ALR

@mitchellh And legal indemnification. RHT basically absorbs risk. It’s brilliant and also as a lead of the open source project, watching the productization rebuild process up close was 🫠

This is why RedHat makes like over $6 billion a year by the way. For anyone wondering what the fuck RedHat does, its basically: take the free chips on the side of the road, validate them, and sell the supply chain contract.

Supply chain attacks and OSS sustainability go hand in hand. I've semi-seriously joked for years that OSS upstreams should periodically purposely inject full vulns into their code and let downstreams fuck around and find out. Downstreams can pay to get the non-FAFO version. The not joke part is simply that OSS maintainers aren't a supply chain. OSS maintainers are not responsible for monitoring CVEs (because, they are not a supply chain). OSS maintainers are not at fault when bad shit happens to downstreams, because basically every OSS license (MIT, Apache, GPL, etc.) literally says: the software is provided "as-is, without warranty." You get what you pay for (that is to say: absolutely nothing!) Now, the joke part is that I do believe there is an ethical obligation to try to prevent harm downstream. But "try" is the key word. So, this isn't a serious proposal. But, if you're using OSS code and you're not paying for a license with a contract that promises some kind of warranty, you have no supply chain. You (the downstream user of an OSS lib) ARE the supply chain. To use a metaphor: physical goods have a real supply chain. Car manufacturers, chips, clothes, toys, etc. You have a signed commercial agreement with all your suppliers that promises quantity AND quality and blowback if either are missed. Thats a supply chain. If someone puts some chips on the side of the road with a "FREE" sign, then you integrate those into a product, then find out those chips are hacking customers, its your fault, not the person who dropped them on the side of the road.

@nbaschez Keep on keepin' on. I want this immediately.

open source people, how do you live with having no idea how many people are using your thing on launch day😅

@cbr4444 You love to see it. Keep going, @cbr4444 🤘🏻

Square is announced as a co-developer of Universal Commerce Protocol for Food & Bev commerce. See it here: ucp.dev

@calvinnwq @garrytan Same. Agents express intent, control plane to own execution and identity.

Just have to repost this again as I'm aligned with this and going deeper into building the harnesses around these have seen positive results so far in terms of what we expect: "deterministic outcomes from undeterministic systems"

Lots of dunking today. I’m not among them. Empathize with every customer who lost business and real dollars. At the same time: Running infra at this scale means relying on partners, and I saw Railway and @JustJake do everything to remediate and communicate. Google? Hard to reach, slow to respond to their customer.

@RhysSullivan This tracks. It’s the best approach I’d come up with, too. The only way I can surmise to reliably put the approval into the same terminal window as the agent is to own the shell.

One approach for requiring approval of destructive actions is giving the user a URL to approve it at In this, the returned result of the execute tool tells the model to: - Give the user a URL to approve the action - Immediately call `resume` which waits on the approval

Another great example of innovation outpacing standards and norms.

Agents make mistakes every day. Here's one from today. The great mistake we accepted was to put rules into context rather than deterministic guardrails. Rules are suggestions.

@mitchellh You can ignore first principles right up until they bite you.

I strongly believe there are entire companies right now under heavy AI psychosis and its impossible to have rational conversations about it with them. I can't name any specific people because they include personal friends I deeply respect, but I worry about how this plays out. I lived through the great MTBF vs MTTR (mean-time-between-failure vs. mean-time-to-recovery) reckoning of infrastructure during the transition to cloud and cloud automation. All those arguments are rearing their ugly heads again but now its... the whole software development industry (maybe the whole world, really). It's frightening, because the psychosis folks operate under an almost absolute "MTTR is all you need" mentality: "its fine to ship bugs because the agents will fix them so quickly and at a scale humans can't do!" We learned in infrastructure that MTTR is great but you can't yeet resilient systems entirely. The main issue is I don't even know how to bring this up to people I know personally, because bringing this topic up leads to immediately dismissals like "no no, it has full test coverage" or "bug reports are going down" or something, which just don't paint the whole picture. We already learned this lesson once in infrastructure: you can automate yourself into a very resilient catastrophe machine. Systems can appear healthy by local metrics while globally becoming incomprehensible. Bug reports can go down while latent risk explodes. Test coverage can rise while semantic understanding falls. Changes happens so fast that nobody notices the underlying architecture decaying. I worry.

@ibuildthecloud You seem hip to this kind of nerdery lately. Would love your thoughts before I burn a lake's worth of tokens prototyping it out.

I want my agents to fly and --dangerously-skip-permissions. I *think* if we capture the LLM Gateway and OS sandbox both, we can intercept everything we need for policy to let the agents off the leash. Anyone taking this approach?

@ibuildthecloud @ifeanyi_we Curious how you're doing this - manually, using agent orchestration like air.dev? Docker sandbox?

Why not? You basically just give the agent it's own machine. It can do whatever it wants and can't screw up anything. It can then run your application, debug it, install random crap, do whatever. It only takes like 2 seconds to create a sandbox with a clone in it. That's what I do. I run tons of these in parallel. Each agent gets it's dedicated environment.

I hate worktrees so much. What is wrong with you all.

@brunoborges @techgirl1908 I'm happy we're finally recognizing the problem. For awhile it felt like the industry was so hopped up on what agents made possible, we let first principles for security and privacy fly right out the window.

@techgirl1908 Everyone trying to build control planes and orchestration dashboards. Everyone else using IDEs and CLIs. I don't think we haven't docked the problem yet...

which agent control planes are folks using?

@techgirl1908 Building one. withaileron.ai. It has sane controls and a way to add capabilities to your agents that I'm really enjoying. Working hard to get it a healthy set of connectors. If anyone wants to try the Google connectors - let me know and I'll get you on an allowlist.

Across Claude, Codex, Goose, and OpenCode. Configure once, use anywhere.

"Write a 1-sentence elevator pitch for how Aileron will accelerate a team's AI transformation. Send it to email@address.com"

@nicos_ai The final boss of vendor lock-in.

Anthropic acaba de lanzar el empleado más barato y eficaz del mundo. Se llama “Claude for Small Business”. Y esto es lo que puede hacer: • Gestionar facturas, pagos y finanzas • Crear campañas, diseños y contenido • Organizar ventas y clientes automáticamente • Leer, resumir y redactar documentos • Gestionar emails, calendarios y archivos • Ejecutar tareas entre múltiples apps Todo desde Claude. Cómo funciona: → Conectas las herramientas que ya usa tu empresa → Claude entiende el contexto de todo tu negocio → Ejecuta flujos de trabajo automáticamente → Incluye automatizaciones ya preparadas → Funciona con Microsoft 365, Google Workspace, Canva, DocuSign, QuickBooks y más Anthropic no quiere que Claude sea “otro chatbot”. Quiere convertirlo en el sistema operativo de millones de pequeñas empresas. La idea es simple: En vez de abrir 10 herramientas distintas, hablas con Claude y él hace el trabajo por ti.

@oshaikh13 🤘🏻 Awesome

We upgraded Tabracadabra 🎉 to bring an entire context-aware assistant (not just tab to autocomplete!) to any textbox. It's pretty great if you hate switching between the chat interface and what you're working on. We're also open-sourcing, so you can try it out!🧵

@matthew_yuan8 Completely agree 👍🏻

Yes. Per-repo memory is the first boundary that makes agent memory reviewable. The missing piece I keep wanting is a tiny receipt next to each memory write: - source file/path - task it came from - confidence / expiry - who may reuse it - how to replay or delete it Without that, repo-scoped memory still becomes invisible state.

When agent memory namespace is per-repo, that's a strong argument in favor of modular monorepos.

Yes. Yes. Yes. Yes. Yes. Yes. Yes. Yes. Yes. No no no, you did it all wrong! - Computer Programming, 2026.