Thomas Jiang

about 1.5 years ago @jonathanlowhy and i dived head first into codegen - no coding agents back then, folks were still debating what agents really were (turns out "for loop + tools" won), claude code was a couple of months away, codex was still a fine-tuned gpt-3 model. fast forward to earlier this year, after pivoting a few times - we realised coding agents were good enough to take on a lot of the work dev teams often pushed to the back burner. we started working on this iteration of @mistledev for teams to run their own @tryramp Inspect / @stripe Minions. it's not perfect yet but we're really excited to share it with everyone: github.com/mistlehq/mistle what you get out of the box: - integrations with common tools (Slack, Linear, GitHub, Sentry, etc.) - credential-less sandboxes (injected via a gateway that lives outside) - user attribution (work done is correctly attributed: trigger on slack -> open PR on GitHub resolves to the right person) - self-host on a single node (run on your laptop or mac mini) or distributed setup in the cloud (k8s)

seeing a lot more frequent failures related to ghcr lately - what's up?

@neogoose_btw and FWIW fff deserves to be the default file search in every harness

@neogoose_btw don't mean to plug but not a harness 😅 just an orchestration layer for background agents: github.com/mistlehq/mistle thank you for your amazing work!! hopefully we can contribute one day 🙂

Very cool! Another AI harness with powered by fff file search. I think I am running out of fingers to have a tatoo for every AI project that uses fff now 😅

In other news, we shipped file search powered by @neogoose_btw 's amazing fff (video not sped up + latency between client <-> sandbox) github.com/dmtrKovalenko/…

@codewithantonio @PlanetScale oh yeah you're absolutely right. I was thinking about getting direct connection URIs and connecting with a local client (e.g. psql) vs. using the MCP.

@thomasjiangcy @PlanetScale I can also authenticate via PlanetScale CLI and do the same thing!

What's something an MCP server can do that Skill + CLI cannot do?

Transparent proxying lets you proxy requests without client-side configuration. On Linux, you can do this with iptables/nftables rules that redirect matching traffic to a local proxy. We had a naive version in @mistledev: install static bypass rules when the sandbox boots. That worked until we ran Docker inside the sandbox. Docker networks are created dynamically, often when a Compose stack starts, so the sandbox’s original nftables rules didn’t know about the new bridge CIDRs. Result: traffic meant for local Docker bridge networks could get redirected into our egress proxy instead of staying local. That can break container networking badly, and in our case looked like the sandbox PTY connection stopped responding. The fix: use rtnetlink. Linux can notify userspace about routing/link/address changes over a netlink socket. We subscribe to those events, then reconcile our nftables local-destination bypass set whenever the kernel network state changes. Disclaimer: I've never worked on systems stuff much and have always been on the web side of things so this is pretty fun to pick up along the way 😁 PR here: github.com/mistlehq/mistl…

you run pnpm dev and your app loads dotenv - agents can accidentally / maliciously decide to read it. so you use something like doppler run / infisical run to inject at runtime but the agent can do doppler run print_env.py this is where the agent harness should decide to run the dev stack in an isolated environment but even if it’s isolated, the agent has write permissions on the source code and can just add console.log(process.env.MY_API_KEY) so…credential-less sandboxes aren’t a silver bullet. you still need proper audit logs and alerts.

check it out: github.com/mistlehq/mistle

credential-less sandboxes by default in @mistledev please enjoy my crappy diagram below:

amazing and inspirational. used tpuf for one of our prior products and having tried different vector dbs, it was truly unparalleled (despite others having seemingly higher ad spend). if we have to use a vector db in the future, it would be tpuf again without a doubt.

Happened to see threads occasionally debating who came up with a thing first. Sucks to have people copy you but it probably means it wasn’t anything really defensible and maybe the world is probably big enough to have people think of similar ideas? You can take the W that people copied you or take the L and bottle up the feeling of being robbed. Case in point: side thread from our product that we’ve pivoted away from. It was created before /btw in CC and /side in Codex but they 100% didnt copy from us because we have like basically 0 followers haha.

For more details on account linking and user attribution: docs.mistle.dev/guides/account…

3/ (Bonus) Signing commits / Verified badge There are various ways to sign your commits but I'll talk about using SSH keys. In Mistle, you can configure an SSH key pair associated with your Mistle account that will be used to sign all commits made by the agent triggered by you. This is powered mainly by git's `gpg.ssh.program` which is a way for you to provide a custom commit signing program. What happens in Mistle sandboxes is that when you sign a commit via `git commit -S`, git will forward that request to mistle's custom signing program which is really a thin client that just forwards that request to the gateway that brokers the signing with the control plane and returns the results back to git in the sandbox.

Correct user attribution is pretty important when working with background agents (esp. in teams): - who made the commit? - who opened the PR? - who left a comment? This sounds easy on the surface: just ensure your credentials are scoped correctly and owned by the right person when these actions are performed. Now, what if you're triggering these actions from Slack? or Linear? Here's how @mistledev does it 👇

Huge props (and hug ops) to @Railway for this. Only used it briefly in the past but left a deep impression on how easy it was to use it. It’s hard to do everything from nailing DX to reliability while juggling finite resources.

The internet is full of "whadontcha" people. They see something like what is going on with Railway, and they have all the solutions: "whadontcha have the data replicated to 35 different clouds" "whadontcha have daily chaos exercises where you simulate your provider blocking you"... The Wadontcha never lives in the real world. He never understands trade offs and costs. He never understands timelines and deliverables. He sees a problem, he imagines the solution, therefore, it's the company's fault for not doing it. Reality is: we all work with constrained resources, time and money chief of them. We plan for a certain class of events, and don't plan for others. Perhaps because we couldn't imagine the event even happening, or perhaps we could, but it was such a small probability to begin with, that we just had to take the risk. *ALL* companies are like that. There are no exceptions in the physical & real world. The exceptions to that only exist in the wadontcha's head.

@utpalnadiger We’re building github.com/mistlehq/mistle Open-source and self-hostable Ramp Inspect, Stripe Minions etc. Have been following opencomputer’s journey, would love to chat.

genuine question -- what's the best "managed agent" experience rn? going to play with the following this week but super curious on opinions! - gemini managed agents (launched today) - claude w/ self-hosted sandboxes? - openai agent sdk - flue