An open API service indexing awesome lists of open source software.

https://github.com/dineshkrishna9999/firsttoknow

๐Ÿ”” Stop being the last to know. AI agent that tracks YOUR stack and briefs you like a CTO.
https://github.com/dineshkrishna9999/firsttoknow

ai ai-agent automation cli cve-scanner developer-tools hacker-news llm npm pypi python security tech-news vulnerability-scanner

Last synced: 3 months ago
JSON representation

๐Ÿ”” Stop being the last to know. AI agent that tracks YOUR stack and briefs you like a CTO.

Awesome Lists containing this project

README

          

# ๐Ÿ”” FirstToKnow

### Because being the first to know isn't luck โ€” it's a system.

[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
[![Tests](https://img.shields.io/badge/tests-130%20passing-brightgreen.svg)]()
[![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
[![uv](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/uv/main/assets/badge/v0.json)](https://github.com/astral-sh/uv)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

```
โ•”โ•โ•—โ•ฆโ•ฆโ•โ•—โ•”โ•โ•—โ•”โ•ฆโ•—โ•”โ•ฆโ•—โ•”โ•โ•—โ•ฆโ•”โ•โ•”โ•—โ•”โ•”โ•โ•—โ•ฆ โ•ฆ
โ• โ•ฃ โ•‘โ• โ•ฆโ•โ•šโ•โ•— โ•‘ โ•‘ โ•‘ โ•‘โ• โ•ฉโ•—โ•‘โ•‘โ•‘โ•‘ โ•‘โ•‘โ•‘โ•‘
โ•š โ•ฉโ•ฉโ•šโ•โ•šโ•โ• โ•ฉ โ•ฉ โ•šโ•โ•โ•ฉ โ•ฉโ•โ•šโ•โ•šโ•โ•โ•šโ•ฉโ•
v0.4.0 โ€” Never miss what matters in tech.
```


FirstToKnow demo โ€” AI-powered tech briefing in your terminal

One command. Everything that matters about your stack โ€” CVEs, breaking changes, trending repos, HN discussions.

> **๐Ÿ”ฅ Real story caught by FirstToKnow:** The briefing below is real โ€” FirstToKnow surfaced that **Claude Code's source code was accidentally exposed via a `.map` file in their npm registry** (1,883 pts on HN) alongside **5 Express CVEs** and trending repos like `openai/codex-plugin-cc` โ€” all in one command, before most developers even heard about it. That's the point.
>
---

## The Problem

You've been here:

- ๐Ÿ˜ค LiteLLM shipped a **breaking change** โ€” you found out when your prod pipeline crashed
- ๐Ÿคฆ Google ADK released the exact fix you needed โ€” **2 weeks ago**
- ๐Ÿ˜ถ A repo with **15K stars** solves your exact problem โ€” you never heard of it
- ๐Ÿ”“ A package you depend on has a **critical CVE** โ€” you found out from Twitter, not your tooling
- ๐Ÿซ  Your colleague casually drops *"oh yeah, that was deprecated last month"*

You're not lazy. You're not out of touch. **There's just too much happening and no one tool that watches YOUR stack.**

Dependabot bumps versions but doesn't explain why it matters. daily.dev shows generic news, not YOUR news. GitHub Watch drowns you in noise.

## The Fix

**FirstToKnow** is an AI agent that knows your stack, tracks what matters to YOU, and briefs you like a personal tech analyst.

```bash
# 30 seconds to set up
uv run firsttoknow scan # Auto-detects deps from your project
uv run firsttoknow track --topic "AI agents" # Add topics you care about
uv run firsttoknow brief --model gpt-4o # Get your personalized briefing
```

```
โ•ญโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ ๐Ÿ”” FirstToKnow Briefing โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚ โ”‚
โ”‚ ๐Ÿ”ด CRITICAL โ€” action needed โ”‚
โ”‚ โ”œโ”€โ”€ litellm 1.41.0 โ†’ Breaking: Azure auth flow changed โ”‚
โ”‚ โ”œโ”€โ”€ ๐Ÿ›ก๏ธ CVE-2024-1234 (HIGH 7.5) โ€” SQL injection in litellm <1.40.5 โ”‚
โ”‚ โ””โ”€โ”€ google-adk 1.28.0 โ†’ New: Multi-agent orchestration โ”‚
โ”‚ โ”‚
โ”‚ ๐ŸŸก WORTH KNOWING โ”‚
โ”‚ โ”œโ”€โ”€ ๐Ÿ”ฅ Trending: "hermes-agent" (15K โญ this week) โ”‚
โ”‚ โ””โ”€โ”€ HN: "AI agent memory" discussion (342 points) โ”‚
โ”‚ โ”‚
โ”‚ ๐ŸŸข FYI โ”‚
โ”‚ โ”œโ”€โ”€ pytest 9.0.2 โ€” minor bugfixes โ”‚
โ”‚ โ””โ”€โ”€ 3 new repos matching "AI agents" trending today โ”‚
โ”‚ โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ model: gpt-4o โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
```

**No dashboards.** No browser tabs. No newsletters you'll never read. Just one command and you're the **first** to know.

## What makes it different

| Feature | FirstToKnow | Dependabot | daily.dev | GitHub Watch |
|---------|:-----------:|:----------:|:---------:|:------------:|
| Tracks YOUR stack | โœ… | โœ… | โŒ | โŒ |
| Explains what changed & why | โœ… | โŒ | โŒ | โŒ |
| CVE/vulnerability scanning | โœ… | โŒ | โŒ | โŒ |
| Trending repos & HN/Reddit | โœ… | โŒ | โœ… | โŒ |
| AI-prioritized (๐Ÿ”ด ๐ŸŸก ๐ŸŸข) | โœ… | โŒ | โŒ | โŒ |
| Works with any LLM | โœ… | N/A | N/A | N/A |
| One command, full briefing | โœ… | โŒ | โŒ | โŒ |

## Features

### ๐Ÿ“ฆ Package Tracking (PyPI + npm)
```bash
uv run firsttoknow track litellm # PyPI
uv run firsttoknow track --npm express # npm
uv run firsttoknow scan # Auto-detect from pyproject.toml / package.json
```

### ๐Ÿ›ก๏ธ Security Vulnerability Scanning
Every tracked package is checked against [OSV.dev](https://osv.dev) (Google's vulnerability database) for known CVEs. Vulnerabilities are always flagged ๐Ÿ”ด CRITICAL with severity levels.

```
๐Ÿ”ด CVE-2024-1234 (CRITICAL 9.8) โ€” Remote code execution via prompt injection
๐Ÿ”ด CVE-2024-5678 (HIGH 7.5) โ€” SQL injection in query parameter handling
```

No auth required. No rate limits. Covers both PyPI and npm.

### โณ Live Progress Spinner
No frozen terminal. The briefing shows what's happening in real-time:

```
โ ‹ Checking PyPI...
โ ™ Scanning for vulnerabilities...
โ น Fetching GitHub trending repos...
โ ธ Searching Hacker News...
โ ผ Browsing Dev.to articles...
```

### ๐ŸŽจ Rich Markdown Output
Briefings render with styled headings, **bold text**, bullet lists, and clickable terminal hyperlinks. Not raw markdown โ€” actual formatted terminal output.

## Get Started in 60 Seconds

```bash
# Install
git clone https://github.com/dineshkrishna9999/firsttoknow.git
cd firsttoknow && uv sync

# Point it at any LLM (Azure, OpenAI, Gemini, Claude, Ollama)
echo "OPENAI_API_KEY=sk-..." > .env
uv run firsttoknow config model gpt-4o

# Tell it what you care about
uv run firsttoknow track litellm # PyPI package
uv run firsttoknow track --npm express # npm package
uv run firsttoknow track --github BerriAI/litellm # GitHub repo
uv run firsttoknow track --topic "AI agents" # Broad topic
uv run firsttoknow scan # Or just auto-detect everything

# Get briefed
uv run firsttoknow brief
```


FirstToKnow scan and status commands โ€” auto-detect dependencies and track them

scan auto-detects your dependencies, status shows everything you're tracking at a glance.

That's it. You're the first to know.

## All Commands

```bash
# Track / Untrack
uv run firsttoknow track # Track a PyPI package
uv run firsttoknow track --npm # Track an npm package
uv run firsttoknow track --github owner/repo # Track a GitHub repo
uv run firsttoknow track --topic "AI agents" # Track a topic
uv run firsttoknow track litellm --version 1.40 # Track with current version
uv run firsttoknow scan # Auto-detect from pyproject.toml / package.json
uv run firsttoknow untrack # Stop tracking

# Briefings
uv run firsttoknow brief # Get your AI briefing
uv run firsttoknow brief --model azure/gpt-4.1 # Use a specific model
uv run firsttoknow brief --raw # Raw text, no formatting

# Manage
uv run firsttoknow list # See what you're tracking
uv run firsttoknow status # Full overview
uv run firsttoknow config model # Set default LLM
uv run firsttoknow config show # Show settings
```

## Works With Any LLM

Powered by [LiteLLM](https://github.com/BerriAI/litellm) โ€” so you're not locked in:

| Provider | Model | Env Var |
|----------|-------|---------|
| **Azure OpenAI** | `azure/gpt-4.1` | `AZURE_API_KEY` |
| **OpenAI** | `gpt-4o` | `OPENAI_API_KEY` |
| **Google Gemini** | `gemini/gemini-2.0-flash` | `GEMINI_API_KEY` |
| **Anthropic Claude** | `anthropic/claude-sonnet-4-20250514` | `ANTHROPIC_API_KEY` |
| **Ollama (free!)** | `ollama/llama3` | None needed |

## How It Works Under the Hood

```
You run: firsttoknow brief
โ”‚
โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ FirstToKnow CLI โ”‚ Reads your tracked items from ~/.firsttoknow/
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
โ”‚
โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ ADK Agent + โ”‚ AI decides which tools to call based on
โ”‚ LiteLLM โ”‚ what you're tracking
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
โ”‚
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ–ผ โ–ผ โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ PyPI โ”‚ โ”‚GitHubโ”‚ โ”‚ HN โ”‚ Real API calls โ€” not hallucinated data
โ”‚ API โ”‚ โ”‚ API โ”‚ โ”‚ API โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ npm โ”‚ โ”‚Dev.toโ”‚ โ”‚Redditโ”‚
โ”‚ API โ”‚ โ”‚ API โ”‚ โ”‚ API โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚OSV โ”‚ CVE/vulnerability scanning
โ”‚(free)โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
โ”‚
โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ AI synthesizes โ”‚ Prioritizes: ๐Ÿ”ด Critical โ†’ ๐ŸŸก Important โ†’ ๐ŸŸข FYI
โ”‚ and prioritizes โ”‚ Thinks like a senior dev briefing a CTO
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
โ”‚
โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Rich Markdown โ”‚ Styled headings, bold, bullets, clickable links
โ”‚ terminal output โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
```

The AI **decides** which tools to call โ€” you don't hardcode the flow. You just say "brief me" and it figures out what to check.

## Development

```bash
git clone https://github.com/dineshkrishna9999/firsttoknow.git
cd firsttoknow && uv sync

uv run poe check # Run ALL checks (format, lint, typecheck, test)
uv run poe test # Just tests
uv run poe fmt # Format code
```

130 tests. Zero tolerance for regressions.

### Project Structure

```
src/firsttoknow/
โ”œโ”€โ”€ cli.py # CLI commands (Typer)
โ”œโ”€โ”€ config.py # Config & persistence (~/.firsttoknow/)
โ”œโ”€โ”€ models.py # Data models (TrackedItem, ItemType)
โ”œโ”€โ”€ renderer.py # Rich terminal output (Markdown, banners, spinners)
โ”œโ”€โ”€ scanner.py # Dependency scanner (pyproject.toml, requirements.txt, package.json)
โ””โ”€โ”€ agents/
โ”œโ”€โ”€ agent.py # ADK agent + runner (with tool-call callbacks)
โ”œโ”€โ”€ _tools.py # 7 API tools (PyPI, npm, GitHub, HN, Dev.to, Reddit, OSV)
โ””โ”€โ”€ instructions/
โ””โ”€โ”€ briefing.py # System prompt โ€” the brain
```

## License

[MIT](LICENSE) โ€” do whatever you want with it.

---


Stop being the last to know. Start being the first.

Built by Dinesh Karakambaka

โญ Star this repo if you've ever found out about a breaking change from a colleague.