Darren Shepherd

Announcing: DISCOBOT🤖🎉 My personal coding agent session manager. I built this for myself so I can vibe code faster. Watch the video, link to the project thread below. I'll be live streaming today at 10AM PT to fully demo it and talk about why I built it.

If the X account is not for a human, I immediately think it's AI, but if the X acccount is clearly for a human, I suspect it's AI.

@CodveAi I still don't trust you.

@ibuildthecloud svelte is genuinely underrated for dev tools UI

I can now live peacefully again. I rewrote discobot UI in svelte. It's now clean, performant, and just a pleasure to work with. Even AI can't save React.

totally disagree, but it's a nuanced discussion. Least privileged tools is not the correct direction. Tools like bash and "run python" are really the correct direction. Maximum utility. Also, I really care very little about attacks and prompt injections. I think it's a valid thing to protect against, I just think it's not hard to do at all and there's very basically approaches to that (basically scan untrusted input).

The side effects problem is real at the tool layer, not the LLM layer. Agents with filesystem + shell access don't need credential theft to cause damage — one injected instruction and they can exfiltrate internally. Most teams add LLM guardrails but leave tool permissions wide open. Least-privilege on tools is where the actual security work needs to happen.

I'm excited to work on some security issues because there are security issues that are actually blocking me. Not stupid BS compliance, "Oh I have to have zero CVE" security issues. I want agents to do more but I'm personally afraid of the side effects. I want to fix this.

I'm not 100% what your saying. If there solid components that AI can leverage, then it's going to turn an unknowing person into a super star. But that doesn't work with engineers. Engineers build the widgets. A new world of widgets designed for AI use it going to happen and engineers (with the help of AI) will be building those. There's a new market of applications or systems that will be built that will target AI agents as the users, not users themselves. "AI optimized app", "AI Native apps".

There is some merit. I’ve come to recognise recently that all the layers and complexity are for large engineering orgs to get work done. For a small team though, none of that matters, being able to produce and reason about what their customer wants and get it to them is the important part. Then for operators with a scale of 1 or 2 none of the architecture decisions matter, run once.com and point codex at it, bespoke tools instantly.. And if you’re in a large org the big decisions have already been made. Building a bespoke feature that integrates into the existing system has less friction with AI tools. In fact it’s probably possible to do some tasks cause the AI tools can sit there and brute force a refactor that would take humans too long to justify.

I've already gone through this thought exercise. Why does it matter? "It shouldn't matter because the AI manages it." This logic is completely flawed. You have to see it in practice. AI does not turn an engineer into a 10x engineer. I can supe up a Civic and it will do 0-60 faster than a stock Porsche. Now take both of those cars to a track and see what happens. AI does not change the fundamentals as much as you would think. Why you choose a database still matters. It might not be because it has the best documentation or marketing or some sales guy brought you to dinner. But a database, for example, they're all fundamentally the same technology but they're all optimized for different use cases. So the flaw in this logic is being too abstracted and thinking too much of this stuff is the same. It's not. And there is a good reason for good quality code and there's a reason for bad quality code in certain domains. AI is pushing things to such an incredible pace that you realize the good principles are required. The diligence is required. AI is going to drive the need for more smart individuals. More skilled individuals.

If you are building a coding agent API do not make the approval mechanism synchronous. Don't make it so that I have to have a live api call to approve. I need to be able to suspend and resume the agent in the middle of an approval. Very similar thing with client side tool calls.

Has anyone else had issues with using @OpenAI WebSocket mode and tool calls? When I switch to WebSocket mode, I get tool call leakage where clearly their API layer is not interpreting the tool call from the model correctly. You get garbage like to=function[.]Read in the output. @OpenAIDevs

JetBrains does this, so somehow it's okay for them. I'm not sure why @AnthropicAI is so stupid with it's relationship with @opencode. I really want to know what's the difference is between the two.

I agree. But it's not actually that. In all seriousness you do have to realize I'm a very highly skilled engineer, I can fairly objectively and humbly say that statement is true. Nobody can know everything but since I have a pretty wide breadth of knowledge, I can get AI to do things in domains that I'm not an expert in. For example I've never written a browser even though I build complicated distributed systems. So you run into this thing where, according to my judgment, the fix seems good but I never would have found it without AI. AI was the one that did it and I'm smart enough to know what I don't know and there could be a better way to do it. So it's a judgment call. What I think would be better in a situation like this is if I could submit the issue and then an agent that was managed by, let's say, ladybird could do the first pass. If my agent fixed it then their agent could probably fix it too but do it in a better way because they would have its preferred mechanisms and rules and whatnot. Basically you kind of want to enable this behavior where "don't make me talk to your agent" but your agent could talk to my agent.

@ibuildthecloud @awesomekling sounds like a weird thing called skill issues

I don't mind if you're using AI when contributing to OSS. In fact, I prefer that you do! HOWEVER Please don't just forward messages between me and your Claude. I have my own Claude I can talk to. I don't want to talk to your Claude. Thank you for your attention to this matter.

Long live the legend. RIP

@misterclayt0n @IroncladDev I use a bunch of things, I find brew good for a lot of software.

I got to a similar conclusion, but after a while I realized I didn't needed any of this most of the software I use has good defaults (helix, jj, ghostty) and I don't have many needs to customize them beyond the basics therefore currently not even home-manager or keeping track of dotfiles is necessary. I just change things on the fly and that's it

I have decided that NixOS is unnecessary I just need home-manager, hyprland, my dotfiles, and I have the freedom to distro hop to whatever I want

@IroncladDev This is the way. Manage your home and put as much in their. Then pick some stable distro that works with your hardware. The kernel is the most important thing. This is why I tend to stick to Ubuntu LTS/HWE.

@CodexHere Did you see your token bill?

i'm mad, so i'm going to say as many cuss words as this shitty little box will let me: shit, fuck, piss, ass, whore, cock, bitch, motherfucker, cocksucker, asshole, ASS, twat, shithead, bellend wanker, butt fucker, crusted snatch, itchy taint CUNT

@alexellisuk Cool, I'll have to check this out.

Superterm is now free for personal use. Manage your agents from one place. Unblock them from your phone. Let's ship. Link below 👇

I'm getting excited about security. What is wrong with me. Who have I become? 😱