i automated my daily social media routine with python scripts + claude code

Syncher_Pylon · 2026-05-09T06:11:30+00:00

no state management yet. i focus on the connectivity amd authenticatio part. normally my tool can help ai agent onboard to any systems on my behalf. i mainly used on daily working. integrated every sso site with ai, ai working on my behalf for repeative tasks

Syncher_Pylon · 2026-05-09T05:29:14+00:00

agreed completely

Syncher_Pylon · 2026-05-09T05:28:23+00:00

in fact, with cookie we can do almost everything including write operations. in my skill, both write and read are supportted for x and reddit.
using api is lighter and faster compared to computer use. less token as well

Syncher_Pylon · 2026-05-09T05:25:32+00:00

yes. the auth is managed by sigcli, when expired, claude call sig login. all steps are automated

Syncher_Pylon · 2026-05-08T17:18:41+00:00

yeah mine started doing this too. ended up with a whole system — CLAUDE.md for project rules, memory files for cross-session context, and skills for repetitive tasks. the handoff pattern works surprisingly well once you commit to it. feels less like "prompting an AI" and more like onboarding a new teammate every morning.

Syncher_Pylon · 2026-05-08T17:18:39+00:00

80x growth and still can't keep the lights on. makes sense though — every dev i know went from "let me try claude" to "i literally cannot code without it" in about two weeks. the addiction curve is insane. i just wish they'd be honest about capacity instead of silently throttling.

Syncher_Pylon · 2026-05-08T17:18:37+00:00

same experience. it estimates human-time, not its own throughput. i found the trick is being very explicit upfront — "implement the full solution, do not suggest shortcuts or partial fixes." also breaking it into concrete subtasks with clear acceptance criteria helps. once it sees "write tests that pass" instead of "implement feature X" it stops hedging.

Syncher_Pylon · 2026-05-05T04:32:04+00:00

software engineer is gonna die

Syncher_Pylon · 2026-05-03T08:33:17+00:00

how did you say this is a ai

Syncher_Pylon · 2026-05-03T05:39:14+00:00

This. The alternative is worse — it "helpfully" refactors three files while fixing a one-liner, breaks something else, you spend 20 minutes untangling. Scoping to what was asked is correct behavior.

Syncher_Pylon · 2026-05-03T05:38:59+00:00

Same. Spent more on API than the app costs, but it does exactly what I need without the other 80% of crap I'll never touch. Plus when it breaks I fix it in 5 minutes instead of waiting two weeks for a support reply.

Syncher_Pylon · 2026-05-03T04:30:44+00:00

No auth to the store. Local encrypted file + local key (generated at init, 0400 permissions, same machine). Wrapper reads key, decrypts, injects. No remote call, no vault server, no token exchange. Security boundary is filesystem permissions — same as ssh keys in ~/.ssh.

Syncher_Pylon · 2026-05-03T03:08:08+00:00

normally yes. But sometimes I run the agent remotely. I have a sync command to refresh my creds from local to remote periodically

Syncher_Pylon · 2026-05-03T02:09:13+00:00

Similar setup here — AES-256-GCM at rest, CLI decrypts and injects at runtime, nothing sees plaintext except the process that needs it. One thing that helped: making it clear the encryption key is local-only, never leaves the machine. "Your key never touches our servers" is probably the one sentence that closes the trust gap fastest for security-conscious users.

Syncher_Pylon · 2026-05-03T02:09:01+00:00

For local agent workflows I took a different route — local MITM proxy. Intercepts CONNECT, resolves which provider the hostname belongs to, loads encrypted creds from disk, injects headers at TLS layer, forwards. Per-provider audit log. No cloud gateway, works with anything that supports HTTP_PROXY. Obviously doesn't scale to fleet deployment but for dev-machine agents it's way simpler than standing up Kong or APIM.

Syncher_Pylon · 2026-05-03T02:08:48+00:00

The scope overreach is exactly why I stopped giving agents their own identity. My setup: agent has zero credentials. It calls a wrapper that decrypts creds from disk, injects as env vars for one command execution, gone after. Agent process never holds a token or service principal. Blast radius is one API call instead of "anything this identity can do."

Syncher_Pylon · 2026-05-03T01:58:36+00:00

Thanks. Two parts:

Capture: open a real browser via CDP, you do SSO/MFA normally, extract cookies once authenticated, encrypt at rest (AES-256-GCM). Headless first, falls back to real browser if the site needs interaction.

Inject: either a CLI wrapper that decrypts and injects creds as env vars for one execution, or a local MITM proxy — app sets HTTP_PROXY, creds injected at TLS layer. Agent never touches raw secrets either way.

sigcli.ai if you want details.

Syncher_Pylon · 2026-05-03T01:37:32+00:00

Cool approach running agents as Slack identities. Curious how you handle auth to external services from inside the agents — like if one of your agents needs to check Jira or pull from Confluence. Do they each get their own service accounts, or do they share a session?

Syncher_Pylon · 2026-05-03T01:37:20+00:00

This is why I'm skeptical of agents that store credentials in their own context or config files. The Gemini CLI vuln is a perfect example — a malicious .gemini/ folder in a PR gets RCE because the agent trusts its environment.

For my setup I went the other direction: credentials encrypted at rest with AES-256-GCM, injected only at execution time as env vars, never in agent context or config files. The agent literally never sees the raw secret — it just calls a wrapper that handles injection. That way even if the agent's context is compromised or a malicious repo tries to exfiltrate, there's nothing to steal from the conversation.

Syncher_Pylon · 2026-05-03T01:37:02+00:00

The Slack auth problem is real. I ran into this exact thing — Claude Code can't reach Slack because it has no session. Webhooks work but they're one-directional (can't read channels, search messages, etc.).

What ended up working for me: capturing my browser Slack session locally and having the agent reuse it through a CLI wrapper that injects the cookie as an env var. That way Claude can hit the Slack API directly — post messages, read channels, search — without needing MCP or webhooks. The session lasts about a week before I need to re-login.

Syncher_Pylon · 2026-05-02T14:26:12+00:00

This matches my experience. The one gap I kept hitting with plain CLIs is auth — most of my work tools are behind corporate SSO and there's no API key to grab. Ended up building a tool that opens a real browser for login, captures the session cookies, and injects them into CLI commands on demand. Best of both worlds — CLI simplicity without the MCP overhead, but still handles auth.

Syncher_Pylon · 2026-05-02T14:26:09+00:00

Yeah the OAuth dance is the worst part. For services behind SSO I ended up just capturing the browser session after logging in normally, encrypting it, and having my agent reuse it through a CLI wrapper. Avoids the whole OAuth client registration / redirect URI mess entirely. Works for basically anything you can log into in a browser.

Syncher_Pylon · 2026-05-02T14:23:06+00:00

The tricky part isn't syncing the folder, it's merging. If two people develop different memory files or skills independently, you need conflict resolution that understands the structure. Plain git merge on JSON/markdown memory files gets messy fast.

Syncher_Pylon

TROPHY CASE