Hacker News

I got my Apple developer certificate and built a simple app to solve a problem I had. One shop I buy from doesn't have Apple Wallet passes. Since you need signed certificates to build these very simple things, I created a minimal app that signs them. It's available if you need it too. It won't scan cards with AI - you manually enter the barcode, which I think makes it less prone to error.

This is meant for environments where you don’t want to stand up a full supervisor stack (or don’t have one): quick multi-service prototypes, dev environments, constrained userlands, etc.

### What it does

* Spawn/manage shells with:

  * **PTY**: interactive terminal sessions (resize, input, stream)
  * **Pipes**: stdin/stdout/stderr streams (good for daemons/LSPs)
  * **dtach**: persistent sessions you can attach/detach to (survives manager restarts)

* *Runtime isolation* (the big feature): shells are namespaced by `~/.cache/framework_shells/runtimes/<repo_fingerprint>/<runtime_id>/...` so two clones of the same repo can run concurrently without cross-adoption or cross-control. * *Control surfaces*: CLI + optional FastAPI/WS UI for listing, logs, and lifecycle actions. * Optional *hooks* for host integration (external registries/telemetry).

### CLI quickstart

```bash # list shells fws list

# run a one-off shell (no spec) fws run --backend pty --label demo -- bash -l -i

# apply a YAML shellspec (recommended) fws up shells.yaml

# terminate shells fws down

# attach to a dtach-backed shell fws attach <shell_id>

# show managed shells + procfs descendants fws tree --depth 4 ```

### Shellspec example

```yaml version: "1" shells: worker: backend: proc cwd: ${ctx:PROJECT_ROOT} subgroups: ["worker", "project:${ctx:APP_ID}"] command: ["python", "-m", "your_module.worker", "--port", "${free_port}"] ```

### Isolation + security model (simple by default)

* `FRAMEWORK_SHELLS_SECRET` derives the `runtime_id` (namespace) and API tokens. * If the secret is set, mutating API endpoints require:

  * `Authorization: Bearer <token>` (or `X-Framework-Key`).

* If the secret is unset, auth is disabled (dev mode).

Hard limit: if two runtimes share the same OS user/UID, the OS may still allow signaling each other’s processes. The guarantee is: no cross-count/adopt/control *through the library’s control plane*.

### Real-world usage

I use this as the substrate of a full dev environment where “apps are shells” (terminals, IDE + LSP, agent/MCP, aria2 RPC, file explorer, llama.cpp runner, etc.). Repo:

```text https://github.com/mrsurge/termux-extensions-2 ```

### Feedback I want

* Does the secret/fingerprint/runtime isolation contract feel right? * Any obvious foot-guns in the default API/CLI? * Expectations vs systemd/supervisord/tmux/dtach: where would you use this?

github.com/mrsurge/framework-shells

pip install "framework-shells @ git+https://github.com/mrsurge/framework-shells@main"

```bash fws --help ```

Standard FAISS-style indices store vectors and compute:

argmax ⟨q, vᵢ⟩

If you insert -v, nothing happens. It’s just another point. The original vector is still maximally similar to itself and remains rank-1.

This isn’t a bug—it’s a consequence of selection-based retrieval.

If instead you store (vector, weight) pairs and evaluate: φ(q) = Σ wᵢ · K(q, vᵢ)

you get a different object entirely: a field, not a selection. Now inserting the same vector with w = −1 causes destructive interference. The contribution cancels. The attractor disappears.

Deletion becomes O(1) append-only (add the inverse), not a structural rebuild.

FAISS-style: Vec<Vec<f32>> → argmax (selection) Weighted form: Vec<(Vec<f32>, f32)> → Σ (field)

We validated this on 100k vectors: • FAISS: target stays rank-1 after “deletion” • Field-based model: exact cancellation (φ → 0), target unretrievable

The deeper point is that this isn’t a trick—it’s a semantic separation. • FAISS implements a selection operator over discrete points. • The weighted version implements a field operator where vectors act as kernels in a continuous potential. • Retrieval becomes gradient ascent to local maxima. • Deletion becomes destructive interference that removes attractors.

This shifts deletion from structural (modify index, rebuild, filter) to algebraic (append an inverse element). You get append-only logs, reversible unlearning, and auditable deletion records. The negative weight is the proof.

Implication: current vector DBs can’t guarantee GDPR/CCPA erasure without reconstruction. Field-based retrieval can—provably.

Paper with proofs: https://github.com/nikitph/bloomin/blob/master/negative-vect...

perfect for learning how ml frameworks work under the hood :)