https://github.com/dineshkrishna9999/firsttoknow
๐ Stop being the last to know. AI agent that tracks YOUR stack and briefs you like a CTO.
https://github.com/dineshkrishna9999/firsttoknow
ai ai-agent automation cli cve-scanner developer-tools hacker-news llm npm pypi python security tech-news vulnerability-scanner
Last synced: 3 months ago
JSON representation
๐ Stop being the last to know. AI agent that tracks YOUR stack and briefs you like a CTO.
- Host: GitHub
- URL: https://github.com/dineshkrishna9999/firsttoknow
- Owner: dineshkrishna9999
- License: mit
- Created: 2026-03-29T17:43:46.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2026-04-03T16:17:56.000Z (3 months ago)
- Last Synced: 2026-04-04T04:02:38.588Z (3 months ago)
- Topics: ai, ai-agent, automation, cli, cve-scanner, developer-tools, hacker-news, llm, npm, pypi, python, security, tech-news, vulnerability-scanner
- Language: Python
- Homepage: https://github.com/dineshkrishna9999/firsttoknow#-firsttoknow
- Size: 10.8 MB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# ๐ FirstToKnow
### Because being the first to know isn't luck โ it's a system.
[](https://www.python.org/downloads/)
[]()
[](https://github.com/astral-sh/ruff)
[](https://github.com/astral-sh/uv)
[](https://opensource.org/licenses/MIT)
```
โโโโฆโฆโโโโโโโฆโโโฆโโโโโฆโโโโโโโโโฆ โฆ
โ โฃ โโ โฆโโโโ โ โ โ โโ โฉโโโโโ โโโโ
โ โฉโฉโโโโโ โฉ โฉ โโโโฉ โฉโโโโโโโโฉโ
v0.4.0 โ Never miss what matters in tech.
```
One command. Everything that matters about your stack โ CVEs, breaking changes, trending repos, HN discussions.
> **๐ฅ Real story caught by FirstToKnow:** The briefing below is real โ FirstToKnow surfaced that **Claude Code's source code was accidentally exposed via a `.map` file in their npm registry** (1,883 pts on HN) alongside **5 Express CVEs** and trending repos like `openai/codex-plugin-cc` โ all in one command, before most developers even heard about it. That's the point.
>
---
## The Problem
You've been here:
- ๐ค LiteLLM shipped a **breaking change** โ you found out when your prod pipeline crashed
- ๐คฆ Google ADK released the exact fix you needed โ **2 weeks ago**
- ๐ถ A repo with **15K stars** solves your exact problem โ you never heard of it
- ๐ A package you depend on has a **critical CVE** โ you found out from Twitter, not your tooling
- ๐ซ Your colleague casually drops *"oh yeah, that was deprecated last month"*
You're not lazy. You're not out of touch. **There's just too much happening and no one tool that watches YOUR stack.**
Dependabot bumps versions but doesn't explain why it matters. daily.dev shows generic news, not YOUR news. GitHub Watch drowns you in noise.
## The Fix
**FirstToKnow** is an AI agent that knows your stack, tracks what matters to YOU, and briefs you like a personal tech analyst.
```bash
# 30 seconds to set up
uv run firsttoknow scan # Auto-detects deps from your project
uv run firsttoknow track --topic "AI agents" # Add topics you care about
uv run firsttoknow brief --model gpt-4o # Get your personalized briefing
```
```
โญโโโโโโโโโโโโโโโโโโโโโโโโโ ๐ FirstToKnow Briefing โโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ โ
โ ๐ด CRITICAL โ action needed โ
โ โโโ litellm 1.41.0 โ Breaking: Azure auth flow changed โ
โ โโโ ๐ก๏ธ CVE-2024-1234 (HIGH 7.5) โ SQL injection in litellm <1.40.5 โ
โ โโโ google-adk 1.28.0 โ New: Multi-agent orchestration โ
โ โ
โ ๐ก WORTH KNOWING โ
โ โโโ ๐ฅ Trending: "hermes-agent" (15K โญ this week) โ
โ โโโ HN: "AI agent memory" discussion (342 points) โ
โ โ
โ ๐ข FYI โ
โ โโโ pytest 9.0.2 โ minor bugfixes โ
โ โโโ 3 new repos matching "AI agents" trending today โ
โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ model: gpt-4o โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
```
**No dashboards.** No browser tabs. No newsletters you'll never read. Just one command and you're the **first** to know.
## What makes it different
| Feature | FirstToKnow | Dependabot | daily.dev | GitHub Watch |
|---------|:-----------:|:----------:|:---------:|:------------:|
| Tracks YOUR stack | โ
| โ
| โ | โ |
| Explains what changed & why | โ
| โ | โ | โ |
| CVE/vulnerability scanning | โ
| โ | โ | โ |
| Trending repos & HN/Reddit | โ
| โ | โ
| โ |
| AI-prioritized (๐ด ๐ก ๐ข) | โ
| โ | โ | โ |
| Works with any LLM | โ
| N/A | N/A | N/A |
| One command, full briefing | โ
| โ | โ | โ |
## Features
### ๐ฆ Package Tracking (PyPI + npm)
```bash
uv run firsttoknow track litellm # PyPI
uv run firsttoknow track --npm express # npm
uv run firsttoknow scan # Auto-detect from pyproject.toml / package.json
```
### ๐ก๏ธ Security Vulnerability Scanning
Every tracked package is checked against [OSV.dev](https://osv.dev) (Google's vulnerability database) for known CVEs. Vulnerabilities are always flagged ๐ด CRITICAL with severity levels.
```
๐ด CVE-2024-1234 (CRITICAL 9.8) โ Remote code execution via prompt injection
๐ด CVE-2024-5678 (HIGH 7.5) โ SQL injection in query parameter handling
```
No auth required. No rate limits. Covers both PyPI and npm.
### โณ Live Progress Spinner
No frozen terminal. The briefing shows what's happening in real-time:
```
โ Checking PyPI...
โ Scanning for vulnerabilities...
โ น Fetching GitHub trending repos...
โ ธ Searching Hacker News...
โ ผ Browsing Dev.to articles...
```
### ๐จ Rich Markdown Output
Briefings render with styled headings, **bold text**, bullet lists, and clickable terminal hyperlinks. Not raw markdown โ actual formatted terminal output.
## Get Started in 60 Seconds
```bash
# Install
git clone https://github.com/dineshkrishna9999/firsttoknow.git
cd firsttoknow && uv sync
# Point it at any LLM (Azure, OpenAI, Gemini, Claude, Ollama)
echo "OPENAI_API_KEY=sk-..." > .env
uv run firsttoknow config model gpt-4o
# Tell it what you care about
uv run firsttoknow track litellm # PyPI package
uv run firsttoknow track --npm express # npm package
uv run firsttoknow track --github BerriAI/litellm # GitHub repo
uv run firsttoknow track --topic "AI agents" # Broad topic
uv run firsttoknow scan # Or just auto-detect everything
# Get briefed
uv run firsttoknow brief
```
scan auto-detects your dependencies, status shows everything you're tracking at a glance.
That's it. You're the first to know.
## All Commands
```bash
# Track / Untrack
uv run firsttoknow track # Track a PyPI package
uv run firsttoknow track --npm # Track an npm package
uv run firsttoknow track --github owner/repo # Track a GitHub repo
uv run firsttoknow track --topic "AI agents" # Track a topic
uv run firsttoknow track litellm --version 1.40 # Track with current version
uv run firsttoknow scan # Auto-detect from pyproject.toml / package.json
uv run firsttoknow untrack # Stop tracking
# Briefings
uv run firsttoknow brief # Get your AI briefing
uv run firsttoknow brief --model azure/gpt-4.1 # Use a specific model
uv run firsttoknow brief --raw # Raw text, no formatting
# Manage
uv run firsttoknow list # See what you're tracking
uv run firsttoknow status # Full overview
uv run firsttoknow config model # Set default LLM
uv run firsttoknow config show # Show settings
```
## Works With Any LLM
Powered by [LiteLLM](https://github.com/BerriAI/litellm) โ so you're not locked in:
| Provider | Model | Env Var |
|----------|-------|---------|
| **Azure OpenAI** | `azure/gpt-4.1` | `AZURE_API_KEY` |
| **OpenAI** | `gpt-4o` | `OPENAI_API_KEY` |
| **Google Gemini** | `gemini/gemini-2.0-flash` | `GEMINI_API_KEY` |
| **Anthropic Claude** | `anthropic/claude-sonnet-4-20250514` | `ANTHROPIC_API_KEY` |
| **Ollama (free!)** | `ollama/llama3` | None needed |
## How It Works Under the Hood
```
You run: firsttoknow brief
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโ
โ FirstToKnow CLI โ Reads your tracked items from ~/.firsttoknow/
โโโโโโโโโโโโฌโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโ
โ ADK Agent + โ AI decides which tools to call based on
โ LiteLLM โ what you're tracking
โโโโโโโโโโโโฌโโโโโโโโโโโ
โ
โโโโโโโโโโผโโโโโโโโโ
โผ โผ โผ
โโโโโโโโ โโโโโโโโ โโโโโโโโ
โ PyPI โ โGitHubโ โ HN โ Real API calls โ not hallucinated data
โ API โ โ API โ โ API โ
โโโโโโโโ โโโโโโโโ โโโโโโโโ
โโโโโโโโ โโโโโโโโ โโโโโโโโ
โ npm โ โDev.toโ โRedditโ
โ API โ โ API โ โ API โ
โโโโโโโโ โโโโโโโโ โโโโโโโโ
โโโโโโโโ
โOSV โ CVE/vulnerability scanning
โ(free)โ
โโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโ
โ AI synthesizes โ Prioritizes: ๐ด Critical โ ๐ก Important โ ๐ข FYI
โ and prioritizes โ Thinks like a senior dev briefing a CTO
โโโโโโโโโโโโฌโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโ
โ Rich Markdown โ Styled headings, bold, bullets, clickable links
โ terminal output โ
โโโโโโโโโโโโโโโโโโโโโโโ
```
The AI **decides** which tools to call โ you don't hardcode the flow. You just say "brief me" and it figures out what to check.
## Development
```bash
git clone https://github.com/dineshkrishna9999/firsttoknow.git
cd firsttoknow && uv sync
uv run poe check # Run ALL checks (format, lint, typecheck, test)
uv run poe test # Just tests
uv run poe fmt # Format code
```
130 tests. Zero tolerance for regressions.
### Project Structure
```
src/firsttoknow/
โโโ cli.py # CLI commands (Typer)
โโโ config.py # Config & persistence (~/.firsttoknow/)
โโโ models.py # Data models (TrackedItem, ItemType)
โโโ renderer.py # Rich terminal output (Markdown, banners, spinners)
โโโ scanner.py # Dependency scanner (pyproject.toml, requirements.txt, package.json)
โโโ agents/
โโโ agent.py # ADK agent + runner (with tool-call callbacks)
โโโ _tools.py # 7 API tools (PyPI, npm, GitHub, HN, Dev.to, Reddit, OSV)
โโโ instructions/
โโโ briefing.py # System prompt โ the brain
```
## License
[MIT](LICENSE) โ do whatever you want with it.
---
Stop being the last to know. Start being the first.
Built by Dinesh Karakambaka
โญ Star this repo if you've ever found out about a breaking change from a colleague.