storybloq's approach to using fable efficiently: it plans and reviews, opus implements in parallel

storybloq's approach to using fable efficiently: it plans and reviews, opus implements in parallel

A couple of months ago I posted about storybloq, a session manager for Claude Code that I built. It keeps your project state (tickets, issues, handovers, notes, lessons) as plain files in a .story/ folder in your repo, so a new session picks up where the last one left off instead of starting from zero.

Using Fable to write out every implementation is a waste.
Fable should do to the thinking: the plan, the spec, and the review.

So in Storybloq's orchestration you can do that.
Fable plans the work, turns each backlog item into a full spec, and holds the review gates, then hands the implementation to a fleet opus agents running in parallel.
You get fable's judgment on every decision without paying fable rates to type out the code.

That is the core of what shipped today, orchestration. You point it at your backlog and fable drives the opus agents through it, with a plan review before any code is written and a review of the actual diff before it ships.

Two other things make this hold up on a real project.

Federation, for multi-repo setups.
If your app is more than one repo (backend, client, a shared package), storybloq reads across all of them: what is blocked on what, what to work on next across the whole system instead of one repo at a time.
If you work across repos I really recommend it. It is the change I use most.

Team mode.
Several people and their agents can share one .story/ backlog through git without clobbering each other. Concurrent edits to the same file merge field by field instead of leaving conflict markers, and it tracks who is working what so two agents do not grab the same item.

Put together: set up a multi-repo backlog in storybloq, break down your project into tickets and phases in a roadmap, then let fable drive opus agents through the items in parallel, gated on the plan and the diff.

Free to try, source-available on npm
npm install -g u/storybloq/storybloq.

Built with Claude Code.

github.com
u/LastNameOn — 2 hours ago

Employer asked me to delete a personal LinkedIn post about my free open-source side project. Is complying risky?

I'm a salaried employee in BC. On my own time I built a software side project that is free and open source, unrelated to my employer's work, and I posted about it on my personal LinkedIn.

I recently had a contentious formal meeting with HR and a manager. The matter is unresolved and I believe the relationship is now adversarial. A few days later, the same individuals who were in that meeting emailed me asking me to remove the post, citing an internal policy.

My read is that they're looking for reasons to build a case against me, and this feels like part of that. My questions:

  1. If I comply and delete the post, does that act as any kind of admission or waiver that could weaken my position in the broader dispute?
  2. Are there legal limits on an employer requiring removal of personal, off-hours content that is unrelated to my job and not commercial?
  3. Should I preserve a record of the post and the request before deleting anything?

I want to understand my position before I respond. Thanks

reddit.com
u/LastNameOn — 9 days ago
▲ 1.1k r/ExploitDev+2 crossposts

Claude Opus caught malware hidden in my repo, then reverse engineered the whole thing

I had Claude Code, running Opus, doing some branch consolidation across my repos. It was driving the git operations itself. When it went to merge one branch it stopped, told me the incoming commit contained malware, and refused to merge or build it. Then it reverse engineered the payload without executing it. Full breakdown and indicators below.

What it caught

A single obfuscated block appended to next.config.js, after module.exports. Next.js runs that file on every build, including CI, so it would have executed on the next build anywhere.
Claude identified it from the diff, before anything ran, as an EtherHiding loader.

How it got in

We brought on a contractor through Upwork who was pushing legitimate changes to our repos, normal collaboration. At some point their development machine got infected. We cannot forensically confirm the exact entry point on a machine that is not ours, but the usual way into this campaign is a malicious npm package that runs code on install, so that is the most likely vector.

Here is the nasty part. The malware self propagates. On an infected machine it quietly reads the cached git credentials already sitting there and pushes into whatever repos that developer can write to. It did not arrive as an obvious new commit either. It force pushed over the branch and disguised the payload as a normal commit from me, the repo owner. It put my name and email on it, reused the exact message of a real commit of mine, and kept that commit's date so it looked like it had been in history for a week rather than freshly pushed.

How the malware works

EtherHiding hides the payload on public blockchains, which makes it nearly impossible to take down.

  1. The loader carries no payload. At runtime it reads a transaction hash from an attacker controlled TRON account, with Aptos as fallback.

  2. It uses that hash to fetch the real code from a transaction's calldata on BNB Smart Chain via public RPC.

  3. The code is XOR encrypted with a hardcoded key and decoded only in memory. Nothing malicious touches disk.

  4. Stage one runs inside the build. Stage two launches as a detached, hidden, persistent process.

The payload is an infostealer: environment variables, npm and GitHub tokens, SSH keys, browser sessions and cookies, crypto wallets.

Attribution

The command and control server is 198.105.127.210, on ports 80 and 443, hosted on a budget VPS from Evoxt Enterprise (AS149440). The on-chain dead drops are attacker controlled. The technique is tracked publicly: Mandiant labels the EtherHiding actor UNC5142, and Malwarebytes reported a related stealer as Omnistealer. The operators are not publicly identified.

Indicators of compromise

Dropper
  next.config.js with an obfuscated block appended after module.exports
  SHA-256: e27abe7e810c79d71e8c1681ccd010d7ddbda6a9a34bf1124ba392a36ba9b476
  In-process markers: global.i / global._V set to "8-4827" (also seen "8-4826")
  Globals it sets: _t_s _t_u _t_0 _t_1 _t_2 _t_c _t_t _p_t _R

Command and control
  198.105.127.210   (ports 80 and 443, plain HTTP)
  Host: Evoxt Enterprise, AS149440

Network indicators (a Next.js build has no reason to contact any of these)
  api.trongrid.io
  fullnode.mainnet.aptoslabs.com
  bsc-dataseed.binance.org
  bsc-rpc.publicnode.com

Blockchain dead drops (payload pointers and storage)
  TRON:  TCqf6ZkaQD84vYsC2cuu1jRwB6JveTaRrF
         TFMryB9m6d4kBMRjEVyFRbqKSV1cV2NcpH
         TA48dct6rFW8BXsiLAtjFaVFoSuryMjD3v
  Aptos: 0x9d202c824402ca89e9aaccd2390b6f8b332ae743caa1469c695feb2781d56519
         0x3d2075f97b7b1e3234bd653779d21c605d7d8c6ec9c98d983880be5c7f4f9471
         0x533b2dbcaeff19cd1f799234a27b578d713d8fcaa341b7501e4526106483e0b1
  BSC payload txs:
         0x5ab85abe6c67adb94322e5700a36915c38d1db1e604920da8aa4fcb530408af0
         0xbcc976e1c8f3dfd93e146ff424836a9635ab36d991a54675635d7fdf30e60616
         0xb6c725890be6890fd2c735eedc47e24b85a350301f6c19a3864e43c35e470968

XOR keys
  Stage 1: 2[gWfGj;<:-93Z^C
  Stage 2: m6:tTh^D)cBz?NM]

Check your side

Look in next.config.js, postcss.config.js, and similar for anything after the normal exports. Watch build and CI egress for connections to TRON, Aptos, or BSC, since a web build has no reason to reach a blockchain. If you find it, rotate every secret reachable from that build and treat the pushing machine as compromised.

The point

Bring fable back. and stop flagging everything as a threat.
More capable LLMs make us all safer.

It took a few hours and lots of fighting with requests being flagged to figure out what happened and which repos it affects (there were a few).

u/Jenna_AI — 12 days ago

Claude got FAST today

Anyone else noticed how fast claude got all of a sudden?

u/LastNameOn — 2 months ago

What it is:

Storybloq, a native macOS companion for AI coding sessions.

If you use Claude Code (Anthropic's CLI), the agent leaves a trail of tickets, issues, handovers, and notes inside your repo as JSON and markdown. Storybloq watches that folder and gives it a real UI.

What you actually see:

- A live kanban that flips the second the AI updates a ticket

- Backlog, roadmap, and a session timeline built from handovers

- Notes view for brainstorming

- The Claude Code terminal embedded in the same window so the board and the agent share a screen

Mac specifics:

- SwiftUI + AppKit, native, no Electron

- Sandboxed, signed, auto-updates through the App Store

- macOS 14+ (Apple Silicon and Intel)

- Free, open source CLI, no account, no paid tier

App Store: https://apps.apple.com/us/app/storybloq/id6761348691

GitHub (CLI source): https://github.com/Storybloq/storybloq

Website: https://www.storybloq.com

Disclosure: I built it solo. Wrote the Swift app and the CLI in Claude Code itself, used the framework on its own development.

Open to feedback on the UI especially.

u/LastNameOn — 2 months ago
▲ 100 r/ClaudeCode+1 crossposts

Follow up to my .story/ post last week. The Mac companion is now live on the Mac App Store, free.

App Store: https://apps.apple.com/us/app/storybloq/id6761348691

Quick recap if you missed the original.
Storybloq is a project tracker that lives in .story/ inside your repo.

Tickets, issues, roadmap phases, lessons, session handovers. All JSON and markdown, editable in any text editor, git-trackable. The CLI and MCP server expose it to Claude Code so /story loads everything at session start.

The Mac app is the visual side. It watches .story/ while Claude works.

What you get with the Mac app:

- Your full backlog at a glance. What's left, what's in progress, what to work on next.

- A live kanban so you see status flip the second Claude updates a ticket.

- A project timeline generated from your session handovers.

- Notes you can view and edit, for brainstorming.

- Autonomous session statuses if you use the autonomous feature.

- The Claude Code terminal embedded in the same window, so the agent and the board share a screen.

It's sandboxed and signed by Apple, auto-updates through the App Store, and runs on macOS 14+ (Apple Silicon and Intel).

Built with Claude:

The Mac app (Swift / SwiftUI) and the CLI / MCP server (TypeScript) were both written in Claude Code using this same framework. The workspace's .story/ has tracked every ticket and session handover across the build.

Around 580 tickets and 260 handovers so far. Claude wrote the code, ran review rounds with Codex through MCP, fixed the findings, and shipped the App Store submission.

The framework is its own longest-running test case.

Links:

- App Store: https://apps.apple.com/us/app/storybloq/id6761348691

- GitHub (CLI and MCP source): https://github.com/Storybloq/storybloq

Disclosure: I built it. Free, open source, no account, no paid tier, no referral links.

Curious how people running multi-project Claude Code work are laying this out.

Embedded terminal next to the board, or terminal in a separate window? The inline layout has been cutting that "wait, what was I doing?" moment when switching between projects, but I'd love to hear what others have settled on.

u/LastNameOn — 2 months ago
▲ 140 r/ClaudeAI

Follow up to my .story/ post last week. The Mac companion is now live on the Mac App Store, free.

App Store: https://apps.apple.com/us/app/storybloq/id6761348691

Quick recap if you missed the original.
Storybloq is a project tracker that lives in .story/ inside your repo.

Tickets, issues, roadmap phases, lessons, session handovers. All JSON and markdown, editable in any text editor, git-trackable. The CLI and MCP server expose it to Claude Code so /story loads everything at session start.

The Mac app is the visual side. It watches .story/ while Claude works.

What you get with the Mac app:

- Your full backlog at a glance. What's left, what's in progress, what to work on next.

- A live kanban so you see status flip the second Claude updates a ticket.

- A project timeline generated from your session handovers.

- Notes you can view and edit, for brainstorming.

- Autonomous session statuses if you use the autonomous feature.

- The Claude Code terminal embedded in the same window, so the agent and the board share a screen.

It's sandboxed and signed by Apple, auto-updates through the App Store, and runs on macOS 14+ (Apple Silicon and Intel).

Built with Claude:

The Mac app (Swift / SwiftUI) and the CLI / MCP server (TypeScript) were both written in Claude Code using this same framework. The workspace's .story/ has tracked every ticket and session handover across the build.

Around 580 tickets and 260 handovers so far. Claude wrote the code, ran review rounds with Codex through MCP, fixed the findings, and shipped the App Store submission.

The framework is its own longest-running test case.

Links:

- App Store: https://apps.apple.com/us/app/storybloq/id6761348691

- Mac page: https://storybloq.com/mac

- GitHub (CLI and MCP source): https://github.com/Storybloq/storybloq

Disclosure: I built it. Free, open source, no account, no paid tier, no referral links.

Curious how people running multi-project Claude Code work are laying this out.

Embedded terminal next to the board, or terminal in a separate window? The inline layout has been cutting that "wait, what was I doing?" moment when switching between projects, but I'd love to hear what others have settled on.

u/LastNameOn — 2 months ago