Siggi

in the an agentic world bazel is a superpower

Now I understand Bazel more, and it's kinda nice

Earlier today I leaked AWS credentials to the world; except they weren’t real. This is part of our launch for Honey Tokens (HT) at @infisical - a new class of fake credentials that can be used to trick attackers into thinking that they’ve stolen your real secrets. HTs are useful as decoys for detecting bad actors and breaches in the event that they do happen. Under the hood, HTs are real AWS IAM credentials, except wired up to Infisical, but with zero permissions. When an attacker tries to use a HT, we notify you so you can stay proactive about further securing or rotating your real secrets. In a world where credential breaches are becoming more common, we hope to give you all the tools needed to combat modern security threats. More on this below 👇

@steeve Hahaha the X million dollars worth of machines we have racked in our colocation facility are now worth over twice as much as we paid for them thanks to all that ECC RAM.

You think GPUs are expensive? Try buying ECC RAM.

Incremental builds deserve an incremental cache. Major props to Tyler French from the @buildbuddy team for landing this change in @bazelbuild that reduces cache uploads and disk cache size by 40%+ buildbuddy.io/blog/content-d…

Super cool work Tyler French + all the @buildbuddy + @bazelbuild people who manifested CDC buildbuddy.io/blog/content-d…

For a while, we've been grappling with one big question: How do we give agents secure access to services without them reading any secrets? Today, we provide an early answer: Agent Vault, an open source, HTTP credential proxy and vault. Agents like OpenClaw or Claude Code can proxy requests through Agent Vault regardless of the method an agent uses to interact with any target service: API, CLI, SDK, MCP. With Agent Vault, we’re rethinking how secrets should be consumed by agents. We believe that vaults and/or secret stores are here to stay but the way in which secrets are delivered to fit the ergonomics of how agents operate will change drastically. In the current state, agents cannot be trusted with holding secrets directly and so there has to be a dedicated credential broker beside each agent, be it through a dedicated service, sidecar, or egress layer; to securely attach credentials onto every request to the outside world. With this proxy in place, you can inspect proxied requests and, in the future, apply firewall rules to apply restrictions to traffic flowing through the proxy. The Agent Vault project by @infisical is an early peek into a trend that we believe many folks including Anthropic, Brex, Browser Use and others have caught onto which is the separation of the agent from its credentials. Check it out.

@jxnlco @modal @bernhardsson cc @jonobelotti_IO

@jxnlco @modal @bernhardsson We should chat

Hey @modal when are we getting modal powered ci

@steipete Happy to help! Codex team is already using BuildBuddy for this: github.com/openai/codex/p…

I feel my main velocity limitation lately isn't token speed anymore, it's compute. Running tests in parallel is taxing; can't wait for better cloud worker integration.

I am using @bazelbuild to download a Zig nightly build To then build the same Zig version from source (we have patches) Using a custom LLVM source repo Which is also built from source And all of this using remote execution with @buildbuddy.

Version 9.0.1 of Bazel bazel is now live on The Build Registry. registry.build/github/bazelbu…

@dmwlff @norootcause Happy to help!

@norootcause CI is also a bottleneck

Coding was the bottleneck, then code reviews were the bottleneck. At some point, incidents are going to be the bottleneck.

This is so underrated, being able to efficiently have have LLMs part of the build system unblocks a lot of marvels.

@siggi @buildbuddy Exactly ! I show everyone I can how I’m pretty much alone doing codex cloud at this scale just because I don’t care containers are only 2 cores. While every other agents wait minutes doing things locally, mine loop at light speed while everything compiles and test w/ @buildbuddy

@zeeg @ankrgyl I heard @buildbuddy is nice... x.com/i/status/20274…

Your coding agent doesn't need a sandbox, it needs a remote execution cluster buildbuddy.io/blog/remote-ba…

Beyond excited to welcome @SmileyKeith to the BuildBuddy team! Keith is the maintainer of Bazel's iOS support, a contributor to LLVM and Swift, creator of the Mobile Native Foundation, and an all around awesome human. buildbuddy.io/blog/welcoming…

Bazel 8.6.0 is out! 🚀 Full release notes here 👇 github.com/bazelbuild/baz…