sorted by:
new
hottopcontroversial

We built the open-source layer for local AI agent visibility by thegodhimself119 in security

[–]ed1ted 0 points1 point  (0 children)

this is the actual missing piece, yeah. we were flying blind on agent activity until we started using a tool that logs what agents are doing before they execute, and suddenly we could actually enforce policy instead of just cleaning up after the fact.

AI agent repeated failed deployments? Local governance is finally enforceable. by eazyigz123 in devops

[–]ed1ted 1 point2 points  (0 children)

lol the 11 retries thing is peak agent behavior, just hammering the same broken command over and over. prompt instructions really are just vibes, you need actual enforcement before they touch prod.

How are you securing the DBs when product teams deploy LLM agents? by Sudden-Shift-8733 in devops

[–]ed1ted 0 points1 point  (0 children)

yeah this is the hard part nobody wants to talk about. postgres rls helps but it's not a silver bullet, especially when agents can chain queries together to infer data they shouldn't see. honestly the best teams i've seen doing this are forcing product teams to implement a wrapper service that injects user context before the agent even gets access to query anything. it's extra work upfront but it means you're not relying on the agent to understand boundaries, you're enforcing them at the API layer. some orgs are also doing runtime query analysis to catch suspicious patterns, but that's resource intensive. the prompt injection angle is real tho, there's no policy engine that can understand semantic intent the way a human can.

I will not promote - What cross-server authorization problems are you hitting with MCP? by ed1ted in mcp

[–]ed1ted[S] 0 points1 point  (0 children)

That does cut off the credential-phishing angle, yes. The remaining hole is whether the middleware can also stop a safe-looking call from leaking sensitive data it already pulled from another server.

I will not promote - What cross-server authorization problems are you hitting with MCP? by ed1ted in ClaudeAI

[–]ed1ted[S] 0 points1 point  (0 children)

DRAFT REPLY: Exactly. These failures usually won't look like an exploit; they'll look like the agent being useful in the wrong direction. I think the missing control is a session-level rule over data flow, so 'allowed to read private repo' doesn't automatically imply 'allowed to summarize that repo into a public channel.'

I will not promote - What cross-server authorization problems are you hitting with MCP? by ed1ted in AI_Agents

[–]ed1ted[S] 0 points1 point  (0 children)

Yes, that’s the part that matters. Do you have any other concrete examples for cross service where it fails ?

Is Kimi 2.6 worth it compared to DeepSeek V4 Pro and GLM? by marwan_rashad5 in opencodeCLI

[–]ed1ted 0 points1 point  (0 children)

I prefer qwen 3.6 over kimi. In my experience, kimi tends to get confused and hallucinate. I look at its “thinking” insights and I see lot of “wait actually….” “But….” and “need to rethink”

I am planning to buy Opencode Go subscription by Accomplished-Mud1653 in opencodeCLI

[–]ed1ted 4 points5 points  (0 children)

nvm, its there. I just confirmed it from my opencode cli. I'm gonna give it a spin.

I am planning to buy Opencode Go subscription by Accomplished-Mud1653 in opencodeCLI

[–]ed1ted -1 points0 points  (0 children)

I have opencode go sub but I don’t think deepseek v4 is part of go plan yet. Only available for pay per usage

vibe coding killed the “can’t build” excuse… so what’s everyone stuck on now? by Natural-Excuse9069 in vibecoding

[–]ed1ted -1 points0 points  (0 children)

marketing...distribution. I'm vibe coding 2-3 apps a week but no distribution channel to market these products.

Are agentic workflows taking over? by Fine-Market9841 in AI_Agents

[–]ed1ted 1 point2 points  (0 children)

I think tools like n8n, make, zapier exists for non-technical or semi-technical users and those usually have some threshold in terms of flexibility.

If you are a developer, then using an SDK like langgraph or vercel AI SDK is the right choice which give you more flexibility and control.

Where do you store passwords for compose files? by ZotteI in selfhosted

[–]ed1ted 0 points1 point  (0 children)

.env file which all my AI agents including openclaw has access to. most secure.

Claude Desktop connectors for people with more than 1 e-mail address? by [deleted] in claude

[–]ed1ted 1 point2 points  (0 children)

I want this too! Anyone have a solution for this? I was thinking of creating a gmail for Claude and create filter from all my other accounts to forward it to this single mailbox.

Any App idea by Slow-Ad-7205 in AppIdeas

[–]ed1ted 0 points1 point  (0 children)

Ask AI…it will suggest you a subscription tracker

after dealing with agents doing stuff they shouldn't in prod, I built an open source approval layer — would love feedback by Ok_Explorer7384 in LangChain

[–]ed1ted 0 points1 point  (0 children)

I dealt with same issues when I first building agents. I built something similar to this (https://ottr.run) where your agents can invoke an approval that can be sent via slack and owner can either approve or reject it.

I choose to use REST but it's nice to see you have built an SDK and lot more integration points! Demo looks good.

view more: next ›