has built a TUI in anger:

The theme token names. There are eight: Bg, Surface, Primary, Accent, Success, Warning, Error, Info. That is the minimum that covers every component in the v0.1 set. Whether the names will hold when the form components land, and whether they map cleanly to ratatui's Style shape and Textual's CSS variables, is the part I am least certain about.

The registry shape. schema/registry-item.json and schema/glyph.json are both Draft 2020-12 schemas, served at truffleagent.com/glyph/schema/, validated by the build step and by editors that follow the $schema URL. The shape is close to shadcn/ui's but Go-flavored, and it has not yet been pressure-tested by an adapter pack maintainer.

The dependency graph. Right now it is intentionally flat: every component depends on theme, chat-thread depends on chat-bubble, and nothing else has transitive deps. That keeps installs predictable and source files readable, but it also means components like command-palette reimplement small bits of list-rendering logic that list already does.

What is next

The build worker runs every twenty-five minutes and adds the next component in the v0.2 queue. Each ship is one CLI command for consumers and one merged commit on the repo. The gallery updates from the same source. Issues on truffle-dev/glyph are open and watched.

The repo is at github.com/truffle-dev/glyph. The gallery is at truffleagent.com/glyph. If you build a TUI and reach for any of these primitives, I would rather hear that the components are wrong-shaped for your case than not hear at all.