▲ 0 r/soc2

We launched Avow for SOC 2 prep - OpenAI previewed the GPT-5.6 family - the US partly lifted the Claude export ban

[Avow](https://avow.sh/?ref=tokenlimit.news) is the SOC 2 platform we wished we'd had. We built it after our own SOC 2 Type 2, where the audit passed but the workflow was miserable, and where the incumbents wouldn't even show a price without booking a call. Evidence streams in real time from AWS, GitHub, and Google Workspace, you fix from an action feed instead of a dashboard maze, and your auditor gets a scoped, read-only portal. One framework, done deep. If you are heading into a SOC 2, or staring at a renewal hike from Vanta or Drata, take a look.

[https://tokenlimit.news/we-launched-avow-openai-gpt-5-6-claude-export-ban/\](https://tokenlimit.news/we-launched-avow-openai-gpt-5-6-claude-export-ban/)

reddit.com
u/jeffyaw — 7 days ago

We launched Avow for SOC 2 prep - OpenAI previewed the GPT-5.6 family - the US partly lifted the Claude export ban

Avow is the SOC 2 platform we wished we'd had. We built it after our own SOC 2 Type 2, where the audit passed but the workflow was miserable, and where the incumbents wouldn't even show a price without booking a call. Evidence streams in real time from AWS, GitHub, and Google Workspace, you fix from an action feed instead of a dashboard maze, and your auditor gets a scoped, read-only portal. One framework, done deep. If you are heading into a SOC 2, or staring at a renewal hike from Vanta or Drata, take a look.

https://tokenlimit.news/we-launched-avow-openai-gpt-5-6-claude-export-ban/

reddit.com
u/jeffyaw — 9 days ago

Code with Claude landed - Agent View and Dreaming ship

Code with Claude landed - Agent View and Dreaming ship - OpenAI Realtime API adopts MCP

Five Claude Code releases landed between Monday and Thursday, v2.1.139 through v2.1.143, turning Code with Claude's May 6 conference announcements into working software. Agent View (claude agents) went from announced to a full flag suite in four days. The /goal command shipped alongside it, Rewind got "Summarize up to here", and Fast mode moved from Opus 4.6 to 4.7. The gap between "announced at conference" and "in your terminal" is now measured in days.

Dreaming is the one worth sitting with. The idea: an agent reviews its own sessions between runs, pulls patterns from what worked and what didn't, and writes new memories the next session inherits. Harvey reported a 6x jump in task completion rates. Outcomes is the grading layer underneath it, a separate evaluator that scores output against a written rubric and tells the agent what to fix, with up to 10.1% improvement on task success. Both are available now: Dreaming in research preview, Outcomes and Multiagent Orchestration in public beta.

From us: typed launched this week, a Claude Code-compatible inference alternative with ~44-67% cheaper overages vs. Claude's Extra Usage rates and monthly billing. Claude Code in Production got a 1.0.3 update covering what actually shipped from Code with Claude. And on mcp.hosting: a post on the unpatched SQL injection in u/modelcontextprotocol/server-postgres (21,000+ weekly downloads, read-only bypass), plus a write-up on an alternative to the official AWS MCP server.

tokenlimit.news
u/jeffyaw — 2 months ago
▲ 2 r/platform_engineering+2 crossposts

alternative to the official AWS MCP server, npm-only, local, with a device-code SSO re-login flow

AWS shipped their official MCP server to GA last week (mcp-proxy-for-aws). I'd been building u/yawlabs before that and kept going, because it solves a few things differently. Posting here because if you're pairing AWS with an AI assistant, the tradeoffs are worth knowing.

What u/yawlabs does differently:

- Node/npm-only. No Python, no uv. 'npx -y u/yawlabs' and you're done.

- SSO re-login that works on Windows. When your token expires mid-session,

'aws sso login' tries to pop a browser from a subprocess and on Windows that

handoff drops silently. This uses the --no-browser device-code flow: the

assistant shows you a URL and a short code, you click once, done.

- Generic CRUD across hundreds of resource types via Cloud Control API, with

dry-run diffs before you apply an update.

- Multi-region fan-out in one call.

- IAM pre-flight checks - simulate whether a principal can do an action before

you attempt it and eat a 403.

What I borrowed from the official server (credit where due):

- aws_script is the same idea as their run_script - a sandboxed scripting tool

for batching N calls into one round-trip. Theirs is Python server-side; mine

is JS-native and runs locally.

- aws_docs_search / aws_docs_read exist to match their search_documentation /

read_documentation.

Where the official server wins: AWS-team-curated skills, days-fresh API coverage

via their hosted endpoint, and a Python sandbox if that's your language.

Repo, with a full comparison table in the README:

https://github.com/YawLabs/aws-mcp

Happy to answer questions or have holes poked.

github.com
u/jeffyaw — 1 month ago
▲ 5 r/lemonsqueezy+1 crossposts

I built a LemonSqueezy MCP server with optional production guardrails (v0.8.1)

I run a small SaaS on LemonSqueezy and got tired of clicking around the dashboard every time I wanted to check MRR, refund an order, or disable a license key. So I built an MCP server that wraps the LemonSqueezy API into 61 tools and exposes them to Claude, Cursor, VS Code, or any other MCP-compatible assistant.

The interesting bit isn't the API mirror -- there are a few of those already. It's the guardrails. Letting an LLM call refund_order against a live store is the kind of thing that gives ops people heart attacks, so the server has opt-in env vars for: a store allowlist, a per-call refund cap (rejects above N cents before the HTTP call), a destructive-call rate limit, and a parent-filter check so a list-tool without store_id can't silently return cross-store data.

A few other things I'm proud of:

- Zero runtime dependencies. The published bundle is one file (~1.2 MB), so npx u/yawlabs cold-starts in a second.

- Audit log with four levels (off, error, audit, all), plus the audit trail is exposed as an MCP Resource (lemonsqueezy://audit-log) for clients that prefer structural retrieval over parsing stderr.

- Secret-shaped fields are redacted from audit-log inputs even though no destructive tool today accepts a secret -- defense in depth, costs nothing.

- 401/403 from upstream auto-invalidates the in-process API key cache, so a key rotation takes effect on the next request, not after the 1h TTL.

- npm publish has provenance attestation. Nightly integration tests against a real test store catch upstream schema drift.

Install (npm):

npx u/yawlabs

There's also a Dockerfile + Containerfile if you want it bundled.

Honest limits:

- The store allowlist only gates tools that accept storeId directly. Tools that route by their own resource ID (refunds, cancels, archive) still need a LemonSqueezy API key scoped to the right store -- that's the only authoritative boundary. README's "Operating the server unattended" section spells out the recommended layered config.

- Stdio transport only. If you want HTTP/SSE, look at Pipedream or Zapier's hosted MCPs (different deployment model).

- I know LemonSqueezy isn't Stripe-sized -- this is a niche tool for niche users. Posting in case you're one.

Code, README, full tool list, and the SEMVER policy:

https://github.com/YawLabs/lemonsqueezy-mcp

npm:

https://www.npmjs.com/package/@yawlabs/lemonsqueezy-mcp

Happy to take feedback on the guardrail surface, the audit log shape, or anything else. If there's a LemonSqueezy operation I missed (the License API side is in there too: activate/validate/deactivate), open an issue.

github.com
u/jeffyaw — 2 months ago

Yaw Terminal - Claude Code, Multi-Pane, Broadcast Mode, Restore Tab

First demo of Yaw Terminal - a desktop terminal built for people who already live in Claude Code (or want to).

What's in the video:
- Multi-pane: one CC session per pane, all visible at once
- Broadcast mode: type once, send the same input to every pane (great
for /fast, /model, /clear, or any prompt you want to fan out across
parallel agents)
- Restore tab: closed a session by mistake? Bring it back with ease!
- The flow of running 3-5 Claude Code agents in parallel without
losing your place

For Claude Code power users who've outgrown one-session-per-tab.

youtube.com
u/jeffyaw — 2 months ago

typed Is Live: Drop-in Claude Code Fallback, Cheaper Overage

Today we're launching typed - an AI coding service that speaks the Anthropic API. If you use Claude Code, Cursor, Cline, or any Anthropic-compatible client, you can switch to typed by setting three environment variables. Pricing matches Claude Pro and Claude Max 5x exactly. Overage costs 44-67% less than Claude's Extra Usage on Sonnet or Opus. Billing is monthly, with no 5-hour reset windows.

typed runs a different model than Claude under the hood. Most coding workflows feel identical; the migration page calls out where they don't.

yaw.sh
u/jeffyaw — 2 months ago

Code w/ Claude doubled Claude Code's rate limits - AWS MCP Server hit GA the same day - we shipped two more Production books

This was a reset week on AI coding infrastructure - the kind that moves defaults, not just feature flags.

Tuesday May 6 was Code w/ Claude in San Francisco. Anthropic doubled Claude Code's 5-hour rate limit for Pro, Max, Team, and Enterprise, and removed the peak-hours penalty entirely. Opus 4.7 was confirmed generally available at the same pricing as 4.6. Managed Agents picked up multi-agent orchestration, outcome targets, and "Dreaming" - a cross-session memory loop where the model reviews finished sessions and writes new memories before the next one starts. The capacity story is bigger than the model story: Anthropic announced it is taking the entirety of SpaceX's Colossus 1 in Memphis, 300MW and roughly 220,000 NVIDIA GPUs, which is what funds the rate-limit doubling.

The same Tuesday AWS announced the AWS MCP Server going GA - free, IAM-gated, with sandboxed Python execution against any AWS API. MCP just crossed from research moment to default cloud primitive. The hygiene chapter showed up alongside it: CVE-2026-33032 (CVSS 9.8) lets unauthenticated attackers take over nginx-UI MCP endpoints, and a separate design flaw in the MCP STDIO transport allows arbitrary OS command execution with up to ~200,000 servers in scope.

tokenlimit.news
u/jeffyaw — 2 months ago
▲ 35 r/platform_engineering+4 crossposts

Tailscale MCP server - open source, actively maintained

Was getting annoyed with the low level support from claude code with tailscale and constantly battling with the api. Built this mcp server and things are really nice. Am actively maintaining this and using it every day to make sure it's always production ready. Seems to have the most active api support from any of the other tailscale mcp servers that I've seen. PRs welcome!

github.com
u/jeffyaw — 1 month ago