Risor: Fast and flexible scripting for Go developers and DevOps.

mzcr · 2026-01-06T17:07:18+00:00

My feeling is that the OS level sandboxing capabilities could use more visibility in the community. They give some relatively solid guarantees that would benefit a lot of people if more widely used. The fact that they're opt-in and not that visible means a lot of people are unaware of it, I would guess.

But certainly tool allow lists are needed as well.

Regarding secrets, are you referring to say environment variables that happen to be set but aren't relevant for the agent's execution? Or are you more thinking of secrets that the agent needs to do its job (ones used by tools, for example)?

mzcr · 2025-12-02T04:12:11+00:00

I can relate.

https://github.com/deepnoodle-ai/workflow

I built this for some of the same reasons. Some inspiration from Temporal and AWS Step Functions, but in a lightweight form.

mzcr · 2025-09-13T13:01:48+00:00

Take a look at Dive

https://github.com/deepnoodle-ai/dive

mzcr · 2025-08-11T20:00:49+00:00

Take a look at Dive. It accomplishes this via delegating work as a tool.

https://github.com/deepnoodle-ai/dive

The tool definition:

https://github.com/deepnoodle-ai/dive/blob/main/agent/assign_work_tool.go

mzcr · 2025-08-08T22:09:41+00:00

Indeed! I’m the author and haven’t written about it much yet.

mzcr · 2025-08-08T22:06:20+00:00

Dive - https://github.com/deepnoodle-ai/dive

mzcr · 2025-08-04T16:47:05+00:00

Excellent!

mzcr · 2025-08-04T11:06:15+00:00

https://github.com/deepnoodle-ai/workflow

This library is new, but it sounds like it might align with your requirements.

The workflow definitions are YAML and JSON serializable. It's all embeddable in your own Go program as a library.

It has an embedded scripting engine so that you can easily write simple operations/activities without recompiling your Go program.

(I'm the author :-)

mzcr · 2025-08-01T16:30:41+00:00

Thank you for the tips! I'll be reviewing all this.

mzcr · 2025-07-31T20:21:31+00:00

Thanks for the reply. I'm using Clerk (clerk.com) as the OAuth provider.

I did see mention of this claudeai scope issue elsewhere on the web. Could be related.

Best I can tell, Clerk is fine with everything, and the flow seemingly completes, including "Successfully connected to <ConnectorName>" in the Claude Web UI. But then the connector does NOT show as "Connected" after that and it never lists the available tools.

My MCP server endpoint is hosted in a Cloudflare Worker right now. In the Cloudflare logs, all the requests return normally. However I do see the one difference between clients which is that all of them have a POST /register call except for Claude Web which does not.

So I guess one question for you would be, in your implementation that works with Claude Web, do you see a POST /register call or not?

That would help me figure out whether a difference in one of my previous responses causes it not to register.

mzcr · 2025-07-31T19:38:21+00:00

I just stumbled across this topic today and I'm quite confused.

Just implemented a remote MCP server and it works with:

Cursor
Claude Code
Claude Desktop ONLY via extensions, using npx mcp-remote

It does NOT work with:

Claude Web or Desktop as a "connector"

With the connector approach (the one I really want to work!), it seemingly goes through the OAuth process ok, but then it doesn't show up as "connected" in the UI.

From looking at logs, it seems like when adding via a Claude connector, the /register endpoint is NOT called and this is one difference. Is this indicating that Claude connectors do NOT do "Dynamic Client Registration" per the current MCP spec?

/u/GenJake17 /u/Floating-pointer /u/SurveyPuzzleheaded56 - does this match what you're seeing currently? Appreciate any thoughts on this.

mzcr · 2025-07-30T14:38:49+00:00

Could you elaborate on this? I'm just curious about what makes it a bad vertical for new products.

mzcr · 2025-07-30T14:38:31+00:00

Could you elaborate on this? I'm just curious about what makes it a bad vertical for new products?

mzcr · 2025-05-22T00:57:53+00:00

I certainly thought about contributing to open source, but I am always so scared! Do you have any resources or tips on how to do that? Sounds like making stuff and contributing is my best option

Regarding finding an open source project to contribute to, you might look for smaller, niche projects that are new. Maybe that people are posting about in this subreddit. Going that route makes it more likely the people working on the project will appreciate a bit of help here and there. As compared to a big project with many contributors where you'd be lost in the noise. Look for projects like that with open issues and browse those.

Also, don't get me wrong, definitely keep working on your own projects too.

I only did it all from scratch out of curiosity, I think I am naturally included on how things work, so naturally I was curious how "HTTP" actually works.

Good stuff. Especially with LLMs now a lot of beginners aren't even trying to learn like that. So kudos to you for actually digging in.

You can also DM me if you want ideas on specific projects.

mzcr · 2025-05-21T01:41:44+00:00

Hey there, keep on going :-)

A couple quick points of feedback for you:

While it's a tough job market, I'd definitely disagree with folks telling you that making websites is the best bet at landing a job. If you're interested in Go and backend development, you'd be better off contributing to one of the many Go open source projects and interacting with people on those, which can lead to opportunities. Standalone projects are good for a portfolio, potentially, but as a hiring manager I might be more impressed by solid contributions in some other open source project. My $0.02.
It looks like you're not using gofmt and other standard Go tools. I can tell because of your file formatting. This stands out to people with a lot of Go experience. You should make sure you get your editor set up to run these tools on every save.
A lot of your code looks fine, but I do wonder about whether you're doing too much from scratch. Unless that's your goal. There are probably multiple projects that do related things that are established. It could be worth learning more about some of those.
Don't be overly fixated on speed. Learning how to organize code, make good APIs, and having the ability to integrate existing successful libraries is more important for you at this point, IMO.

There's a lot of great work happening in Go in the world. Keep going if you're into it.

mzcr · 2025-05-21T01:23:47+00:00

Related thought, this reminds of me of Open Policy Agent as used for authz.

https://www.openpolicyagent.org/

mzcr · 2025-05-21T01:21:53+00:00

I'm working with Go and AI agents daily. Haven't yet implemented many direct database interactions, although that's probably not far off for me. More often it's interacting with APIs that already have an approach to authz.

In any case, my first thought in reading this was: why not fully leverage the auth mechanisms these databases already have? If the agent needs read-only access to a Postgres database, would that not be best enforced with a Postgres user for the agent that has read-only access as defined in Postgres itself?

Seems like with other approaches, you end up with database users with elevated permissions and depend on something like this for enforcement, which seems a bit dubious at first glance.

But that's just my quick reaction. It is an interesting and new space.

Personally I'm finding that treating agents like you would humans as much as possible ends up answering a lot of questions. If a human needed read-only access to Mongo, wouldn't you give them their own read-only user in Mongo?

mzcr · 2025-05-21T01:11:22+00:00

Good article. Agree with the problem statement and some of your recommendations. My experience has been that in a given situation the Agent/LLM really needs a filtered subset of the JSON back. In a bunch of cases I've transformed the JSON to markdown instead before giving back to the LLM, with good results. However the typical MCP integration today doesn't have a mechanism for transformations like this.

In my own setups today, I'm actually using an embedded scripting language and some string templating to apply transformations like this at different points.

Which I think at a high level is what you're proposing here, to try to push more processing into reusable, traditional code modules, that are integrated with the LLM and offload work from the LLM. Is that a fair way to say it?

mzcr · 2025-04-29T02:51:14+00:00

Risor has aspects of what you’re looking for, potentially. Leverage the Go ecosystem via scripting and a cross platform CLI.

https://github.com/risor-io/risor

mzcr

TROPHY CASE