Launch HN: Kampala (YC W26) – Reverse-Engineer Apps into APIs

📝 Discussion Summary (Click to expand)

Top Themesfrom the HN thread

1. TLS & connection fingerprinting are still a hard bottleneck

“My experience has been that unless you bundle multiple TLS lib it is almost impossible to do at 100 % because none of the lib cover all the TLS extensions.” — sytten

2. Browser‑driven MCP workflow for automating 3rd‑party SaaS

“We opened Chrome, navigated the entire website, downloaded the HAR file, and asked Claude to analyze and document the APIs as OpenAPI JSON… Then the MCP launches a Playwright‑controlled browser, detects if the user is logged in, extracts auth credentials, caches them, and the script uses the APIs directly thereafter.” — ksri

3. Product naming & messaging concerns

“Zatanna is a DC comic book character… I’m not sure if either of us have even read comics, so not sure where that came from. For Kampala, when I started this I was trying Conductor for the first time. The generated workspace name was Kampala (the capital of Uganda).” — alexblackwell_

These three topics dominate the conversation, each supported by direct user quotes (shown above).

🚀 Project Ideas

Generating project ideas…

SaaS AuthFlow Generator

Summary

Automates extraction of authentication credentials from login‑only SaaS web apps and creates a ready‑to‑use MCP server that bypasses the browser after the first successful login.
Reduces token usage and eliminates repetitive “session refresh” logic for AI agents interacting with locked‑down corporate tools.

Details

Key	Value
Target Audience	AI engineers, automation consultants, security researchers building agentic workflows on top of third‑party web apps
Core Feature	One‑click credential extraction → auto‑generated MCP endpoint → direct API calls without further browser interaction
Tech Stack	Playwright (Chrome/Edge), Python stdio‑MCP, FastAPI, SQLite for credential cache
Difficulty	Medium
Monetization	Revenue-ready: usage‑based pricing $0.01 per API call after free tier

Notes

HN users repeatedly asked how to “one‑shot auth flow” and avoid constant browser re‑auth – this tool directly addresses that.
Potential for discussion around security best practices and integration with existing CI/CD pipelines for automated testing.

TLS Fingerprinting & Reverse‑Engineering Platform

Summary

Provides a unified UI and API for fingerprinting HTTP/2, HTTP/3, gRPC, and WebSocket connections, exposing TLS handshake details and session parameters.
Includes built‑in modules to generate synthetic fingerprints that match common browser/OS combos, solving the “none of the libs cover all TLS extensions” problem highlighted on HN.

Details

Key	Value
Target Audience	Network security researchers, performance engineers, SaaS developers needing precise traffic analysis
Core Feature	Real‑time fingerprint matching, custom fingerprint generator, exportable config files for downstream tools
Tech Stack	Go (net/http), Rust (for low‑level TLS parsing), React front‑end, gRPC backend
Difficulty	High
Monetization	Revenue-ready: tiered SaaS $49/mo (Starter) / $199/mo (Pro) with API quota

Notes

Discussion around “TLS/HTTP2 fingerprinting” and “HTTP3/tcp fingerprinting” shows a clear need for a polished solution.
Could spark dialogue on accuracy vs. performance trade‑offs and open‑source contribution opportunities.

AI‑Native Automation Hub (MCP Marketplace)

Summary

A marketplace and runtime where developers can discover, configure, and share ready‑made MCP servers for common SaaS interactions (e.g., calendar, payment, analytics). - Offers visual workflow builder, secure credential vault, and automatic session re‑auth handling, directly addressing the “session re‑auth mid‑script” frustrations.

Details

Key	Value
Target Audience	DevOps teams, automation engineers, product managers looking to embed AI agents into everyday tools
Core Feature	Marketplace of pre‑built MCP servers, drag‑and‑drop workflow composer, built‑in retry/refresh auth logic
Tech Stack	Node.js (Express), GraphQL API, PostgreSQL, Docker Swarm for scaling
Difficulty	Medium
Monetization	Revenue-ready: revenue share 20% on marketplace transactions + subscription $29/mo for premium connectors

Notes- Users repeatedly mentioned needing “MCP‑ready” integrations and better UX than existing proxies – this hub fills that gap. - Likely to generate discussion on community contributions, security audits, and potential extensions to mobile or IoT platforms.

Launch HN: Kampala (YC W26) – Reverse-Engineer Apps into APIs

Top Themesfrom the HN thread

🚀 Project Ideas

SaaS AuthFlow Generator

Summary

Details

Notes

TLS Fingerprinting & Reverse‑Engineering Platform

Summary

Details

Notes

AI‑Native Automation Hub (MCP Marketplace)

Summary

Details

Notes- Users repeatedly mentioned needing “MCP‑ready” integrations and better UX than existing proxies – this hub fills that gap. - Likely to generate discussion on community contributions, security audits, and potential extensions to mobile or IoT platforms.

Read Later