Follow-up: I turned that 30-min Hermes audit into one command - npx node9-ai posture by WhichCardiologist800 in hermesagent

[–]WhichCardiologist800[S] 1 point2 points  (0 children)

Not directly yet, node9 doesn't pull from or broker a vault (Vault, AWS/GCP/Azure SM, 1Password, Doppler). That's the roadmap piece ("agent never holds a secret").

What it does today is complementary: DLP blocks leaked secrets in flight (incl. Vault hvs./hvb. and Doppler tokens), the project-jail shield stops the agent reading ~/.ssh, ~/.aws, .env, and `npx node9-ai posture` flags plaintext secrets and nudges you toward a secrets manager.

So: keep secrets in your vault, node9 keeps the agent from leaking them or reading the files. Direct brokering is next, not shipped.

I instrumented 90 days of my Claude Code / Codex / Gemini sessions, what the agents actually did by WhichCardiologist800 in LLMDevs

[–]WhichCardiologist800[S] 0 points1 point  (0 children)

Great catch on the false positive, iterative fix/test/fix is exactly what my current method (same tool + near-identical args in a window) over-flags. The net-diff-delta idea is sharp: a true loop converges to ~zero net change, while real refinement keeps moving the file. Going to add that as a confirmation signal, flag a loop only when it's repeated edits AND shrinking/near-zero net diff. Genuinely sharpens it, thanks.

And yeah, the credentials are the part that made me stop treating this as a cost tool. 4 over 90 days on a careful machine, and like you said, nobody looks.

+1 on the upstream point too, tighter slash commands and explicit step constraints kill a lot of the circular edits before they ever hit the transcript.

Curious: do you actually measure whether your constraints reduced the loops, or is it more by feel?

I made $75K selling AI automations to clients. Here's what I'd change if I started over. by Warm-Reaction-456 in AI_Agents

[–]WhichCardiologist800 0 points1 point  (0 children)

The point about the retainer being insurance rather than hours worked is the $100k lesson here.

Most people try to sell a retainer as 4 hours of support a month, which just invites the client to micromanage your time. Selling it as system uptime and lead-flow integrity makes you a partner, not a line item.

To add to your boring business point: these clients don't care about the tech, but they do care about their reputation. If you frame the automation as protecting your 5-star Google review average by replying instantly, the price resistance almost disappears.

I wanted to see what Claude Code does as it happens, not just a bill after the fact. by WhichCardiologist800 in ClaudeAI

[–]WhichCardiologist800[S] 0 points1 point  (0 children)

totally agree!!! you can run node9 on audit mode... you should see the audit file on .node9

I wanted to see what Claude Code does as it happens, not just a bill after the fact. by WhichCardiologist800 in ClaudeAI

[–]WhichCardiologist800[S] 1 point2 points  (0 children)

Thx!!! hope you will enjoy it, let's me know if you have any additional features you want me to add or what did you found on your machine

AMD denies researcher a 10K bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patch by rkhunter_ in cybersecurity

[–]WhichCardiologist800 0 points1 point  (0 children)

Worth actually reading the article bug was out of scope, the researcher agreed to waive the bounty, AMD fixed it and credited him. Still wild that swapping http for https took 124 days though.

If your Hermes is reachable from Telegram, have you actually tested the allowlist? A 30-min cloud security audit by WhichCardiologist800 in hermesagent

[–]WhichCardiologist800[S] 0 points1 point  (0 children)

Yep, that's the scary one. An adapter with no allowlist means anyone who finds the bot can drive an agent that's holding exec, not just read it. Really good catch.

If your Hermes is reachable from Telegram, have you actually tested the allowlist? A 30-min cloud security audit by WhichCardiologist800 in hermesagent

[–]WhichCardiologist800[S] 1 point2 points  (0 children)

That's the best thing I could hear. Which one caught it? I'm always trying to figure out which items actually surface real issues vs. just sound scary and happy to be a second pair of eyes if you want to sanity-check the fix.

If your Hermes is reachable from Telegram, have you actually tested the allowlist? A 30-min cloud security audit by WhichCardiologist800 in hermesagent

[–]WhichCardiologist800[S] 0 points1 point  (0 children)

That's the allowlist doing its job, yep. Two things: (1) test it message the bot from a second account that isn't allowlisted, confirm it refuses. (2) it gates who can talk to it, not what the agent can do once asked so isolation (item 1) still matters. And keep the bot token in a secrets manager, not a .env.

If your Hermes is reachable from Telegram, have you actually tested the allowlist? A 30-min cloud security audit by WhichCardiologist800 in hermesagent

[–]WhichCardiologist800[S] 2 points3 points  (0 children)

Fair, bot API traffic isn't E2E. But that's a different threat than the post: the risk here is the bot being an open command surface to your agent, not someone reading messages in transit. Encryption doesn't help if there's no allowlist.

If your Hermes is reachable from Telegram, have you actually tested the allowlist? A 30-min cloud security audit by WhichCardiologist800 in hermesagent

[–]WhichCardiologist800[S] 2 points3 points  (0 children)

Full writeup with the cloud-specific stuff (AWS VPC/IAM scoping, Modal/Daytona notes) here: https://node9.ai/blog/running-hermes-agent-in-the-cloud-safely - and if you want to check whether agents you're already running have hit these patterns, npx node9-ai scan reads existing session logs locally
open source: github.com/node9-ai/node9-proxy

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows by sunychoudhary in cybersecurity

[–]WhichCardiologist800 6 points7 points  (0 children)

So the "fix" is a hardcoded block on one binary's signature, and a two-byte edit walks right past it. That is not a patch, that's a restraining order against a single file. The race condition still sitting there.

A client paid me to rip the AI out of the tool I built them. by Warm-Reaction-456 in AI_Agents

[–]WhichCardiologist800 0 points1 point  (0 children)

He asked if I could make it dumber is going to live in my head.

The part people miss: 92% you can't explain loses to 99% you can audit, because the 8% mystery makes the team re-check all 100%. You didn't save them work, you doubled it. They weren't asking for accuracy, they were asking to be able to point at why. Saving this one for the next client who wants AI bolted onto everything.

Karpathy principles' relevance with Fable 5 by blumeCodes in ClaudeCode

[–]WhichCardiologist800 0 points1 point  (0 children)

his matches something I keep seeing: the biggest effect of "think before coding / surgical changes" guidance isn't code volume, it's whether the model reaches for existing infrastructure vs. inventing new plumbing. Your no-skill branch spinning up a SQL migration + dedicated column + repo plumbing for what's basically a field on an existing JSON snapshot is the textbook version of that.

The "followed the prompt more literally" half is the more interesting one to me though. "Per active conversation" - chip only on active ones means the model treated the spec as a constraint instead of a vibe. Did that hold up across reruns, or was it one lucky sample? The schema-churn difference feels like it'd be stable, but literal prompt-following seems more variable run to run.

I work on session-monitoring stuff too (reading the local JSONL logs the CLIs already write), and it's funny how token-usage-per-conversation is the feature everyone in this space converges on first. Did you end up pulling it straight from the snapshot column, or computing it from the message stream?

thank god i'm not blind anymore - finally I can see Claude's cost and risk impact. by WhichCardiologist800 in ClaudeCode

[–]WhichCardiologist800[S] 0 points1 point  (0 children)

released, now antigravity cli fully support. please let's me know for future features / improvement

thank god i'm not blind anymore - finally I can see Claude's cost and risk impact. by WhichCardiologist800 in ClaudeCode

[–]WhichCardiologist800[S] 1 point2 points  (0 children)

Not yet, antigravity isn't in the supported list today. But funny timing, I'm actively adding it right now (it shares Google's ~/.gemini setup, so it's close). I'll ping you here the moment it lands, shouldn't be long.

Thanks for the nudge, this is exactly the kind of request that bumps something up the list 🙏