GitHub Hot — 12 May 2026

Top 10 repos trending on GitHub this week — what they do, why they matter, and how to use them in your projects.

1. antirez/ds4

8,002 stars this week · C

A purpose-built C inference engine for DeepSeek V4 Flash (284B MoE) that runs locally on Mac (Metal) or GPU (CUDA) with 2-bit quantization, written by antirez — the Redis creator.

Use case

The real problem: every general-purpose runtime (ollama, llama.cpp server, LM Studio) adds layers of abstraction that hurt latency and memory efficiency for a specific model. ds4 strips all of that away — if you have a 128GB MacBook Pro and want to run a near-frontier 284B model locally with thinking mode enabled without paying API costs, this is the only viable path. Concrete scenario: Henry wants to run private resume analysis or career coaching inference locally without sending candidate data to Anthropic or OpenAI — ds4 + DeepSeek V4 Flash gives him a 1M-token context, fast thinking mode, and zero API costs after setup.

Why it's trending

Two colliding forces: antirez (Salvatore Sanfilippo, creator of Redis) publishing production-quality C code has strong credibility gravity, and DeepSeek V4 Flash just landed as arguably the best local-runnable model for people with 96-128GB unified memory Macs — a rapidly growing demographic of serious developers. The 'it actually runs on a MacBook' angle is the trigger.

How to use it

1. Clone and build: git clone https://github.com/antirez/ds4 && cd ds4 && make — requires Xcode command-line tools on Mac for Metal; CUDA toolkit for GPU builds.,2. Download the 2-bit quantized DeepSeek V4 Flash weights (GGUF format, ~60-80GB) from Hugging Face — the README links the specific quant that works well at 2-bit.,3. Start the local server: ./ds4 --model /path/to/deepseek-v4-flash.gguf --port 8080 — it exposes an OpenAI-compatible /v1/chat/completions endpoint.,4. Point any OpenAI SDK client at http://localhost:8080 with a dummy API key — drop-in replacement: const client = new OpenAI({ baseURL: 'http://localhost:8080/v1', apiKey: 'local' });,5. Enable thinking mode by passing the appropriate system prompt or model parameter per the ds4 docs — this gives you chain-of-thought proportional to problem complexity, not runaway token burn.

How I could use this

1. Local 'private resume vault' feature: since Henry's platform handles sensitive career data (resumes, visa status, salary expectations), offer a privacy-first tier that routes resume analysis through a self-hosted ds4 instance instead of Anthropic's API — market it explicitly to candidates at large firms with NDAs who can't paste their resume into a cloud AI. The 1M token context means you can send the full job description + resume + previous feedback history in one shot.
2. Career coaching chatbot with persistent KV cache: ds4's on-disk KV cache persistence means you can save the 'warm' state of a long conversation context (e.g. a user's entire job search history, all their resume iterations, interview feedback) and reload it instantly without re-encoding — implement a 'your career advisor remembers everything' feature that would be prohibitively expensive with per-token API pricing at this context length.
3. AI news / githot digest with zero API cost: Henry's existing scripts/fetch-ai-news.ts and githot pipeline currently shell out via scripts/llm-claude.ts and burn Claude API quota. Route the daily content summarisation tasks (low sensitivity, high volume, acceptable latency) through a local ds4 instance — the OpenAI-compatible API means it's a one-line baseURL swap, and the cost drops to electricity.

2. V4bel/dirtyfrag

4,309 stars this week · C

Dirty Frag is a deterministic, race-condition-free Linux LPE exploit chaining two page-cache write CVEs (CVE-2026-43284, CVE-2026-43500), both now patched in mainline kernel.

Use case

Extends the Dirty Pipe/Copy Fail bug class — arbitrary writes to read-only page-cache backed files — without needing a race window. Relevant to any Linux sysadmin or cloud engineer who hasn't patched their kernel since May 2026.

Why it's trending

Published after a broken embargo on 2026-05-07 with both CVEs now patched; the deterministic nature and high success rate make it a landmark LPE technique, drawing heavy attention from kernel security researchers.

How to use it

NOT PROVIDED — this is a privilege escalation exploit. For patch status: run 'uname -r' and compare against the mainline commits f4c50a4034e6 and aa54b1d27fe0. Apply distro security updates.

How I could use this

1. Write a technical explainer post on the Dirty Pipe → Copy Fail → Dirty Frag lineage: what page-cache write primitives are, why they're dangerous, and how the bug class has evolved — this is high-SEO content that security-focused devs search for after every disclosure.
2. Build a 'Is my server patched?' micro-tool: user pastes their kernel version, you check it against the patched commit hashes for known CVEs in this class — useful for the international IT graduates audience who manage cloud infra.
3. AI feature: a CVE severity explainer that takes a CVE ID, fetches the NVD entry, and returns a plain-English breakdown of impact, affected versions, and patch status — useful framing for non-security engineers.

3. vercel-labs/zero-native

2,868 stars this week · Zig

zero-native wraps any web frontend (including Next.js) in a tiny Zig-compiled native shell using the platform WebView, giving you a distributable desktop app with no Electron overhead.

Use case

Electron apps ship 80–120 MB because they bundle a full Chromium. zero-native instead calls the OS's existing WebView (WKWebView on macOS, WebKitGTK on Linux) so your binary stays under 5 MB and cold-start is near-instant. Concrete scenario: you've built a Next.js resume analyser — zero-native lets you package it as a signed .app or .exe that users download and run offline, with native file system access for reading PDFs and writing exported resumes, all bridged through Zig commands rather than Node IPC.

Why it's trending

Electron fatigue is at a peak after VS Code, Slack, and Discord all shipped memory-profiling exposés. zero-native landed just as Tauri (Rust/WebView) proved the model works, but targets developers who want direct C-interop for native codecs, local ML runtimes, or platform SDKs — things Tauri's safe Rust layer makes awkward. The Vercel Labs provenance and Next.js first-class support pushed it over the algorithm threshold this week.

How to use it

1. Install the CLI and scaffold a Next.js shell: npm install -g zero-native && zero-native init gradland-desktop --frontend next,2. The generated project has a src/main.zig App entry point and a frontend/ Next.js workspace. Run zig build run — it builds the native shell, starts the Next.js dev server, and opens a desktop window pointed at localhost.,3. Expose native capabilities (file picker, notifications, local DB) by registering Zig command handlers in src/commands.zig, then call them from your React/TS code via the injected window.__zero.invoke('commandName', payload) bridge.,4. For production, run zig build -Doptimize=ReleaseSafe and bundle the output with zero-native package --target macos-arm64 — produces a signed .app with your Next.js build statically embedded.,5. Use the CEF flag (zero-native init ... --engine cef) only if you need pixel-perfect WebGL or a pinned Chrome version; for a content/form-heavy career tool the system WebView is sufficient and keeps the download tiny.

How I could use this

1. Package the Gradland career toolkit as a free downloadable macOS/Windows desktop app — users install it once, it works offline for resume PDF parsing and interview flashcards, and the native file bridge lets you read PDFs directly from the filesystem without uploading them to a server, which removes a major privacy objection from enterprise candidates.
2. Build a local-first visa deadline tracker desktop widget: a zero-native app that runs in the menu bar, reads the user's 482/485 visa dates from a local SQLite file (accessed via a Zig bridge), and fires native OS notifications 90/60/30 days out — no Supabase round-trip, no login required, and zero server cost for what is currently a high-anxiety use case for your core audience.
3. Wrap a local Ollama or llama.cpp inference session inside the native shell so the AI interview coach can run entirely on-device — the Zig layer spawns the model process and streams tokens back to the Next.js UI over a local stdio bridge, letting users practice behavioural interview answers without sending sensitive career history to any cloud API.

4. strukto-ai/mirage

2,047 stars this week · TypeScript · agent-sandbox agent-tools ai-agents bash

Mirage gives AI agents a single Unix-like filesystem interface over every backend — S3, Google Drive, Slack, Gmail, Redis — so agent code never needs to know which SDK or auth pattern a data source requires.

Use case

The core pain point: every AI agent pipeline ends up as a tangle of SDK-specific adapters — one for S3, one for Drive, one for Slack, each with different auth, error handling, and call patterns. Mirage mounts all of them under a single virtual tree so your agent calls fs.read('/drive/resumes/henry.pdf') and fs.write('/s3/output/report.json', data) with identical code regardless of backend. Concrete example: a resume analysis agent that pulls a CV from Google Drive, fetches matching job descriptions from S3, and writes the result to Redis — all through the same five Unix-like operations.

Why it's trending

The claude-code topic is the tell — Claude Code's own tool abstraction is filesystem-shaped, and every serious agentic framework (OpenAI Agents SDK, LangChain, LlamaIndex) is converging on the same pattern. Mirage hit at exactly the moment teams are moving from single-tool agents to multi-source pipelines and hitting the SDK-sprawl wall.

How to use it

1. Install: npm install @struktoai/mirage-node
2. Mount your sources:

import { Mirage } from '@struktoai/mirage-node';
const fs = new Mirage();
await fs.mount('s3',     { bucket: 'gradland-assets' },       '/s3');
await fs.mount('gdrive', { credentials: oauthToken },         '/drive');
await fs.mount('slack',  { botToken: process.env.SLACK_BOT }, '/slack');

3. Pass fs to your Claude agent as a tool set — agent calls fs.read(), fs.write(), fs.list() against any path
4. Add new backends (Gmail, Redis, Supabase) by mounting additional adapters — zero changes to agent logic
5. For sandboxed agents, use Mirage's virtual-only mode to give the agent a fake FS during testing without touching real backends

How I could use this

1. Mount the content/githot/ directory + a GitHub trending API adapter under Mirage, then wire a Claude Haiku agent that reads /github/trending, fetches README excerpts, generates the structured JSON you already produce in githot scripts, and writes final markdown to /content/githot/YYYY-MM-DD.md — replacing the bespoke fetch-and-write logic in scripts/fetch-*.ts with a single agent loop that works identically for ai-news, visa-news, and digest by swapping the mount path.
2. Extend the resume analyser to accept Google Drive URLs: mount /gdrive with the user's OAuth token (stored in Supabase, retrieved server-side), so the agent calls fs.read('/drive/' + fileId) instead of parsing a multipart upload — same app/api/resume/analyse/route.ts handler, but users can now point at an existing Drive CV rather than re-uploading, which removes the biggest UX friction in the current flow.
3. Build a nightly career-intel agent that mounts /supabase/jobs (your scraped jobs table), /gmail/recruiters (filtered by label), and /s3/salary-data as Mirage paths, then runs a Claude Sonnet sweep that reads all three, cross-references the user's stored resume skills from Supabase, and writes a ranked opportunities_YYYY-MM-DD.json to the user's dashboard feed — one agent codebase, three live backends, no per-source SDK code in the agent itself.

5. yaojingang/yao-open-prompts

1,822 stars this week · Python · ai chinese-prompts geo prompt-engineering

A structured library of 116 battle-tested Chinese AI prompts across work, marketing, learning, and content scenarios — including a GEO (Generative Engine Optimisation) prompt suite that's ahead of what most Western prompt repos cover.

Use case

Developers building AI features often waste time writing prompts from scratch and getting mediocre output. This repo solves that by providing production-ready prompts with real structure — e.g. the RTF meta-prompt system (Role, Task, Format) generates high-quality prompts from requirements rather than guessing. Concrete example: instead of writing a vague 'summarise this article' prompt, you'd use the meta-prompt to produce a structured content rewriter prompt tuned for WeChat-style output.

Why it's trending

The GEO (Generative Engine Optimisation) section landed this week — 25 templates covering how to optimise content for AI answer engines like ChatGPT and Perplexity rather than Google, which is exactly where SEO practitioners are scrambling right now. The bilingual English mirror (prompts-en/) also just dropped, making it accessible to non-Chinese developers for the first time.

How to use it

1. Clone the repo and open CATALOG.md — it's a full indexed table of all 116 prompts with file paths, so you can find the relevant prompt in under 30 seconds rather than browsing directories.,2. Start with the RTF meta-prompt system at prompts/01-ai-methods/rtf-meta-prompt-system-v06.md — paste your feature requirement into it and let it generate a structured prompt rather than writing one manually.,3. For content features, pull from prompts/06-ai-content/ — these cover title generation, rewriting, and platform-specific tone (e.g. WeChat public account HTML format) which map directly to blog post generation pipelines.,4. For GEO/SEO features, audit prompts/08-ai-marketing/ — the 25 templates cover structured data, citation building, and AI-answer-engine optimisation, which you can adapt into your own content API calls.,5. Use the templates/ directory structure as a spec when storing your own custom prompts — it enforces consistent frontmatter (role, task, format, quality criteria) that makes prompts version-controllable and team-shareable.

How I could use this

1. Feed your existing blog posts through the GEO prompt templates (prompts/08-ai-marketing/) to auto-generate Schema.org structured data and FAQ blocks — wire this into your content pipeline as a post-publish step that hits an API route and patches the markdown frontmatter with schema JSON. This directly improves how Gradland content surfaces in AI answer engines like Perplexity, which matters more than Google for your international student audience.
2. Use the RTF meta-prompt system as the backbone for a 'prompt builder' page on Gradland — users describe what they want (e.g. 'write a cover letter for a 485 visa holder applying for a junior dev role in Sydney') and your API route runs it through the RTF framework before hitting Claude Haiku. This turns a weak freeform prompt into a structured one without the user needing prompt engineering knowledge.
3. Adapt the Feynman questioning prompt (prompts/05-ai-learning/feynman-questioning.md equivalent in the learning section) into your existing Learn feature — when a user completes a module, instead of a static quiz, trigger a Feynman-style Socratic dialogue via claude-sonnet-4-6 that asks them to explain the concept back. This deepens retention and differentiates your learning paths from every other flashcard tool.

6. huangserva/3DCellForge

1,691 stars this week · JavaScript

A React Three Fiber + Three.js prototype that generates interactive 3D biological cell models in the browser, with a server-side Node backend bridging image-to-3D cloud APIs (Tripo, Rodin) and local models (Hunyuan3D).

Use case

The real problem is that visualising complex 3D data — cells, molecules, architecture, product models — in a browser has always required either a heavy WebGL framework you write from scratch or embedding a paid third-party viewer. 3DCellForge shows the full pattern: React Three Fiber for declarative WebGL, a thin Node proxy that keeps API keys server-side, and a polling loop for async generation jobs. Concretely: a bioinformatics student wants to share a rendered cell model on a blog post without exporting a video — this gives them an embeddable interactive GLB viewer with orbit controls and a screenshot button.

Why it's trending

Image-to-3D APIs (Tripo, Rodin, Hunyuan3D) just crossed the threshold of being fast and cheap enough to use in a web app rather than a desktop pipeline, and React Three Fiber r8 made declarative Three.js production-viable. This repo landed at exactly the moment developers are asking 'how do I wire these together with a real UX' — it's a working reference implementation, not a demo toy.

How to use it

1. Clone and install: git clone https://github.com/huangserva/3DCellForge && npm install && npm run dev — the demo GLBs work offline so you see a working viewer immediately.,2. Inspect server/index.js (the Node backend) to understand the Tripo polling pattern: POST to create a task, then poll the status endpoint until the GLB URL is ready — this is the reusable async generation loop you'll copy into your own projects.,3. Swap the cell geometry for your own use case by replacing the organelle mesh definitions with any GLB file: <useGLTF('/your-model.glb')> inside a React Three Fiber <Canvas> — the orbit controls and screenshot logic are component-level and transfer directly.,4. To enable image-to-3D: cp .env.example .env.local, add your TRIPO_API_KEY, then upload any reference image through the UI — the backend proxies the key so it never hits the browser bundle.,5. Export any generated model as GLB via the gallery action button, then host it on Supabase Storage and load it in your own R3F canvas with <useGLTF(supabasePublicUrl)>.

How I could use this

1. Embed an interactive 3D tech-stack diagram on your blog's About page — model each layer (Next.js, Supabase, Vercel, Claude) as a labelled 3D node, use React Three Fiber's <Html> overlay for tooltips, and let visitors orbit the diagram. Reuse 3DCellForge's orbit-controls + screenshot pattern verbatim; replace the GLB geometry with simple <Sphere> and <Line> primitives from Drei.
2. Build a 'Visa Pathway Visualiser' for Gradland — a 3D node graph where each visa subclass (482, 485, 189, 190) is a sphere connected by edges showing transition requirements. Click a node to expand a detail card (mirroring the organelle panel pattern) showing occupation lists, processing times, and costs pulled from your Supabase visa-news table. This turns dry migration data into something sticky and shareable.
3. Add a 'Career Roadmap in 3D' feature to the learning paths tool — generate a three-dimensional skill tree where each node is a course or certification, edges show prerequisites, and completed nodes glow green. Use the same polling + GLB export loop from 3DCellForge's backend to let users download their personalised roadmap as a 3D file they can share or 3D-print.

7. BigPizzaV3/CodexPlusPlus

1,488 stars this week · Python

Codex++ is a non-destructive external launcher that injects enhancements into OpenAI's Codex desktop app via Chrome DevTools Protocol — adding session deletion, plugin unlocking, and a settings menu that the native app locks behind a ChatGPT login.

Use case

OpenAI's Codex App silently disables its plugin marketplace when you authenticate via API key instead of a ChatGPT account, and there's no way to delete sessions — only archive them. Codex++ solves both by launching Codex with --remote-debugging-port=9229, then using CDP to inject a JavaScript patch into the renderer process at runtime. The result: full plugin access and a hover-to-delete button, with zero modifications to the original app.asar binary.

Why it's trending

OpenAI shipped Codex (their autonomous coding agent) as a desktop app just weeks ago, and power users are already hitting its UX walls — especially the API-key-mode plugin lockout. This repo is the first credible third-party enhancement layer for it, landing at exactly the moment the community is evaluating whether Codex is worth integrating into daily workflows.

How to use it

1. Install Python 3.11+ and clone the repo: git clone https://github.com/BigPizzaV3/CodexPlusPlus
2. Install dependencies: pip install -r requirements.txt
3. On Windows run the graphical installer; on macOS run the install script to generate /Applications/Codex++.app
4. Launch Codex++ instead of Codex — it starts Codex with --remote-debugging-port=9229, spins up a local helper, then injects renderer-inject.js via CDP
5. The Codex++ menu appears in the top menu bar — toggle plugin unlock, force-install plugins, and hover over any session to reveal the delete button with undo support

How I could use this

1. Write a technical post titled 'Non-destructive app enhancement with Chrome DevTools Protocol' — walk through how CDP injection works in Electron apps (the websocket handshake, Runtime.evaluate, Page.addScriptToEvaluateOnNewDocument), using Codex++ as the worked example. This exact pattern applies to any Electron-based tool Henry's readers use (Cursor, Notion, Discord) and would rank well for 'modify electron app without asar'.
2. Build a lightweight CDP-based browser automation layer for the career tools on Gradland — for example, a dev-only harness that auto-fills the resume analyser or interview prep forms during local testing, injecting test fixture data via CDP the same way Codex++ injects its enhancement script. No Playwright license needed, no test framework overhead for simple smoke tests.
3. Prototype a 'Codex session exporter' script using the same CDP bridge pattern: connect to a running Codex App on port 9229, scrape conversation history out of the SQLite database that Codex++ already knows how to read, and pipe it into a structured JSON format Henry could then feed into a Claude summarisation pipeline — turning raw Codex coding sessions into publishable case studies or portfolio writeups automatically.

8. lightseekorg/tokenspeed

971 stars this week · Python · blackwell deepseek gpt-oss kimi

TokenSpeed is a production-grade LLM inference engine that matches TensorRT-LLM throughput while keeping vLLM's ease of use, specifically tuned for agentic multi-turn workloads on Blackwell GPUs.

Use case

The real problem: running agentic AI apps (multi-step tool use, long context chains) on self-hosted LLMs is throttled by inference throughput, not model quality. A resume analyser that calls Claude 5 times per request, for example, becomes unusable at scale when each call waits 2-4s. TokenSpeed's MLA kernel and C++ scheduler cut per-token latency enough that 5-call agentic chains feel nearly instantaneous — relevant specifically for Gradland's resume analyser and interview prep flows if you ever want to self-host a model instead of paying Anthropic per-token.

Why it's trending

Kimi K2.5 just dropped benchmark results on Nvidia B200 GPUs and TokenSpeed is the inference engine behind those numbers — so it's riding the Kimi hype wave plus the wider OSS model release cycle (Qwen 3, DeepSeek V4, MiniMax M2.7 are all in active support). Engineers evaluating whether to self-host any of those models are landing here first.

How to use it

1. Provision a Blackwell (B200) or Hopper (H100) GPU instance — TokenSpeed is currently preview-only on those targets. AWS p5 or Lambda Labs H100 nodes work for Hopper.,2. Clone and install: git clone https://github.com/lightseekorg/tokenspeed && pip install -e '.[dev]' — requires CUDA 12.4+ and the TensorRT-LLM base image.,3. Launch a model (e.g. Kimi K2.5 or Qwen3): python -m tokenspeed.entrypoint --model kimi-k2.5 --tensor-parallel 8 — the SMG-integrated AsyncLLM starts an OpenAI-compatible HTTP server on :8000.,4. Point your existing Anthropic SDK calls at it by swapping the base URL: client = Anthropic(base_url='http://localhost:8000', api_key='unused') — no other code changes needed if your routes already use the standard messages API.,5. Benchmark against your current Anthropic latency using the /v1/completions endpoint with a realistic agentic prompt chain (5+ turns, tool call responses) to see whether self-hosting pencils out at your traffic volume.

How I could use this

1. Write a 'Cost vs Speed: When to self-host your LLM' post benchmarking Anthropic Haiku vs a self-hosted Qwen3 on Gradland's actual resume-analysis prompt chain — show real numbers (tokens/s, cost/1k requests) so international IT grads evaluating side-project hosting costs have a concrete reference.
2. Add a 'model speed' column to Gradland's AI tools comparison table (resume analyser, interview prep, salary predictor) showing estimated latency per call — framed as transparency for users wondering why the resume analyser takes 8s. This doubles as SEO content for 'fastest AI resume checker Australia' queries.
3. Prototype a local inference fallback in Gradland's API routes: if ANTHROPIC_API_KEY quota is exhausted (the scenario already handled by your Copilot fallback in §5.7), route to a TokenSpeed instance running Qwen3-7B on a cheap spot GPU — giving you a cost floor without full service degradation. Implement it as a second client in lib/llm.ts behind a feature flag.

9. pixel-point/media-downloader

588 stars this week · Swift

A polished native macOS wrapper around yt-dlp that adds trimming, clipboard copy, and download history — the native app yt-dlp power users have been waiting for.

Use case

If you regularly save YouTube tutorials, interview recordings, or TikTok demos for offline reference or content repurposing, yt-dlp alone means terminal commands and manual file management. Media Downloader gives you a Spotlight-style paste-and-go UI: paste a YouTube URL, get a trimmed MP4 in your Downloads folder and on your clipboard in under 10 seconds — no command memorisation, no ffmpeg flags.

Why it's trending

yt-dlp itself is surging in relevance as platforms crack down on third-party embeds and video availability windows shrink — developers want a polished GUI wrapper, not a CLI they have to rediscover every week. The Swift native implementation (not Electron) and the trim-in-app feature hit a gap that every existing GUI tool misses.

How to use it

1. Download the DMG from the releases page and install — no Homebrew needed for end users.
2. Install yt-dlp and ffmpeg as local deps if building from source: brew install yt-dlp ffmpeg.
3. Launch the app — a Spotlight-style input window appears.
4. Paste any YouTube/Instagram/TikTok/Reddit URL and hit Enter — the MP4 downloads and auto-copies to clipboard.
5. Open History to trim the clip: set in/out points and hit Save Trimmed — output is a new MP4 file, original untouched.

How I could use this

1. Build a 'Video to Blog Post' workflow for your own content: record a Loom or YouTube explainer about visa pathways or tech interview prep, use Media Downloader to pull and trim the key 60-second clip, then wire it into a Next.js API route that sends the clip to Claude (via base64 or a transcription step with Whisper) to generate a structured blog post draft — turning one recording into a markdown file in content/posts/.
2. For your Learn feature: add a 'Save this lesson' button on YouTube-embedded learning path videos. When a user clicks it, call a server action that shells out to yt-dlp (child_process.execFile) on Vercel (or a small EC2 worker) to download the video, store metadata in Supabase, and surface it in a 'Saved for offline' tab in the dashboard — directly addressing the 485-visa holders who study on patchy regional internet.
3. Use Media Downloader's trim-then-copy workflow as the inspiration for a 'Job Interview Clip' feature: let premium users paste a LinkedIn video URL of a company culture video or CEO talk, auto-transcribe it with Whisper, and run it through Claude to extract '5 things to mention in your interview' — positioning it as research automation for international students who over-prepare for cultural fit questions.

10. haydenbleasel/files-sdk

534 stars this week · TypeScript · agents blob cloudflare files

A single TypeScript SDK that gives you one consistent API for file uploads, downloads, and management across S3, R2, GCS, Azure, Vercel Blob, and more — including pre-built tool wrappers for Claude, OpenAI, and the Vercel AI SDK.

Use case

The real problem: every time you add or swap a storage provider you rewrite the same upload/download logic. Concrete example — your resume analyser currently uploads PDFs to Supabase Storage; if you wanted to move to Vercel Blob or R2 for cost reasons, you'd be rewriting route handlers. With files-sdk you change one import (files-sdk/supabase → files-sdk/r2) and every files.upload(), files.download(), files.signedUploadUrl() call stays identical. The files-sdk/claude subpath is the standout: it wraps a configured Files instance as ready-made Claude Agent SDK tools, so your AI routes can read and write files without you hand-rolling tool schemas.

Why it's trending

The files-sdk/claude adapter landed just as Anthropic's Agent SDK is getting traction — it removes the only annoying boilerplate left when wiring file I/O into a Claude tool-use flow. The timing with Vercel Blob maturing and R2 going GA means teams are actively shopping storage providers, which makes a provider-agnostic abstraction immediately useful rather than speculative.

How to use it

1. Install: npm install files-sdk — then install the adapter peer dep for your provider, e.g. npm install @aws-sdk/client-s3 for S3 or nothing extra for Vercel Blob.,2. Initialise once in a shared lib file: import { Files } from 'files-sdk'; import { vercelBlob } from 'files-sdk/vercel-blob'; export const files = new Files({ adapter: vercelBlob() });,3. In a route handler, replace your current upload logic: await files.upload('resumes/${userId}/${filename}', fileBlob, { contentType: 'application/pdf' }); — returns a typed result with the public URL.,4. For Claude AI routes, import the pre-built tools: import { createFileTools } from 'files-sdk/claude'; const tools = createFileTools(files); then pass tools directly into your client.messages.create({ tools, ... }) call — no manual tool schema writing.,5. Access the native client any time via files.raw if you need provider-specific features like Vercel Blob's put options or R2 bucket metadata.

How I could use this

1. Resume analyser file pipeline: replace the ad-hoc Supabase Storage calls in your resume upload route with files-sdk/vercel-blob so PDFs are served from Vercel's edge CDN. Use files.signedUploadUrl() to generate a short-lived client-side upload URL — the browser uploads directly, bypassing your API server entirely, which cuts cold-start timeouts on large PDF uploads.
2. AI-powered resume diff tool: store every version of a user's resume under a consistent key pattern (resumes/{userId}/{timestamp}.pdf), use files.list('resumes/{userId}/') to enumerate versions, then feed two versions into Claude Sonnet with a 'what changed and did it improve?' prompt — gives users a changelog of their own resume evolution over their job search.
3. Claude file tools for the interview prep route: wire createFileTools(files) into your /api/interview Claude calls so the model can autonomously fetch the user's stored resume PDF mid-conversation, extract relevant experience bullets, and ground its follow-up questions in the user's actual background — no manual context-stuffing needed in the prompt.