January 16, 2026
Command confessions, centralized
Show HN: Hc: an agentless, multi-tenant shell history sink
Ops cheer, privacy hawks squint: is this handy or creepy
TLDR: HC centralizes command history across servers into a searchable database, promising easy “find that one command” moments. Early commenters like the convenience (think Atuin vibes), while the debate heats up over privacy and exporting logs—useful for teams, but watch what you’re sending.
Show HN just dropped HC, a tool that funnels all your command-line history into one searchable place, and the crowd immediately started weighing convenience against creepiness. One early voice, raoulj, gave it a thumbs-up for the super easy capture—no installs, just send lines over the network. Folks compare it to atuin, a popular history tool, but HC’s pitch is dead simple: it’s “boring,” central, and grep-friendly (you can fetch plain text and search it). In non-nerd speak: it’s a giant search bar for “what did we type that time when it finally worked.”
Cue the drama: ops teams love the “agentless” setup (no software on servers). Privacy-minded devs are side-eyeing the idea of exporting commands, even with encryption (TLS is just secure connections), and marveling at the “API key in your command” trick like it’s a password taped under the keyboard. Some joked this is confession-as-a-service, where your terminal secrets get filed in a neat Postgres box. Others wonder if the plain HTTP export (even if limited) is a bit wild in 2026. The mood? Curiosity with a dash of “don’t accidentally log your cloud keys.” It’s the classic internet clash: searchability vs snoopability, with early testers eager and skeptics sharpening their memes.
Key Points
- •hc centralizes shell history across servers into a PostgreSQL backend with plaintext HTTP(S) export.
- •It is agentless, requiring only common tools (curl, wget, socat) on clients and supports BusyBox/ash and Bash.
- •Secure ingestion via TLS (SSL) supports authentication with API keys and, in progress, client certificates; plain TCP is available for trusted networks.
- •Multi-tenant isolation is implemented via API keys embedded in ingestion lines and stripped before storage.
- •Architecture uses an append-only per-tenant spool file as a safety net while PostgreSQL remains authoritative; all commands are preserved without deduplication.