🛠️ All DevTools

[CLI Tool] Show HN: Agent that refuses to run commands without human approval In light of recent news about an agent deleting a production database, I thought now would be a good time to share this.<p>As the use of AI tools in production is becoming more common, sadly so will the high profile incidents like the one mentioned.<p>Fewshell is a terminal agent specifically designed to avoid this.<p>There is no setting to enable command auto-approval. This is by-design, so that the user never has to second-guess or worry about accidentally having it enabled.<p>Originally my intention was to build an AI mobile terminal to make typing shell commands easy. But with so many mobile-enabled &#x27;claw&#x27; agents being available, I decided to make Fewshell the opposite of an autonomous agent.<p>Please star if you like, let me know what you think. Happy to answer questions.<p>About me: I&#x27;m an ex Amazon Sr. SDE for Alexa AI, and currently am working in AI safety research for agentic RLVR. I use this tool to run and check on my lab experiments.

[Other] Claude.ai and API unavailable [fixed] <a href="https:&#x2F;&#x2F;status.claude.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;status.claude.com&#x2F;</a>

[Other] I benchmarked Claude Code's caveman plugin against "be brief."

[Other] Show HN: AgentPort – Open-source Security Gateway For Agents Hey HN!<p>I&#x27;ve been wanting to use something like OpenClaw for a while but couldn&#x27;t get myself to give it access to anything important due to all the risks involved. Prompt injection is still a problem (even though some people seem to ignore it) and so are hallucinations and mishaps that cause agents to do things like delete production data [1].<p>Even harnesses like Claude Code and Codex are subject to this, particularly since we&#x27;re getting progressively looser about how we run them e.g. Conductor is really popular and runs agents without any sandboxing.<p>That means we&#x27;re in a bit of an all-or-nothing situation. There are people who just ignore the risks and connect everything to their agents and reap benefits from it while being subject to more risk, and there are others that just don&#x27;t connect anything because they are mindful of the potential issues.<p>I&#x27;ve been quite cautious but have wanted to run more autonomous agents and so I built the component I needed to enable me to do so: AgentPort.<p>AgentPort is a gateway that connects to any service (e.g. Gmail, GitHub, Stripe, PostHog, Linear) and let&#x27;s you set granular permissions for what the agent can do automatically, what it needs your approval for, and what it can never do.<p>For example, you can set `list_customers` and `get_customer` on the Stripe integration to &quot;Auto-approve&quot; but `create_refund` to &quot;Ask for approval&quot;. The agent will thus be able to do a lot in the background independently but when it comes to a potentially destructive operation it will be blocked and receive an approval link to send to you. You can then approve or deny the call with those exact parameters e.g. `create_refund(customer_id: 1234, amount: 12)`.<p>Agents connect via MCP or CLI and have access to all the integrations you connected without ever getting API keys. Kind of like Composio but with granular permissions and open source.<p>The goal with AgentPort is to specifically address two vulnerabilities that agents are subject to:<p>1. Destructive operations on downstream services: It can&#x27;t delete a database unless you explicitly approve 2. Credential exfiltration: Your agent never sees API keys<p>AgentPort also helps with sensitive data exfiltration, but that is more nuanced and complicated to defend against if the agent has an internet connection [2].<p>Ultimately, AgentPort was the missing piece for me to start running more autonomous agents that have access to third-party services, and hopefully it can unlock use cases for you too. There&#x27;s a ton more work needed around securing agents (Claws in particular) and I&#x27;ve both been writing about it [3] and intend to do more in this space, so if you&#x27;re thinking about similar things let&#x27;s have a chat.<p>The repo is <a href="https:&#x2F;&#x2F;github.com&#x2F;yakkomajuri&#x2F;agentport" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;yakkomajuri&#x2F;agentport</a> and you can run it locally with docker compose in a minute or use the one-liner install to deploy a prod instance (domain, TLS, etc.) in just a few mins as well.<p>[1] &quot;An AI agent deleted our production database. The agent&#x27;s confession is below&quot; (<a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47911524">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=47911524</a>)<p>[2] See my post &quot;On agents dropping production databases&quot;: <a href="https:&#x2F;&#x2F;yakko.dev&#x2F;blog&#x2F;on-agents-dropping-production-dbs" rel="nofollow">https:&#x2F;&#x2F;yakko.dev&#x2F;blog&#x2F;on-agents-dropping-production-dbs</a><p>[3] <a href="https:&#x2F;&#x2F;yakko.dev&#x2F;blog" rel="nofollow">https:&#x2F;&#x2F;yakko.dev&#x2F;blog</a>

[Testing] Show HN: A new benchmark for testing LLMs for deterministic outputs When building workflows that rely on LLMs, we commonly use structured output for programmatic use cases like converting an invoice into rows or meeting transcripts into tickets or even complex PDFs into database entries.<p>The model may return the schema you want, but with hallucinated values like `invoice_date` being off by 2 months or the transcript array ordered wrongly. The JSON is valid, but the values are not.<p>Structured output today is a big part of using LLMs, especially when building deterministic workflows.<p>Current structured output benchmarks (e.g., JSONSchemaBench) only validate the pass rate for JSON schema and types, and not the actual values within the produced JSON.<p>So we designed the Structured Output Benchmark (SOB) that fixes this by measuring both the JSON schema pass rate, types, and the value accuracy across all three modalities, text, image, and audio.<p>For our test set, every record is paired with a JSON Schema and a ground-truth answer that was verified against the source context manually by a human and an LLM cross-check, so a missing or hallucinated value will be considered to be wrong.<p>Open source is doing pretty well with GLM 4.7 coming in number 2 right after GPT 5.4.<p>We noticed the rankings shift across modalities: GLM-4.7 leads text, Gemma-4-31B leads images, Gemini-2.5-Flash leads audio.<p>For example, GPT-5.4 ranks 3rd on text but 9th on images.<p>Model size is not a predictor, either: Qwen3.5-35B and GLM-4.7 beat GPT-5 and Claude-Sonnet-4.6 on Value Accuracy. Phi-4 (14B) beats GPT-5 and GPT-5-mini on text.<p>Structured hallucinations are the hardest bug. Such values are type-correct, schema-valid, and plausible, so they slip through most guardrails. For example, in one audio record, the ground truth is &quot;target_market_age&quot;: &quot;15 to 35 years&quot;, and a model returns &quot;25 to 35&quot;. This is invisible without field-level checks.<p>Our goal is to be the best general model for deterministic tasks, and a key aspect of determinism is a controllable and consistent output structure. The first step to making structured output better is to measure it and hold ourselves against the best.

[Other] I built ten custom subagents to tame a 500K-line Clojure codebase

[Other] Letting AI play my game – building an agentic test harness to help play-testing

[Other] Show HN: Adblock-rust Manager – Firefox extension to enable the Brave ad blocker Firefox 149 ships adblock-rust (Brave&#x27;s Rust engine, MPL-2.0) completely disabled with no UI. It&#x27;s controlled by two about:config prefs with no WebExtension API, so you can&#x27;t touch them programmatically from a standard extension.<p>This extension gives it a UI: ETP toggle (via browser.privacy API, instant), filter list manager with clipboard helpers for the manual about:config steps, and 8 preset lists. You can also add your own if you so desire.

[IDE/Editor] Warp is an agentic development environment, born out of the terminal.

[Other] GitHub – DOS 1.0: Transcription of Tim Paterson's DOS Printouts

[Other] Soft launch of open-source code platform for government

[Other] Anthropic's Champion Kit for engineers pushing Claude Code at their company

[DevOps] Show HN: Pi-hosts – Give the Pi coding agent access to your servers I built that initially for an AI chat bot that allows teams to perform DevOps tasks straight out of Slack&#x2F;Teams (with proper permission control, obviously).<p>Useful to let developers perform mundane tasks, or help coordinate incident response.<p>I ended up using it myself on my own machine to manage Hetzner and AWS boxes. I thought that may be useful to others.<p>The default policy should be good enough, but if you don&#x27;t like living dangerously, you can set it to `paranoid`.<p>Install: `pi install npm:pi-hosts`<p>GitHub: <a href="https:&#x2F;&#x2F;github.com&#x2F;hunvreus&#x2F;pi-hosts" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;hunvreus&#x2F;pi-hosts</a>

[Other] Regression: malware reminder on every read still causes subagent refusals Not sure if anybody else has experienced this, but for my job I&#x27;ve been playing around with Claude Managed Agents to run code generation tasks in our repo. Every read operation in the managed agent is appended with a system prompt instructing Claude to scan the file for malware; Claude then wastes a bunch of time and tokens (money) performing the analysis; then, once the agent has confirmed that it is <i>not</i> malware, it still interprets the appended prompt to mean that it is disallowed to augment or write <i>any</i> code, and quits. And we&#x27;re charged for every session that this happens in. Posting here because apparently they only addressed the issue in the past because of a Hacker News discussion. So here&#x27;s hoping they&#x27;ll see this and prioritize fixing it again so we can stop losing money.

[IDE/Editor] Show HN: 49Agents – 2D Canvas IDE for Orchestrating Agents, Repos, Issues Beads tables (Steve Yegge&#x27;s) for issue tracking. Can view git trees, terminals, issue tables, notes, and files all on one screen. Can connect multiple machines via private network (like tailscale)

[Other] Show HN: ClusterdOS – Kubernetes without the platform team

[API/SDK] AMD's Lemonade SDK 10.3 Now 10x Smaller by Getting Rid of Electron

[CLI Tool] Show HN: A TUI for Markdown view an editing Hi HN, I built a simple TUI for viewing and editing .md files in the terminal. More and more markdown files keep appearing in our projects, and I found myself needing a quick way to view(with syntax highlighting) and edit them without leaving the terminal, so I built this

[Other] Ghostty is leaving GitHub

[Other] Claude.ai unavailable and elevated errors on the API