{"id":47750986,"url":"https://github.com/dineshkrishna9999/firsttoknow","last_synced_at":"2026-04-05T05:00:41.317Z","repository":{"id":347821033,"uuid":"1195461608","full_name":"dineshkrishna9999/firsttoknow","owner":"dineshkrishna9999","description":"🔔 Stop being the last to know. AI agent that tracks YOUR stack and briefs you like a CTO.","archived":false,"fork":false,"pushed_at":"2026-04-03T16:17:56.000Z","size":11351,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-04T04:02:38.588Z","etag":null,"topics":["ai","ai-agent","automation","cli","cve-scanner","developer-tools","hacker-news","llm","npm","pypi","python","security","tech-news","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"https://github.com/dineshkrishna9999/firsttoknow#-firsttoknow","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dineshkrishna9999.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-29T17:43:46.000Z","updated_at":"2026-04-03T16:17:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"380e45ae-2c34-418e-b58b-b6a9c802ff12","html_url":"https://github.com/dineshkrishna9999/firsttoknow","commit_stats":null,"previous_names":["dineshkrishna9999/devpulse","dineshkrishna9999/lasttoknow","dineshkrishna9999/firsttoknow"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/dineshkrishna9999/firsttoknow","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dineshkrishna9999%2Ffirsttoknow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dineshkrishna9999%2Ffirsttoknow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dineshkrishna9999%2Ffirsttoknow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dineshkrishna9999%2Ffirsttoknow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dineshkrishna9999","download_url":"https://codeload.github.com/dineshkrishna9999/firsttoknow/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dineshkrishna9999%2Ffirsttoknow/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31424931,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T02:22:46.605Z","status":"ssl_error","status_checked_at":"2026-04-05T02:22:33.263Z","response_time":75,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","ai-agent","automation","cli","cve-scanner","developer-tools","hacker-news","llm","npm","pypi","python","security","tech-news","vulnerability-scanner"],"created_at":"2026-04-03T03:08:01.073Z","updated_at":"2026-04-05T05:00:41.308Z","avatar_url":"https://github.com/dineshkrishna9999.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔔 FirstToKnow\n\n### Because being the first to know isn't luck — it's a system.\n\n[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)\n[![Tests](https://img.shields.io/badge/tests-130%20passing-brightgreen.svg)]()\n[![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)\n[![uv](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/uv/main/assets/badge/v0.json)](https://github.com/astral-sh/uv)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\n```\n  ╔═╗╦╦═╗╔═╗╔╦╗╔╦╗╔═╗╦╔═╔╗╔╔═╗╦ ╦\n  ╠╣ ║╠╦╝╚═╗ ║  ║ ║ ║╠╩╗║║║║ ║║║║\n  ╚  ╩╩╚═╚═╝ ╩  ╩ ╚═╝╩ ╩╝╚╝╚═╝╚╩╝\n  v0.4.0 — Never miss what matters in tech.\n```\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"examples/demo.gif\" alt=\"FirstToKnow demo — AI-powered tech briefing in your terminal\" width=\"700\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003ci\u003eOne command. Everything that matters about your stack — CVEs, breaking changes, trending repos, HN discussions.\u003c/i\u003e\u003c/p\u003e\n\n\u003e **🔥 Real story caught by FirstToKnow:** The briefing below is real — FirstToKnow surfaced that **Claude Code's source code was accidentally exposed via a `.map` file in their npm registry** (1,883 pts on HN) alongside **5 Express CVEs** and trending repos like `openai/codex-plugin-cc` — all in one command, before most developers even heard about it. That's the point.\n\u003e\n---\n\n## The Problem\n\nYou've been here:\n\n- 😤 LiteLLM shipped a **breaking change** — you found out when your prod pipeline crashed\n- 🤦 Google ADK released the exact fix you needed — **2 weeks ago**\n- 😶 A repo with **15K stars** solves your exact problem — you never heard of it\n- 🔓 A package you depend on has a **critical CVE** — you found out from Twitter, not your tooling\n- 🫠 Your colleague casually drops *\"oh yeah, that was deprecated last month\"*\n\nYou're not lazy. You're not out of touch. **There's just too much happening and no one tool that watches YOUR stack.**\n\nDependabot bumps versions but doesn't explain why it matters. daily.dev shows generic news, not YOUR news. GitHub Watch drowns you in noise.\n\n## The Fix\n\n**FirstToKnow** is an AI agent that knows your stack, tracks what matters to YOU, and briefs you like a personal tech analyst.\n\n```bash\n# 30 seconds to set up\nuv run firsttoknow scan                          # Auto-detects deps from your project\nuv run firsttoknow track --topic \"AI agents\"     # Add topics you care about\nuv run firsttoknow brief --model gpt-4o          # Get your personalized briefing\n```\n\n```\n╭───────────────────────── 🔔 FirstToKnow Briefing ──────────────────────────╮\n│                                                                            │\n│  🔴 CRITICAL — action needed                                              │\n│  ├── litellm 1.41.0 → Breaking: Azure auth flow changed                   │\n│  ├── 🛡️ CVE-2024-1234 (HIGH 7.5) — SQL injection in litellm \u003c1.40.5      │\n│  └── google-adk 1.28.0 → New: Multi-agent orchestration                   │\n│                                                                            │\n│  🟡 WORTH KNOWING                                                         │\n│  ├── 🔥 Trending: \"hermes-agent\" (15K ⭐ this week)                        │\n│  └── HN: \"AI agent memory\" discussion (342 points)                        │\n│                                                                            │\n│  🟢 FYI                                                                   │\n│  ├── pytest 9.0.2 — minor bugfixes                                        │\n│  └── 3 new repos matching \"AI agents\" trending today                      │\n│                                                                            │\n╰──────────────────────────────── model: gpt-4o ─────────────────────────────╯\n```\n\n**No dashboards.** No browser tabs. No newsletters you'll never read. Just one command and you're the **first** to know.\n\n## What makes it different\n\n| Feature | FirstToKnow | Dependabot | daily.dev | GitHub Watch |\n|---------|:-----------:|:----------:|:---------:|:------------:|\n| Tracks YOUR stack | ✅ | ✅ | ❌ | ❌ |\n| Explains what changed \u0026 why | ✅ | ❌ | ❌ | ❌ |\n| CVE/vulnerability scanning | ✅ | ❌ | ❌ | ❌ |\n| Trending repos \u0026 HN/Reddit | ✅ | ❌ | ✅ | ❌ |\n| AI-prioritized (🔴 🟡 🟢) | ✅ | ❌ | ❌ | ❌ |\n| Works with any LLM | ✅ | N/A | N/A | N/A |\n| One command, full briefing | ✅ | ❌ | ❌ | ❌ |\n\n## Features\n\n### 📦 Package Tracking (PyPI + npm)\n```bash\nuv run firsttoknow track litellm                  # PyPI\nuv run firsttoknow track --npm express             # npm\nuv run firsttoknow scan                            # Auto-detect from pyproject.toml / package.json\n```\n\n### 🛡️ Security Vulnerability Scanning\nEvery tracked package is checked against [OSV.dev](https://osv.dev) (Google's vulnerability database) for known CVEs. Vulnerabilities are always flagged 🔴 CRITICAL with severity levels.\n\n```\n🔴 CVE-2024-1234 (CRITICAL 9.8) — Remote code execution via prompt injection\n🔴 CVE-2024-5678 (HIGH 7.5) — SQL injection in query parameter handling\n```\n\nNo auth required. No rate limits. Covers both PyPI and npm.\n\n### ⏳ Live Progress Spinner\nNo frozen terminal. The briefing shows what's happening in real-time:\n\n```\n⠋ Checking PyPI...\n⠙ Scanning for vulnerabilities...\n⠹ Fetching GitHub trending repos...\n⠸ Searching Hacker News...\n⠼ Browsing Dev.to articles...\n```\n\n### 🎨 Rich Markdown Output\nBriefings render with styled headings, **bold text**, bullet lists, and clickable terminal hyperlinks. Not raw markdown — actual formatted terminal output.\n\n## Get Started in 60 Seconds\n\n```bash\n# Install\ngit clone https://github.com/dineshkrishna9999/firsttoknow.git\ncd firsttoknow \u0026\u0026 uv sync\n\n# Point it at any LLM (Azure, OpenAI, Gemini, Claude, Ollama)\necho \"OPENAI_API_KEY=sk-...\" \u003e .env\nuv run firsttoknow config model gpt-4o\n\n# Tell it what you care about\nuv run firsttoknow track litellm                  # PyPI package\nuv run firsttoknow track --npm express            # npm package\nuv run firsttoknow track --github BerriAI/litellm # GitHub repo\nuv run firsttoknow track --topic \"AI agents\"      # Broad topic\nuv run firsttoknow scan                           # Or just auto-detect everything\n\n# Get briefed\nuv run firsttoknow brief\n```\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"examples/status_scan_example.png\" alt=\"FirstToKnow scan and status commands — auto-detect dependencies and track them\" width=\"650\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003ci\u003e\u003ccode\u003escan\u003c/code\u003e auto-detects your dependencies, \u003ccode\u003estatus\u003c/code\u003e shows everything you're tracking at a glance.\u003c/i\u003e\u003c/p\u003e\n\nThat's it. You're the first to know.\n\n## All Commands\n\n```bash\n# Track / Untrack\nuv run firsttoknow track \u003cname\u003e                 # Track a PyPI package\nuv run firsttoknow track --npm \u003cname\u003e           # Track an npm package\nuv run firsttoknow track --github owner/repo    # Track a GitHub repo\nuv run firsttoknow track --topic \"AI agents\"    # Track a topic\nuv run firsttoknow track litellm --version 1.40 # Track with current version\nuv run firsttoknow scan                         # Auto-detect from pyproject.toml / package.json\nuv run firsttoknow untrack \u003cname\u003e               # Stop tracking\n\n# Briefings\nuv run firsttoknow brief                        # Get your AI briefing\nuv run firsttoknow brief --model azure/gpt-4.1  # Use a specific model\nuv run firsttoknow brief --raw                  # Raw text, no formatting\n\n# Manage\nuv run firsttoknow list                         # See what you're tracking\nuv run firsttoknow status                       # Full overview\nuv run firsttoknow config model \u003cmodel\u003e         # Set default LLM\nuv run firsttoknow config show                  # Show settings\n```\n\n## Works With Any LLM\n\nPowered by [LiteLLM](https://github.com/BerriAI/litellm) — so you're not locked in:\n\n| Provider | Model | Env Var |\n|----------|-------|---------|\n| **Azure OpenAI** | `azure/gpt-4.1` | `AZURE_API_KEY` |\n| **OpenAI** | `gpt-4o` | `OPENAI_API_KEY` |\n| **Google Gemini** | `gemini/gemini-2.0-flash` | `GEMINI_API_KEY` |\n| **Anthropic Claude** | `anthropic/claude-sonnet-4-20250514` | `ANTHROPIC_API_KEY` |\n| **Ollama (free!)** | `ollama/llama3` | None needed |\n\n## How It Works Under the Hood\n\n```\nYou run: firsttoknow brief\n              │\n              ▼\n   ┌─────────────────────┐\n   │   FirstToKnow CLI   │  Reads your tracked items from ~/.firsttoknow/\n   └──────────┬──────────┘\n              │\n              ▼\n   ┌─────────────────────┐\n   │    ADK Agent +      │  AI decides which tools to call based on\n   │    LiteLLM          │  what you're tracking\n   └──────────┬──────────┘\n              │\n     ┌────────┼────────┐\n     ▼        ▼        ▼\n  ┌──────┐ ┌──────┐ ┌──────┐\n  │ PyPI │ │GitHub│ │  HN  │   Real API calls — not hallucinated data\n  │  API │ │  API │ │ API  │\n  └──────┘ └──────┘ └──────┘\n  ┌──────┐ ┌──────┐ ┌──────┐\n  │ npm  │ │Dev.to│ │Reddit│\n  │  API │ │  API │ │ API  │\n  └──────┘ └──────┘ └──────┘\n  ┌──────┐\n  │OSV   │  CVE/vulnerability scanning\n  │(free)│\n  └──────┘\n              │\n              ▼\n   ┌─────────────────────┐\n   │  AI synthesizes     │  Prioritizes: 🔴 Critical → 🟡 Important → 🟢 FYI\n   │  and prioritizes    │  Thinks like a senior dev briefing a CTO\n   └──────────┬──────────┘\n              │\n              ▼\n   ┌─────────────────────┐\n   │  Rich Markdown      │  Styled headings, bold, bullets, clickable links\n   │  terminal output    │\n   └─────────────────────┘\n```\n\nThe AI **decides** which tools to call — you don't hardcode the flow. You just say \"brief me\" and it figures out what to check.\n\n## Development\n\n```bash\ngit clone https://github.com/dineshkrishna9999/firsttoknow.git\ncd firsttoknow \u0026\u0026 uv sync\n\nuv run poe check        # Run ALL checks (format, lint, typecheck, test)\nuv run poe test         # Just tests\nuv run poe fmt          # Format code\n```\n\n130 tests. Zero tolerance for regressions.\n\n### Project Structure\n\n```\nsrc/firsttoknow/\n├── cli.py              # CLI commands (Typer)\n├── config.py           # Config \u0026 persistence (~/.firsttoknow/)\n├── models.py           # Data models (TrackedItem, ItemType)\n├── renderer.py         # Rich terminal output (Markdown, banners, spinners)\n├── scanner.py          # Dependency scanner (pyproject.toml, requirements.txt, package.json)\n└── agents/\n    ├── agent.py        # ADK agent + runner (with tool-call callbacks)\n    ├── _tools.py       # 7 API tools (PyPI, npm, GitHub, HN, Dev.to, Reddit, OSV)\n    └── instructions/\n        └── briefing.py # System prompt — the brain\n```\n\n## License\n\n[MIT](LICENSE) — do whatever you want with it.\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eStop being the last to know. Start being the first.\u003c/b\u003e\u003cbr\u003e\n  Built by \u003ca href=\"https://github.com/dineshkrishna9999\"\u003e\u003cb\u003eDinesh Karakambaka\u003c/b\u003e\u003c/a\u003e\u003cbr\u003e\n  \u003ca href=\"https://github.com/dineshkrishna9999/firsttoknow\"\u003e⭐ Star this repo\u003c/a\u003e if you've ever found out about a breaking change from a colleague.\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdineshkrishna9999%2Ffirsttoknow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdineshkrishna9999%2Ffirsttoknow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdineshkrishna9999%2Ffirsttoknow/lists"}