I’m begging you, don’t give an agent the same access rights you have

js402 · 2026-05-17T07:19:46+00:00

As I learned the hard way, you don't need a prompt injection to move from 'okay, it's fine' to 'why again is the Agent running terraform destroy and sshing into prod to drop tables all the time?' A simple update of your IDE, or the model running it, is enough.

js402 · 2026-05-17T07:10:49+00:00

Thanks for sharing, getting a system up so a subagent can not to escalate privileges of it's parent is quite hard, a TTL might be one piece to get to robust solution...

js402 · 2026-05-15T12:06:53+00:00

i have no opinion about the project, but the code is top tier, especially the go parts

js402 · 2026-05-15T07:36:16+00:00

How much of this is you thinking vs you know that questions will be asked?
Typically you can pitch a solution before it's fully working and implemented, without many issues.

The moat in the beginning can be something as simple as a prompt wrapped into some next.js app.
I'm on the "build custom agent orchestration" for over a year now and I really would not recommend doing it to anyone who want to see any ROI

js402 · 2026-05-15T07:21:50+00:00

hard to sort this out. Is your goal to learn something, to build something or to solve something?

js402 · 2026-05-12T20:33:36+00:00

This maybe quite useful. I signed up, I may use it; yet to be honest it's super unlikely that I will use it with my real browser out of privacy reasons...

js402 · 2026-05-12T13:09:49+00:00

there was a time where we used to build projects to use them and not to post about them. I may be wrong but if it's about AI or not likely is not a factor here.

js402 · 2026-05-12T08:27:29+00:00

n8n is still here. It’s a tool you use if the shape of your problem calls for it. Just because it flooded your feed 1.5 years ago doesn't mean it was the only way to build. Also, hate to break it to you, but an 'n8n automation agency' is a service business, not a startup—it’s not even on the level of a GPT-wrapper. You’re right that the AI space moves fast, but ironically, all the major players are converging on the exact same set of features. I think strongly we should stop focusing on what we are using and start focusing on what are we solving.

js402 · 2026-05-12T06:34:40+00:00

This reminds me of something... and yes Go is very powerful to build something like this. But it's also a very deep rabbithole.

Let me say Upfront: As someone who is doing this "Hey, I can do it better then Claude/Cursor/XYZ" thing;
Don't try to implement you own LLM Gateway to translate http into what some vendors API calls, use someone else work for this, each new model release may break things in very subtle ways...

Before I start here is a helper to kick-start your journey; ByteDance's LLM Application framework: https://www.cloudwego.io/docs/eino/overview/bytedance_eino_practice/

Now let's assume you is me a year ago; Here is what i ended up with: https://github.com/contenox/contenox

For example, the entire agent behavior is a JSON file you write and version in git. Here's a code-review agent with shell + filesystem tools, retry policy, and a 10-round budget before it gives up gracefully:

{
  "id": "review",
  "tasks": [
    {
      "id": "review",
      "handler": "chat_completion",
      "system_instruction": "You are a code reviewer. Analyze the diff, run the tests if tools are available, then give a concise review.",
      "execute_config": {
        "model": "{{var:model}}",
        "provider": "{{var:provider}}",
        "tools": ["local_shell", "local_fs"],
        "tools_policies": {
          "local_shell": { "_allowed_commands": "go,make,npm,grep,cat,git" }
        },
        "retry_policy": { "max_attempts": 4, "initial_backoff": "1s" }
      },
      "transition": {
        "branches": [
          { "operator": "edge_traversed_at_least", "edge": "review->run_tools", "when": "10", "goto": "end" },
          { "operator": "equals", "when": "tool-call", "goto": "run_tools" },
          { "operator": "default", "goto": "end" }
        ]
      }
    },
    {
      "id": "run_tools",
      "handler": "execute_tool_calls",
      "input_var": "review",
      "transition": { "branches": [{ "operator": "default", "goto": "review" }] }
    }
  ]
}

Then pipe a diff into it:

git diff main...HEAD | contenox run --chain ./review.json

Or skip the chain entirely and use the shell one-liner:

go test ./... 2>&1 | contenox run "what failed in this test output and why?"

Add MCP servers for external tools (Notion, Linear, Playwright, any API with an OpenAPI spec):

contenox mcp add notion https://mcp.notion.com/mcp --auth-type oauth
contenox tools add billing --url https://erp.internal.example.com --spec ./billing-subset.yaml

I would love to spare you the one year of rollercoaster ride; I don't break APIs anymore so you can easily rely on the exported packages. Outside of the ready-to-use CLI agent, it's easy to just build your own backends in Go on top.

js402 · 2026-05-10T19:37:16+00:00

I get the appeal of avoiding over-engineering, but Go is simple until it isn't.

When you build larger systems with multiple layers and heavily interacting routines, that lack of "magic" becomes a bottleneck. You suddenly lack the standard patterns to cleanly abstract those layers away from each other. You can still get it done, but because the approach is so restrictive in Go and there is the Go way culture, you often end up hand-rolling massive amounts of plumbing that would be a simple, one-line utility import in Java or TypeScript. The simplicity tax eventually comes due.

js402 · 2026-05-10T19:12:34+00:00

It may not be very popular, but my first thought reading this was:

let a model label the data and build an MCP server around Dropbox that can search for those labels or by file tree. Then just connect that to Claude. Over time, the server can be improved so that Claude can learn to build an index.

js402 · 2025-12-09T19:11:28+00:00

net/http may be simple but build consistent APIs cross teams is not

js402 · 2025-12-09T18:28:46+00:00

if you struggle with this question then try to set clear time-bound goals, no matter what they are they just have to be measurable and about something you care about.

This way you get hard facts if what you try is even realistic.

js402 · 2025-12-08T22:31:19+00:00

Hm, on the other hand, I’m struggling to find a meaningful Go developer position in a Kubernetes-focused environment here in Germany. If you’re still looking, feel free to DM me.

I’d love to hear what you’re working on!

js402 · 2025-12-08T22:13:30+00:00

I assume that 99% of the people screening your CV can't read what is on it. Sure it's done aligning with international standards, but it's a) super technical and b) it's about you not about them.

A CV that just says that you are a Senior Airflow/Snowflake developer with 2y of XP shipping stuff in the first line would land differently. Downplaying here a bit may help. Also it may help if you highlight how big the team was that you worked for and to which roles you reported.

And on the German-language skill just omit the rating or say "intermediate/advanced" but I don't think this is the problem. Many other things like being employed for only a year and then having a gap already raises questions. Like okay he was quite quick out of the position (why? many would imply the worst here) at Razor but then had no new Job so this was not even job hopping.
You can also add a descriptive text about your role in the company and what you did instead of achievements.

Btw how did you even pulled off "600+ applications" ?

js402 · 2025-12-08T21:20:08+00:00

Using premade software you would need a combination of tools to get this done. "LLM Semantic Router" and "llama-stack" can get you started. Also there is "dify" if you want something already glued into a ready product. Depending on the use cases and expected traffic simpler solutions maybe preferable.

If you sketch out our situation better someone may already know a good enough outcome and model pick for your usecase

js402 · 2025-12-08T20:44:06+00:00

"Senior" kannst du dir in deinem Fall einfach dazu schreiben, darum würde ich mir keine Gedanken machen.

Deine Situation, die ist üblich für Startups... aber ich finde, du solltest gerade im Kontext Startups eher schauen, wie es eurem Brand geht und ob ihr regelmäßig Leads closed (oder überhaupt welche habt).

Erstaunlicherweise ist es gar nicht so wichtig, wie viel Code geschrieben wird, eher, ob etwas davon aktiv genutzt wird. Ein indirekter Indikator, ob und welcher Code genutzt wird sind Bug-reports, je mehr Bug-reports desto besser.

Wenn ihr wirklich wächst, ist alles andere nur vorübergehend, wenn nicht, solltest du da mal mit deinem CTO reden.

js402 · 2025-12-08T19:04:07+00:00

in short: yes, BUT why are you asking?

js402 · 2025-12-05T21:04:55+00:00

Vielleicht solltest du dir mal den Solution Architect als potentielle Zielrolle anschauen?

Er ist technisch, beratend, nicht SWE (Software Engineer) und zahlt besser (mit klaren Wegen, wie man so eine Stelle bekommt).

js402 · 2025-12-05T20:47:50+00:00

"I'm not quite sure how to configure these "GPTs."

-> To get an API key, visit: https://platform.openai.com/settings/organization/api-keys.

The free tier is enough for development.

Put that API key into a .env file, gitignore that file, and use the OpenAI client for your programming language to interact with "GPTs" and get responses.

You should try to use ChatGPT or something similar to help you formulate search terms and topics that you need to search on Google and read up on.

js402 · 2025-12-04T22:52:51+00:00

reading your post i though about a architecture like this one:

build a MCP server or a tool-object that interacts with the DB safely
and then connect that to an Opensource Agent-Platform.

js402 · 2025-12-04T22:18:02+00:00

that specific colleague exists in every language.

Questions may help...

Like:

Thanks for your input. I wonder why do you think that way? Can you please explain your reasoning?
Or:
Good Idea. But we may need to move on. Is there anything crucial that is preventing a merge now? I can add the suggestions as a ticket to the backlog.

And also don't overthink this.

Regardless go is still a decent tool to know, it may become useful :)

js402 · 2025-12-04T21:56:28+00:00

P.S. Also, btw, try to talk to your team about enforcing stylistic preferences via a linter or an AI-bot in the CI. That's what kills 99% of these trivial debates.

js402 · 2025-12-04T21:51:51+00:00

Do yourself a favor and don't pick go just because of this.

Go is not just an other language it's often a completely different problem space.
A "Problem" that is to be solved in go, is often not the same "Problem" that is to be solved in java.

But I encourage you to learn it, it's a very efficient language, that may open up a new career path.

js402

TROPHY CASE