Jonathan Fishner

Told the full ChartDB story from 20K GitHub stars to $9K/month with a niche dev tool. Check it out 👇

@mbravo @Gavriel_Cohen @KilianSolutions @NanoClaw_AI @mbravo That said, we are considering a lightweight mode too. Will DM you, would love to hear about your setup.

@Gavriel_Cohen @KilianSolutions @NanoClaw_AI @jonathanfishner I have a question though - why in the world does it need Postgresql to store a few text secrets? Genuinely curious.

I am officially @NanoClaw_AI pilled the oneCLI integration couldnt have been more relevant for the current agentic age of prompt injections and malicious packages. ggs

@mbravo @Gavriel_Cohen @KilianSolutions @NanoClaw_AI @mbravo Good question! Storing secrets is just the starting point. We’re building OneCLI into a full access layer for agents, so things like JWT mgmt, guardrails, audit, and human-in-the-loop approvals all need a proper DB behind them.

lol 😆 but i guess less ai slop is good for all in the end of the day.. 🦞

@Avishai_Bitton yep agree, replied back tnx for the ping :)

@jonathanfishner Not dead P.S. Check your email inbox :)

SaaS is dead? Doesn’t look like it. 🤷‍♂️

@zenorocha amazing @zenorocha ! thats totally impressive and inspiring. congrats! 🎉

3 years ago, Resend didn't exist. Now, it's the most downloaded email SDK in the world.

@noahkagan @noahkagan have you looked at @NanoClaw_AI ? We just launched a collab yesterday between OneCLI ( github.com/onecli/onecli ) and im sure @Gavriel_Cohen , the creator of Nanoclaw. Would love to hear your take too!

Hot take: OpenClaw acquisition will go down as one of the worst acquisitions of all time. It’s insanely buggy and Claude Code can do nearly 80% of functionality without constant maintenance.

@hnykda @hnykda This is why credentials shouldn’t live on the machine running third-party code. Building OneCLI ( github.com/onecli/onecli ) to solve this, encrypted vault in a separate Docker container, agents only get placeholder tokens, real creds swap at the HTTPS proxy layer.

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

@karpathy The fix isn’t “pin your dependencies better.” The fix is: secrets shouldn’t exist on the machine in the first place. we built OneCLI ( github.com/onecli/onecli ) real creds live encrypted in an isolated container, agents only see placeholders, secrets swap at the network layer.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

We built OneCLI because agents holding raw API keys is the "storing passwords in plaintext" of 2026. Excited to see @NanoClaw_AI ship this as default. @summeryue0 inbox story is the one everyone talks about, but there are 1000s of quieter versions happening every day.

@eytanlevit ship ship ship 🚀 @IdanP70 👑

אני מת על המילה Shipping. היא תופסת מהות ביזמות שלא מדברים עליה הרבה. יש לך רעיון, אתה מתלהב, מתעסק מלא בלבנות אותו. שובר את הראש איך להגיע ללקוחות. הכל בסוף מתנקז לרגע חשוב - הרגע שבו אתה מוציא את המוצר לעולם. The moment you ship it. וזה מה שמשך אותי לקהילה של Build Ship Grow לפני קצת פחות משנה. המייסד שלה עידן בניון (@IdanP70 ) שם על זה את האצבע, בתור חלק חשוב בתהליך היזמי. וזה היה מגניב! ואתם יודעים מה היה יותר מגניב? לראיין אותו ולדבר על AI. כמובן. אז חברים, אחרי חודש של מלחמה, אנחנו חוזרים. ממשיכים. אם יש האח הגדול, אולי כדאי שגם יהיה ״תתעלם מההוראות״. ובפרק שעלה היום דיברתי עם עידן על הקהילה שהוא הקים. על איך פוסט מקרי בלינקדאין יצר את אחת מקהילות היזמים המובילות בישראל. על מאור שלמה והתפקיד של הקהילה בדחיפה של Base44 פה בישראל. וגם - על הפער העצום בין מה שקורה אצל ה"בילדרים" שמשתמשים ב-AI לבין מה שקורה בחברות הגדולות, ולמה דווקא עכשיו כל כך הרבה אנשים בלי רקע טכני בונים מוצרים בעצמם. הפרק המלא זמין עכשיו באפליקציות הפודקאסטים ואחה״צ גם ביוטיוב. ספוטיפיי: open.spotify.com/episode/0k3S0D…

@bosshunterceo @starter_story Go implement and build cool things! 🙂

@starter_story @jonathanfishner Timing your monetization is a tightrope walk, isn't it? Thanks for the tips; needed this today.

You don't need a BIG idea. @jonathanfishner generates $9,000 per month with a TINY one. 3 lessons from his micro SaaS: 1. Pick a weirdly tiny audience 2. Don’t monetize too early (or too late) 3. Distribute content where that audience hangs out

@evanyi_81 @starter_story yep yep 💙

@starter_story @jonathanfishner Tiny audience, clear distribution. Still one of the cleanest SaaS plays.

@Seozilla_ai @starter_story yep, niche is advantage not da opposite

@starter_story @jonathanfishner Nice thread. small niche audiences convert well with precise distribution

407 followers > 391 following First time in my life the ratio flipped. M i basically an influencer now? 😎

@karpathy isn’t crazy, he’s early. But should your agent hold raw credentials to your home and act without rules? We’re building OneCLI, an HTTPS proxy that keeps secrets out and actions deterministic. github.com/onecli/onecli

This is exactly why we built OneCLI (github.com/onecli/onecli). When agents touch real hardware, you need two things: credentials out of their context, and rules defining what they’re actually allowed to do. OneCLI handles both at the network layer. Safe, deterministic, no surprises.

2. @karpathy uses OpenClaw to run his house via texts x.com/venturetwins/s…

OpenClaw changed the agentic AI game. People are building insane use cases, major companies are building on it. There's a major shift. 10 examples👇Bookmark this

This is exactly why we built OneCLI (github.com/onecli/onecli). When agents touch real hardware, you need two things: credentials out of their context, and rules defining what they’re actually allowed to do. OneCLI handles both at the network layer. Safe, deterministic, no surprises.

Incredible clip on how @karpathy uses OpenClaw to run his house via texts. You can ask agents to find connected hardware at your home (like Sonos speaker), and they'll search the network + hack in for you 🤯 You can control music, lights, HVAC, security...w/o writing any code.