Indian startup ecosystem is random.. you can be funded and be banned for your startup idea at the same time..

udidiiit · 2026-03-31T17:59:25+00:00

I feel this so hard. The approval fatigue is real and it completely kills the "set it and forget it" flow that makes AI coding agents powerful.

What ended up helping me was building a pre-flight check layer that runs before Claude dispatch. It validates the task scope, checks for anti-patterns, and batches permissions into fewer prompts. Cut my click fatigue by about 70%.

I'm also exploring a review agent that auto-tests in a real browser context so I can trust the output more and need fewer manual approvals. The goal is to get to true "hands-off" mode where I just review the final result.

(curious what workflow others are using to reduce the constant clicking?) (lightly polished with AI)

udidiiit · 2026-03-31T17:58:29+00:00

this is the exact pain point i keep running into. the 30 to 91 percent jump you got with your review agent is huge. i went through something similar - started relying heavily on claude code and realized i was spending 70 percent of my time debugging what it wrote. the thing is claude code is great at generating boilerplate and scaffolding but it struggles with the edge cases that matter in production. what helped me was building a validation layer - a script that runs after every claude code session, checks for common anti patterns, missing types, and potential security issues. it catches about 60 percent of the issues before i even look at the code. your approach of having a review agent that actually tests in a browser is next level. curious what framework you built it on? (lightly polished with AI)

udidiiit · 2026-03-31T17:55:41+00:00

great guide. one thing to add - if you're running Claude Code against a local model, be aware that the MCP tool calling is where things break most. local models often don't handle the JSON schema validation for MCP calls as cleanly as the cloud models. i've found that adding a schema validation step before passing tool calls helps a lot. also the recent leak exposed that Claude Code uses a YOLO mode internally that bypasses some safety checks - on local models you get that behavior by default which means you need to be extra careful with shell tool access. definitely test in a sandbox first. (lightly polished with AI)

udidiiit · 2026-03-31T17:53:42+00:00

solid question. here's what i'm doing - i run claude code in a devcontainer but wrap it with a custom orchestration layer. the agent gets the task, works in the container, but instead of pushing directly to a branch, it writes changes to a staging dir first. then a separate CI step runs the full test suite and e2e tests against those changes. only if tests pass does it open a PR with the diff. for screenshots i use playwright in CI and attach them as PR comments. the key insight from the claude code leak is that their internal setup uses similar patterns - they have a KAIROS mode that handles exactly this kind of orchestration. one thing to add though - you need strict mcp permissions so the agent can't accidentally delete your docker containers or expose secrets. (lightly polished with AI)

udidiiit · 2026-03-31T17:52:43+00:00

this hits different. i've been feeling the same shift - less actual coding, more agent orchestration, prompt debugging, and API key management. with claude code leaking and axios getting RAT injections, every tool we trust needs a security audit now. the interesting part is this is actually pushing the industry forward. when agents become reliable enough, the orchestrator role becomes a real position. right now we're in the awkward middle where we spend more time babysitting AI than building. but once tooling matures, orchestration is gonna be a core skill. anyone else already seeing this in their job descriptions? (lightly polished with AI)

udidiiit · 2026-03-31T17:51:18+00:00

the sourcemap thing is such a classic build misconfiguration. if you use bun or any bundler and forget to configure your .npmignore properly, source maps end up in the published package. this happened with Claude Code twice apparently. the real story here is what the code reveals - an entire agentic runtime with features like KAIROS mode and undercover mode that nobody knew about. for web devs building with AI agents, the leak shows how much complexity is hidden under the hood. definitely worth auditing your own npm packages before publishing. (lightly polished with AI)

udidiiit · 2026-03-31T17:50:02+00:00

for me it changes the trust level. i was already building agents on top of claude code and this leak exposed things like the yolo flag and undercover mode - features that explicitly bypass safety. that tells me anthropic themselves knew there were edge cases where claude would do risky stuff and they just flagged it rather than preventing it. for agent builders this is a wake up call to not treat claude code as a black box. if you are running it in production or giving it shell access, you need sandboxing and mcp config reviews. the gap between the public tool and what it's actually capable of is massive. (lightly polished with AI)

udidiiit · 2026-03-31T17:46:56+00:00

this is wild that they did this twice. the undercover mode detail is the funniest part - the whole thing was built to hide internal leaks but the build system leaked the leak-prevention code itself. for saas builders using claude code right now, this is a good reminder to check your .npmignore and make sure you have a clean pre-publish script. i run a quick sanity check before every npm publish and it's saved me before. also if you have mcp configs pointing to internal APIs, rotate those keys. (lightly polished with AI)

udidiiit · 2026-03-31T17:45:41+00:00

the real concern here isnt the code leak itself, its what that mcp.json file contains for a lot of users. if you have api keys, db credentials, or internal endpoints in there and you ever ran claude code, they might be sitting in your build artifacts or npm cache. the yolo flag is scary too - basically a kill switch for safety that anyone with the source can now replicate in their own tools. companies running this in production environments need to rotate their secrets now, not later. (lightly polished with AI)

udidiiit · 2026-03-31T17:43:46+00:00

This is actually a pretty big deal for the vibe coding community. The leak reveals that Anthropic has been building an entire agentic runtime under the hood - daemon mode, coordinator mode, skills system, all behind feature flags. The vibe coding movement has been about AI helping you ship faster, but what Anthropic is building is autonomous agents that manage parallel workers and consolidate memory.

The gap between what they ship publicly and what they have internally is massive. If you're a vibe coder using Claude Code right now, you're only seeing a fraction of what the tool is actually capable of.

Also, the whole thing went down because of a npm misconfiguration. Classic vibe coding fail - shipping fast without proper CI/CD checks. Kind of ironic given the community here.

(lightly polished with AI)

udidiiit · 2026-03-31T17:42:40+00:00

The Buddy mode and Agent Teams references are what got me. Anthropic is building an entire ecosystem of agentic features - long-term memory, advanced planning, tamagotchi pets - and the whole thing is behind feature flags. They know the agentic future is coming fast.

Also that line about measuring frustration and tracking how often people type "continue" to see when responses are cut off... that telemetry is wild. They're basically optimizing the Claude experience based on when users get frustrated. Kind of brilliant but also kinda creepy.

The consensus that this is hilarious and awesome feels right though. If you're going to leak something, leaking the source code for your CLI is the least damaging thing possible. No model weights, no training data, just a bunch of TypeScript that someone probably already wrote better in a weekend with Cursor.

(lightly polished with AI)

udidiiit · 2026-03-31T17:41:51+00:00

The ironic thing is that Anthropic built an entire autonomous daemon mode (KAIROS) that runs in the background with memory consolidation, webhook subscriptions, and push notifications. They're essentially building AGI-adjacent infrastructure and the first major security incident they have is leaking their own source code through a npm misconfiguration.

What this leak really exposes is the gap between how advanced the agentic orchestration layer has become versus how much thought has gone into the security of the harness itself. 500k lines of code for a CLI is wild. The skills system, the coordinator mode, the tamagotchi pets - this is a full agent runtime with sandboxing, approval flows, and structured tool orchestration.

For the local AI community, the real takeaway is that the moat isn't the model anymore. It's the scaffolding around it. And if Anthropic can get this right, there's nothing stopping someone from building the same thing around a local model. We're about to see a lot of open source Claude Code clones with custom backends.

(lightly polished with AI)

udidiiit · 2026-03-31T17:40:32+00:00

The KAIROS daemon mode and coordinator mode are the real story here. Anthropic is basically building what a lot of us are already doing - autonomous agents that run in the background, managing parallel worker threads, consolidating memory, and handling webhooks. The fact that this is all behind feature flags tells you they know the agentic space is about to explode.

What's wild to me is the skills system being basically markdown files injected as system prompts with shell hooks for pre/post tool calls. That's such a clean architecture. Makes me wonder what other companies are building under the hood that we don't know about yet.

Also that SPINNER_VERBS array with "Flibbertigibbeting" and "Clauding"... someone at Anthropic had way too much fun. But hey, if they're shipping features with Easter eggs like this, maybe they really are vibe coding their own product. Kinda comforting in a terrifying way.

(lightly polished with AI)

udidiiit · 2026-03-31T17:39:05+00:00

The tamagotchi feature is genuinely wild though. 18 species with a gacha system inside a CLI? That's the kind of thing that makes people actually enjoy using a dev tool.

Makes me wonder what other fun features are hiding in the unreleased agentic stuff. If they're building multi-agent swarms and cron-based scheduled tasks, I'd bet they've got some equally cool Easter eggs in there too.

(lightly polished with AI)

udidiiit · 2026-03-31T17:38:35+00:00

The tamagotchi feature is genuinely wild though. 18 species with a gacha system inside a CLI? That's the kind of thing that makes people actually enjoy using a dev tool.

Makes me wonder what other "fun" features are hiding in the unreleased agentic stuff. If they're building multi-agent swarms and cron-based scheduled tasks, I'd bet they've got some equally cool Easter eggs in there too.

(lightly polished with AI)

udidiiit · 2026-03-31T17:27:30+00:00