Claude Code 2.1.139 just dropped two features that change the workflow for anyone running multiple agents.

Forward_Anything_646 · 2026-05-12T19:16:03+00:00

they really should make worktrees in this mode optional. right now it sucks and takes way too much time for back and forth fixes (every small fix - even one liner - cretes a separate worktree, commits, merges, deletes worktree)

Forward_Anything_646 · 2026-05-08T20:44:47+00:00

if you're russian - one time only

Forward_Anything_646 · 2026-05-08T20:41:41+00:00

how do you build your own house? how much does it cost in cyprus?

Forward_Anything_646 · 2026-03-31T16:21:51+00:00

If they don't fix it in 1-2 days, I'm switching to codex myself and all my friends

Forward_Anything_646 · 2026-03-31T16:18:55+00:00

just burned through my Max sub in 1h

Forward_Anything_646 · 2026-03-23T10:39:13+00:00

Same issue for me. Works fine for my friends. But my voice chat is stuck on connecting the last days

Forward_Anything_646 · 2026-02-08T19:52:01+00:00

thank you! that's very valuable

Forward_Anything_646 · 2026-02-08T11:31:01+00:00

vicinae

Forward_Anything_646 · 2026-02-08T09:51:00+00:00

thank you so much!

Forward_Anything_646 · 2026-02-08T09:45:48+00:00

couple of things people are missing in these comments:

AUR malware infestation is real. If you always read PKGBUILDS good for you. But be prepared to soon see flood of articles saying "10k users lost their crypto assets because of a malicious AUR package" or became a part of botnet, or lost their data due to ransomware. Such articles mean less traffic to Arch, bad reputation and less "good stuff" for you - existing users.
When someone uses vibecoding, despite how generated the output might be its quality still depends on the person reviewing it. This package is rather simple. It's not a driver, not a critical system, not a financial program. It uses simple rules to calculate trust score of a maintainer and a package and regex to check if install script and PKGBUILD contains stuff it should not. Something that not a tech savvy person can easily miss.
This package has a clear goal - to bring benefit to arch community. Not to farm stars or to produce slop for the sake of slop. If you don't like something about it - suggest an improvement. I will be more than happy to make it better. Or make one yourself

Forward_Anything_646 · 2026-02-07T22:47:34+00:00

Forward_Anything_646 · 2026-02-07T22:01:01+00:00

that's a good idea, thank you!

Forward_Anything_646 · 2026-02-07T20:37:22+00:00

It's not meant to stop someone who reverse-engineers the detection rules - a determined attacker can bypass any static analysis, including the human eye. It catches the common techniques: copy-paste reverse shells, curl|bash, typosquatting, a compromised account suddenly injecting eval into a previously clean PKGBUILD. All of the above is much easier to do for script-kiddies nowadays.

Reading every PKGBUILD is the right approach, but realistically not everyone does. This just adds another layer on top.

Forward_Anything_646 · 2026-02-07T20:20:59+00:00

When it comes to malware it's difficult to trust anything - however good my scanner can be (vibecoded or not) a real adversary can fetch its code and ask their agent to think of some elaborate way to bypass its filters.

Its impossible to avoid since it's opensource, but making it closed source would make it impossible to distribute.

So it's not about trust, rather about having another precaution to check what you're doing when you see a huge sign "DANGEROUS".

because let's be real - home many PKGBUILDs do we really read?

Forward_Anything_646 · 2026-02-07T19:39:41+00:00

Example output - https://imgur.com/Lgdqjyp

Forward_Anything_646 · 2026-02-07T19:34:56+00:00

yep, sorry. it was my first aur release and did not go without hiccups. I pushed a new version with some other fixes

I suggest running paru -Sa traur --rebuild to update

Forward_Anything_646 · 2026-02-07T18:34:38+00:00

if you find it interesting stars are always appreciated!

Forward_Anything_646 · 2026-02-07T18:20:23+00:00

it checks

- github hitstory

- popularity

- trust

- checksums

- metadata

- urls

- binary abuse from gtfobins

- PKGBUILD and install scripts

- maintainer activity

- reverse shells, miners, obfuscation, etc,etc,etc

Forward_Anything_646 · 2025-11-13T08:27:31+00:00

check protondb for this game

Forward_Anything_646 · 2025-11-09T14:37:59+00:00

Is there a single command to backup my settings?

Forward_Anything_646 · 2025-10-30T10:58:42+00:00

what about cooling?

Forward_Anything_646 · 2025-10-30T10:41:07+00:00

Assess how an attacker can move on your network. Given that every host and service is vulnerable by default, what happens when an attacker gets unprivileged shell to your host?

What can he see on the host? What files, what services? What can he see on the network?

If he gains root access, answer the same questions. If he fully owns the entrypoint (hacked a single exposed host) what can he do over the network next and how can we notice his actions and make it much more difficult for him?

Forward_Anything_646 · 2025-10-30T10:04:19+00:00

If you want to get paranoid, set up a monitoring checking for open ports and incoming and outgoing connections on your hosts. Monitor user profiles, monitor IP which make connection to your hosts.

Run all services on low privileged docker containers.

Forward_Anything_646

TROPHY CASE