Product demo · storyboard

A recorded demo of the product, frame by frame.

For Product Hunt and Hacker News. Tyler drives a real repo on screen. No marketing language, no voice-over selling. The product does the work, and the talk track just describes what is happening.

Audience
An engineer who has never seen Hyrax
Length
~3 min · 90-sec cut marked below
Format
Screen recording, one repo, start to finish

What this presents

Hyrax connects to your GitHub, finds real problems across the whole codebase, and fixes them as pull requests you approve. Every fix is verified against your own tests before you see it. It handles more than bugs, and nothing ships without you.

Intended takeaway

By the end, the viewer understands the loop and trusts it. It proves a problem is real before fixing, verifies the fix against their own suite, and the human still merges. This is not a coding agent you babysit, and not a scanner that hands you a backlog.

How to use the talk track

The talk track under each frame is direction, not a script. It tells you what that moment needs to land, in the voice you would use explaining this to another engineer. Keep the lines short and plain, describe what is on screen as you do it, and say one idea per frame. Never tell the viewer it is good, show it and let them decide.

Act 1

Frame the thing

Before any product appears: the problem the viewer lives with, what Hyrax is in one line, and how you actually use it.

≈ 0:00 – 0:35
github.com/acme/checkout-service · insights
+91%
time in PR review at high AI adoption
31%
of PRs now merge with no review at all
!Secret committed to config loader2d
!Unvalidated input reaches SQL query2d
·47 open issues · +18 this week
FRAME 01

The problem

On screen

A real repo: a growing issue backlog, and the review-load numbers climbing. Optionally a large AI-generated PR scrolling by.

What's happening

Set the situation before the product appears. AI made writing code fast and left review untouched, so problems pile up faster than anyone clears them.

Talk track

Say it the way you would to another engineer at your desk. AI made writing code fast and cheap, and the slow part now is reviewing and fixing all of it. Point at the backlog and the review numbers climbing. You are just naming the thing everyone watching already feels, so don't bring up Hyrax yet.

What it is
It reads your code, finds the real problems, and fixes them for you. More than bugs.
Security, performance, reliability, dead code, messy patterns. It reviews across all of it.
Connect Discover Audit Fix Review
FRAME 02

What Hyrax is

On screen

A clean statement card with the one-line definition and the loop laid out as chips.

What's happening

The first time the product is named. Give the viewer the whole shape in one breath so every later frame has a place to sit.

Talk track

Now say what it is, plainly. It connects to your GitHub, finds the real problems in your code, fixes them, and opens a pull request you review and merge. Make the point that it is more than bugs, it handles security, performance, reliability, and cleanup too. Then read the loop once so they know the shape of what is coming.

How you use it
Step 1Sign up, install the GitHub App
Step 2Pick the repos it can access
Step 3Review the pull requests it sends you
Nothing installed in the codebase. No change to how you work.
FRAME 03

How you use it

On screen

The three steps from the user's side, plain.

What's happening

Answer the very first question a viewer has: what do I actually do. Set expectations before the walkthrough.

Talk track

Answer the first thing anyone wonders, which is what do I actually do. You sign up and connect GitHub, you pick your repos, and from there you review the pull requests it sends you. Nothing to install, and nothing about how you work changes.

Act 2

Walk the loop

The product, step by step on one repo. This is the spine of the demo and where most of the time goes.

≈ 0:35 – 2:05
github.com/apps/hyrax · install
Install Hyrax on acme
Repository access
checkout-service
billing-api
web-app
infra-terraform
Install & authorize
FRAME 04

Connect

On screen

Install the GitHub App, the repo picker, select the repos to cover.

What's happening

The whole setup, live. You choose exactly which repos it can touch.

Talk track

Walk through installing the GitHub app and choosing the repos. The point to make is that you pick exactly what it can see, and every run is isolated, its own scoped keys for that repo and that run. Anything it changes comes back as a pull request, it never pushes to main.

app.gethyrax · checkout-service · discovery
Discovery
Mapping architecture and conventions
✓ Detected FastAPI backend, React + TypeScript frontend
✓ Learned routing and auth conventions
Writing repo context…
.hyrax/
  HYRAX.md · architecture.md · conventions.md
CLAUDE.md + pointer added
FRAME 05 · short-cut: skippable

It learns your repo

On screen

Discovery running, then the generated .hyrax context and the pointer added to CLAUDE.md.

What's happening

Before it fixes anything, it maps the architecture and conventions.

Talk track

Explain what happens the first time you add a repo. It reads the whole thing and maps it, your architecture and your conventions, and writes that down. Say why that matters: the fixes match how you already write code instead of the model inventing its own style, and that is what keeps it from fighting your codebase.

app.gethyrax · checkout-service · findings
Audit findings · 31
CriticalHardcoded secret in env loader
config/env.py:24
CriticalSQL built from unvalidated input
api/orders.py:88
HighMissing auth on internal route
api/admin.py:12
MediumRetry loop without backoff
lib/http.ts:53
FRAME 06

Audit and findings

On screen

Findings ranked by severity. Click into one real finding, the hardcoded secret, showing file, line, category, severity.

What's happening

The audit read the whole codebase and produced concrete problems, each tied to a location.

Talk track

Show the audit. It scanned the whole codebase, and these are the findings, ranked by severity, with how risky and how much work each fix is. Click into a real one, the hardcoded secret in the env loader, and describe it in plain terms.

checkout-service · finding · env-loader-secret
Proof · generated failing test
def test_env_loader_has_no_hardcoded_secret():   src = read("config/env.py")   assert "sk_live_" not in src
✕ FAILED · secret literal present at env.py:24
The bug is confirmed real before any fix is offered.
FRAME 07

Proof the finding is real

On screen

The test Hyrax wrote for that finding, failing on the current code.

What's happening

For a finding, it writes a test that fails on the bug before offering a fix.

Talk track

This is where you answer the doubt everyone is having, that it is just AI guessing. Before it even shows you a finding, it writes a test that fails on that bug. So you know it is real, not the model making something up.

checkout-service · fix · running
Fixing · Hardcoded secret
Fix
Baseline test written
Fix applied
Test suite passed
Build passed
Lint passed
Second-agent review…
FRAME 08 · the core

The fix

On screen

Click Fix. The steps run in order: baseline test, apply, run the suite, build, lint, second-agent review. Let it play out, do not cut away.

What's happening

The one-click fix runs full verification before producing anything. This frame carries the demo.

Talk track

Slow down here, this is the whole demo. Click Fix and narrate what it does: it writes a baseline test, applies the fix, then runs your actual test suite, build, and lint. A second agent reviews the change. If a check fails, you decide whether it retries or stops. Then land the line that sets it apart, this is the part a plain coding agent skips, it just tells you it is done.

github.com/acme/checkout-service · pull/482
Remove hardcoded secret from env loader
hyrax wants to merge 1 commit · resolves finding CRIT-1
config/env.py - API_KEY = "sk_live_9f2c..." + API_KEY = os.environ["API_KEY"]
✓ tests — 214 passed
✓ build — passed
✓ lint — passed
FRAME 09

The pull request

On screen

The PR: the diff with the secret moved to an env var, checks all green, the explanation linked back to the finding.

What's happening

The fix arrives as a normal PR with the diff, passing checks, and the reasoning.

Talk track

Show the pull request like any other. Here is the diff, the secret is pulled into an env var. Here are the checks, all passing. And it wrote up what the problem was and how it fixed it, linked back to the finding.

github.com/acme/checkout-service · pull/482
✓ All checks have passed · 3 successful
ApprovedReady to merge into main
Merge pull request
Hyrax opens the PR. It never pushes to main. You merge.
FRAME 10

Review and merge

On screen

Read the diff, then click merge.

What's happening

The human approves. This is where control lives.

Talk track

Keep it simple and human. You read it, and you merge. Nothing ships unless you approve it, and it never touched your main branch to get here.

Act 3

Earn the trust

The Hacker News questions, answered on screen. Why this beats what you already do, what runs under the hood, and how your code stays safe.

≈ 2:05 – 2:55
Different from what you do today
A scanner / telling Claude yourself
  • Flags problems, hands you a list
  • First scan buries you in thousands
  • Fixes only what you point it at
  • No proof it worked; says “done”
Hyrax
  • + Finds across the whole repo
  • + Fixes it, not just reports it
  • + Proves the bug, verifies the fix
  • + Same every run, for every engineer
FRAME 11

Different from what you do today

On screen

A two-column contrast card: a scanner or telling a coding agent yourself, versus Hyrax.

What's happening

Name the two things this audience already reaches for and show the gap plainly, without knocking them.

Talk track

This one is for the engineer who has already tried a scanner or just told Claude to fix it. Grant that both get you part of the way. Then draw the line: a scanner flags problems and hands you a list, and a coding agent only fixes what you point it at and can't prove it worked. Hyrax finds it across the whole repo, fixes it, proves the bug and verifies the fix, and does it the same way every run for the whole team, not just whoever is good with AI.

Under the hood · audit
Pass 1Deterministic scanners · plain rules, no model
Pass 224–39 category tools · security, correctness, perf, arch…
Pass 3Meta review · catches what narrow tools miss
Fix runs its own pipeline: plan → review panel → implement → verify → second review.
Models: Claude Sonnet and Opus, on AWS Bedrock. No proprietary model. The value is the harness, not the model.
FRAME 12

Under the hood

On screen

The audit pipeline in three passes, the fix pipeline in one line, and the model note.

What's happening

Answer the “how many agents, is the model yours” questions directly. Show it is a pipeline, and the model is Claude on AWS.

Talk track

Answer the how-many-agents and is-the-model-yours questions straight. There is no single agent, it is a pipeline. The audit runs plain scanners first, then a set of tools for security, performance, and the rest, then a broader review on top. A fix plans the change, has other agents check the plan, implements it, then verifies. The models are Claude, Sonnet and Opus, on AWS Bedrock. There is no secret in-house model, the value is the harness around them.

Safe by design
Isolated throwaway compute Source deleted after each job Only metadata retained Hour-scoped tokens Per-workspace isolation TLS + encryption at rest PRs only, never pushes to main You merge SOC 2 Type II in progress
FRAME 13

Safe by design

On screen

The data-handling facts as chips. Optionally show the security or settings page in-product.

What's happening

The first Hacker News question is “can you see and store my code.” Answer it before it is asked.

Talk track

Get ahead of the first question a Hacker News crowd asks, which is can you see and store my code. Say it plainly: each job clones the repo into isolated throwaway compute, analyzes it there, and deletes it when the job ends. It does not keep your source, only the finding metadata. Tokens expire within the hour. It only ever opens pull requests, never pushes to main, and nothing merges without you. Mention SOC 2 Type II is in progress, and that the never-trained-on question comes down to the model provider's terms.

app.gethyrax · checkout-service · overview
Improvement PR
lib/legacy/ - 142 lines of unreachable code removed + simplified orderTotal() · 3 branches → 1
Repo health
6.2 7.4 after this week
FRAME 14

More than bugs

On screen

An improvement PR, dead code removed or a function simplified, then the repo score moving up.

What's happening

Show the scope beyond security and bugs, and that it keeps running as new code lands.

Talk track

Widen it now, since they believe the core. It is not only bugs and security. It also cleans up the codebase, dead code and over-complicated parts, and it keeps running as new code lands so it stays on top of it. Show the improvement PR and the repo score moving up.

Act 4

Start

The one thing to do next.

≈ 2:55 – 3:05
gethyrax.com · start
Run your first audit
Findings are free. Pay only when you want the fixes.
Connect GitHub
✓ Free audit · no card required
FRAME 15

How to start

On screen

The connect screen and the first free audit.

What's happening

The close. The one action to take next.

Talk track

Close on the one thing to do next. Connect GitHub and run your first audit. Findings are free, and you pay only when you want the fixes. Say it like you are telling a friend where to start.