I'm curious where the pattern will go. My sense is there is a split between cathedrals vs bazaar for approach here, where cathedrals are quite rigid app builders, think framer/wix, while bazaars focus a layer below for more flexibility but less integrated.
“Datasette is a tool for exploring and publishing data. It helps people take data of any shape, analyze and explore it, and publish it as an interactive website and accompanying API.
Datasette is aimed at data journalists, museum curators, archivists, local governments, scientists, researchers and anyone else who has data that they wish to share with the world. It is part of a wider ecosystem of 44 tools and 154 plugins dedicated to making working with structured data as productive as possible.”
So I imagine we could now load some data in to sqlite, design some HTML also loaded in to the db, and deploy. Although looking at the source, it seems like stored apps are expected to be managed by the plugin itself, but I'm sure there's a way around that
[0] Eg from one of the examples - https://datasette.io/legislators/-/query.json?sql=select+*+f... . If you strip the '.json' you get the html view. For what it's worth there's also a '.csv' version.
I have an idea for a way to edit them through Datasette and have them backed up to Git via a separate mechanism, but having them on disk would be a whole lot more convenient.
Filed an issue here: https://github.com/datasette/datasette-apps/issues/30
https://railsware.com/blog/couchdb-and-couchapp-part-1/amp/#...
https://couchapp.readthedocs.io/en/latest/couchapp/gettingst...
https://couchapp.readthedocs.io/en/latest/user/list-of-couch...
[0] https://sqlite.org/src/file/ext/misc/fileio.c, it allows you to read a directory recursively in the cli (`select * from fsdir("./");`)
Edit: It allows upwards traversals (`select * from fsdir("../../../../etc/passwd");`), so beware
I'm sticking with the Python bundled sqlite3 though so I'm not in a good place to take advantage of that one.
CORS headers?
/-/apps/iframe-content/timeline.html
If you want both sandbox= restrictions and CSP headers at the same time the only way I've found that works cross all major borders is the iframe plus srcdoc="" with injected CSP meta headers patterns.
Note that a lot of sandbox implementations serve their iframe content from a separate domain, to ensure cookies and localStorage and other same origin things are robustly protected.
I can't do that easily for Datasette because it's open source software that people can run on their own laptops, so I didn't want to block people on "now register a domain/subdomain and set this up in DNS".
The 'write' part would technically be very doable and not that different from other back-ends.
My more recent prototype shrinks that to 10.47 MB transferred: https://simonw.github.io/research/pyodide-asgi-browser/datas...
You almost never need just a basic list of all the data in your table, even if you're able to filter and sort it. There's no moat there at all. People need serious BI tools, and that throws simplicity out of the window (PowerBI, QuickSight, etc.).
In reality, what most people need is much simpler, a mini app with some curated datasets and simple filters, maybe some AI querying if we want to get fancy. There's some companies out there that work with big data, but for the rest of us small data is ok.
I remember writing code in the bad old days to parse HTML tags and allowlist specific attributes. Now browsers have a much better solution baked in.
But it still makes me a bit nervous. Seems like a very small bug could sneak in. This is a good example of where I would reach for Fable to double check the implementation and have a lot of extra tests.
(nit: would be nice if the chat box treated Enter and Shift+Enter the way these other companies have trained my brain, but maybe that is a deliberate choice.)
Thankfully GPT-5.5 is really strong on security stuff too. I wouldn't have dared build this without a whole lot of Opus/GPT-assisted prototyping and testing along the way.
although I'm coming from a different starting point, it seems like some of our thoughts have aligned. I'm building https://caipi.ai/ as a workspace for agents to build simple data driven apps. The agent edits through MCP and the user gets an interactive app in the browser.
If you're interested picking each others brains around this topic, I'd be psyched to have a chat. gh:pietz.
The design keeps data and presentation together and even maps do not rely on external services.
I have called it Pihka: https://ghentcdh.github.io/Pihka/ https://github.com/GhentCDH/Pihka
Any query you save is a regular query. It operates under the permissions of the viewer, and checks that the viewer has the necessary permissions - read access to the database, or more finely grained write access which checks the individual tables they will be writing to.
The problem with that is that it means you can't build an app which other, signed out or unprivileged users, can use.
So there's a second category: "trusted" queries. These are current only configurable by the site administrator who controls the Datasette deployment, as they go straight in the configuration file: https://docs.datasette.io/en/latest/sql_queries.html#trusted...
I'm planning to add a way for trusted users to create these through the UI via another permission, with a very strong UI warning to only use this feature if you understand the implications.
Here's a demo of an app that runs against trusted stored queries: https://agent.datasette.io/-/apps/01ktw6fpag19dnnga85t2ced3p
Source code here, showing how those queries are called: https://gist.github.com/simonw/6e6a3760fa0528ceda1f65d789069...
It uses these queries: https://agent.datasette.io/content/timeline-filtered and https://agent.datasette.io/content/timeline-count
I named my database management software Datasette as an homage to the C64. I also figured it would be a unique name that would be easy to search for...
... jokes on me, it turns out the retro computing C64 community is way more active than I expected and there are still plenty of people taking about Datasette tape drives online, 30+ years after they stopped being manufactured and sold.
Either way feels ridiculous, but the human in me wants to know which it is ^_^
10 PRINT "HAVE YOU TRIED READING IT AGAIN?"
20 GOTO "https://news.ycombinator.com/item?id=48594798"Just read for the first time.
Thank you for the disambiguation for me - and the other readers.
Please hold the snark, lol
It has 119 repositories.
Is this how AI slop looks like in code? Made for the agents, by the agents? Is this separation of concerns or context management with agents as a first class residents and humans merely acting as custodians?
Most of them predate coding agents. I started the Datasette project in 2017.
In fact we can answer this with Datasette! Here's a query showing the 111 packages with at least one release prior to ChatGPT on Nov 30 2022: https://datasette.simonwillison.net/simonwillisonblog?sql=wi...
And this is that same query for Claude Code (Feb 24 2025) - which returns 172:
https://datasette.simonwillison.net/simonwillisonblog?sql=wi...
I'm at 205 today (some of the repos on GitHub aren't plugins, and some in the datasette org were written and released by Alex Garcia which excludes them from my own releases database).
Most of the plugins I wrote this year have been heavily AI-assisted, but that wasn't the case for the older ones. Here's my post from October 2025 when I first realized Claude Sonnet 4.5 could one-shot a plugin for me: https://simonwillison.net/2025/Oct/8/claude-datasette-plugin...
The reason there are so many repos is that Datasette uses a plugin architecture, which makes it much easier to try out different features without risk of corrupting the core project with things that turn out to be bad ideas.
I gave a talk about plugin architecture at DjangoCon a couple of years ago: https://2024.djangocon.us/talks/how-to-design-and-implement-...
THen Garry Tan.
Simon needs to resist the pelicans(and the django mindset) and Garry needs a new loop which can loop on itself without any human trigger so that the agents can "dream" better. Who knew that it was not just the models which could hallucinate.
Here the goal is to be a self-assembling harness (akin to pi) but focusing on duplex human-agent interactivity over rendered HTML "apps". To start, it's focused more on the "please review this PR and then generate a one-page report" with the ability to write comments in the actual report that automatically get sent back to the agent. The end goal is closer to offering a substrate for less technical people to be able to build personal applications like
- an interactive wiki maintainer: chat with the agent about an article, pull out sections, append/create concepts in the wiki with the new info - agent code harness: agent tabs to the left, chat in middle, code diffs on the right (like the superset/commander class of apps)
Anyway, I'm really into the "self assembling" class of software where everything is basically just an SDK + Agent. I think we might actually be ushering in a new era of "personal computing" in that it's less friction than ever to personalize your setup to your whims. Anyway, thats the goal I'm reaching for.
It seems many others are coalescing on this idea at the same time, so it must just be in the aether.
Ive witnessed it many times now, im positive this phenomenon exists.