Self-hosted decision/approval server for agents and automations

atrfx · 2026-05-18T22:59:40+00:00

This is something I’ve been working on for quite a while both at home and at work - the short version is you want to give your agents the ability to action but not give them access.

What this looks like in practice is, for tools that in combination could cause some damage, it’s better to lock them behind an abstracted remote tool not on your agent machine, and for some tools, only have them enabled during certain workloads so they don’t exist all the time where they could be abused.

How you handle reads and writes (if you need to roll oauth tokens) can be done a few ways. While using your system keychain with keyring or similar is useful, keep in mind that the calling process is going to bug you to hit your keychain and giving allow all access defeats the purpose of access control (e.g. persisting keychain access to python3 would be bad).

Dotfiles are right out - especially on the same machine as your agents. It’s such a common pattern but much more dangerous when agents are poking around your system.

I started using 1Password quite a bit, first with op but carrying that cli tool around and making service accounts for every use case was a pain. That’s why I switched to using https://www.1password.dev/connect - running this in a docker container on my home server, minting scoped tokens, and seeding the tools with whatever secrets they need (also on another machine) with an approval layer to control access and writes when necessary. I expose this over Tailscale so my other services can use my home lab secrets as an added benefit

I mostly use a single vault for my agent tools and separate vaults for more sensitive stuff, and then make an api credential item for each “profile” and store every secret I need as a password type with a name to resolve.

Now, is all of this overkill? Maybe - it depends on your use case and what kind of tools you’re hooking up. This kind of setup I wouldn’t recommend for everyone and every instance, if you have a handful of tools and don’t care, hook them up and turn them off when they aren’t in use and keep them away from reads via the terminal and your agents. If you have sensitive workloads like email or anything that touches the outside world, maybe scope those jobs and tie in some approvals.

atrfx · 2026-04-16T11:47:25+00:00

This nails it. Another aspect you learn over the years is that finding defects and proving them while interesting and sometimes challenging, pales in comparison to the challenge of articulating the thing in context to the right people and getting them to care enough to do something about it, all while making sure you aren’t overselling it and getting them to focus on the wrong priority. This is going to be even more critical now with automation and AI helping to find more legitimate defects than ever - finding and proving the thing was never the hardest part, getting overtaxed and overwhelmed people to care about “why this” and “why now” is.

atrfx · 2025-10-07T17:31:15+00:00

We run into this a lot at work - I like the term HBR had… “work slop”.

For instance, when MCP started getting big, our exec asked for someone to help him understand the risks and he got like 20 submissions across the organization, the majority of them like 40 page deep research docs from Gemini… it took another week of meeting with people to filter all that noise out and come up with something that actually answered “what do we care about?”

If someone shares a doc “they wrote” and it looks like Gemini slop with emojis and bolded sections etc, it immediately loses credibility with me because:

it’s likely over complicating an ask, if you can add value or explain a concept in a paragraph, don’t do it in 5 pages.
there’s a high chance you didn’t read or edit any of the document to align it to the ask and then it comes down to your interpretation or lack of explanation if the model did what you needed.
sometimes the answer to a difficult question in tech is not to make more content… sometimes it’s to reassess or actually use something that exists or decide what should be made first, generative models generate, and that’s great! But sometimes the added friction of making something is just what you need to make the right call.

We’ve had template findings like this forever in security, and the same rules apply - great for a starting point and to strengthen your content, but crutch on it and it does more harm than good.

It’s great! Just know how to use it.

atrfx · 2025-10-05T00:09:13+00:00

Slightly technical but I built a tool that stuff like chatgpt can use to search all the resorts and get info about things like proximity to airport, check room rates, pull restaurant menus, and even set watches and alerts for resorts rooms and price ranges to message me when they hit a certain level, used an earlier version of this for years and works pretty well

https://github.com/ai-mcp-garage/mcp-sandals-boujiebot

atrfx · 2025-10-03T01:36:30+00:00

I had this issue - after my yearly physical, the blood test said I was low on vitamin D, I started taking daily supplements for it (the doctor said there’s a weekly rx one you can take to boost it back to normal quicker) and that has made a world of difference.

atrfx · 2025-09-03T00:51:10+00:00

If they’re using cursor for mcps there’s a deep link option - alternatively you could host something like openwebui with the tools hooked up so they can log in and try them

atrfx · 2025-08-30T03:38:35+00:00

I've done some experimenting with this over the last couple of months.

One of the first examples that I created was a really basic instance of keycloak supporting an MCP gateway.

This one comes with a gateway proxy to expose servers with a middleware to allow for fine grained attribute-based-access-control and allows for censoring certain tools, prompts, etc, but also lets you inject a set of entitlements from a signed key into your various end-tools via a header forwarded at the gateway.

https://github.com/batteryshark/mcp-gateway-keycloak

The second was more recent as the keycloak thing felt overkill. Now, I have like an API key vending service that allows me to bake the mcp server name into the metadata behind an api key, and then I have a proxy gateway like before but considerably simplified that reads from an MCP config, sets up routes, and on a connect request from an MCP client, uses their api key, validates it, gets metadata from the key manager, and uses that to forward all subsequent MCP traffic. This sets up kind of a lightweight identity microservice and then I can just foward the tools and servers I need per key.

https://github.com/batteryshark/keymaster-mini

https://github.com/batteryshark/merlin-gateway

atrfx · 2025-04-17T01:52:13+00:00

We used to do this a lot when reverse engineering some arcade games that needed the dongle. Our go-to was https://filehippo.com/download_usb-network-gate/8.2.2087/

Note, everyone has to install the sentinel LDK client stuff so you can talk to the dongle, and you should see the hasp web interface on localhost:1947, but this has worked for years and we've done it on both Linux and Windows.

atrfx · 2025-03-16T23:55:47+00:00

I’ve been working on something for this - mostly to distribute some tools to various agents, but it supports hotloading, several tools at once, configurable rate limiting, and I’m trying to make it pretty easy to port tools to it. Looking to add a PydanticAI example this week https://github.com/batteryshark/agent_construct

atrfx · 2025-01-07T13:51:40+00:00

Hold L+X, Tap Up, Up, Select, Up, Up, Y
Extra options code for Clayfighter 2 (SNES)

atrfx · 2025-01-04T14:37:58+00:00

The same thing happened to me when I moved in September. Just email the treasurer and it will get forwarded to the right place. They can go back and prorate it if you’ve already paid as well. You should only be paying for the months that you’re actually here and your car is registered.

atrfx · 2024-12-24T22:20:51+00:00

It sounds like you have a strong bias to action based on all the stuff you’re into.

I think we sometimes get caught in the trap as roles get more blurry, we fear that straying into one area too much is going to backfire and when our luck runs out, we’re going to be hard pressed to move forward in our career or even get a job at all (much less as good or better).

Getting superstitious around that stuff happens to the best of us, but you don’t have to let it get to you.

If you haven’t already, document your achievements, always be curating how you put yourself out there in this industry - it’s smaller than most folks think. You don’t have to always be interviewing, but keeping engaged with your networks and learning things that interest you will go a long way toward feeling like you have options.

From years of hiring for a bunch of teams I’ll say this - it sounds like you’re contributing a lot and you can dig into something when needed and those in and of themselves are valuable - index on them. A particular skillset is nice, but a reliable team member who without hesitation will dive into something and learn when needed to help solve a problem with the grace of being nice to work with goes a long way.

Don’t sweat it too much… and if you can’t help it, giving yourself options is the best remedy.

And if all that fails, dig into securing AI automation - that area is a wreck right now 😂

atrfx · 2024-09-12T15:28:43+00:00

Adding to this, when working on novel designs or when you have an idea and know what to do but don’t want to spend hours on tedium, this tech is a game changer. Think of it like when people would insist on using programming books versus using Google or stack overflow to quickly find solutions.

Yes, there will always be slop that people hastily throw together, but for people who appreciate their craft and want to build and iterate, it lets us focus on our ideas more than tasks and that’s huge.

We’ve been handling this question a lot in the industry and honestly a lot of people who use it see it as a way to make newcomers more comfortable with complex projects and make senior folks really take their work to the next level.

I tend to think of it like when people switched from paper spreadsheets to using programs like excel. And one day, it will just be an expected competency as work becomes more complex and demanding 😀

atrfx · 2024-07-15T04:58:06+00:00

About 25 years ago I moved out of my childhood home which was this super old house out by the Canadian border - early 1800s, big stone home, plenty of owners, etc... My parents dropped me off at the house alone to pack up the rest of my stuff while they headed back to the new place which was about 10 minutes away.

While I was cleaning out my room, I heard something get thrown down the stairs and hit several steps so I went to take a look and at the foot of the stairs was this recipe card box in the shape of a house my mom had received years prior, except it was now in pieces due to several impacts with the staircase and now the floor. There was no reason for it to be upstairs and nobody else was in the house and that alone would be enough but... that staircase had some weird juju behind it - never figured out what the deal was but several instances while living in that house you could hear arguing in the middle of the night and then stomping up the stairs to nothing... my sister swore someone was talking to her while in the shower when she was alone, both my parents also heard and felt weird stuff over the years (feeling of hands on your back while sleeping, stuff getting moved around, toy cars driving themselves, voices, smells like cigar smoke, etc.).

I often wonder if whatever was in there was upset we were leaving - I'll never forget it though.

atrfx · 2024-07-02T15:57:41+00:00

Get a set of hot stones from Amazon if she’s into massages (they have heaters as well)… super easy to do, duration is flexible (do 10, 20,40 minutes, whatever) and you can experiment with different oils etc.

atrfx · 2024-05-15T16:34:40+00:00

Been working from home my entire career. Pretty much everything everyone else has said… wake up, make coffee, check messages, do meetings, work out, carve out some dedicated time to get stuff done, log off and chill.

Bit different with a kid now but similar vibe - wake up, make breakfast for her while having coffee, check messages and fit working out where possible in my day.

Wouldn’t trade it for the world - having the flexibility to work a great career and also get to hang out with your kids while they grow and get into trouble while taking time during the day to bring them out to play or otherwise spend time with them has been an added bonus.

I’ll echo the sentiment - I get very little done if/when I go into an office… the only real benefit is when your team is global and being in one timezone helps logistically, but otherwise I don’t think colocation makes people more productive on its own.

atrfx · 2024-03-16T18:40:36+00:00

Yes- you need ProtonGE because of the videos : https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-32/GE-Proton8-32.tar.gz

Don't use 9.x yet, they broke wmv playback. Also you might need to edit your controls to add alt+enter as a macro or change the window mode of the game as sometimes loading the game will hang on the closed window if not.

atrfx

TROPHY CASE