meta is killing AI agents on WhatsApp

If you have not heard, meta is basically killing agents on whatsapp.

Starting from October they will charge ~1 cent per message, regardless if the user initiated contact or not, or if it's mid conversation or not.

This makes many businesses that run agents unviable, or increase the cost to end consumers.

I'm trying to come up with alternatives.

Alice&Bot is a free and open source WhatsApp clone targeted at ending the monopolies of whatsapp and telegram.

Supergreen is a service that allows you to turn normal whatsapp accounts into an API.

If you care about IM freedom, check out these projects.

reddit.com
u/uriwa — 3 days ago

Natural-Language Testing for AI Agents (using simulated isolates)

When you run AI agents in production, they constantly encounter unexpected situations.

Over time, you extend your system prompt and tools to handle these edge cases. That's a natural part of building agents.

The problem is that prompts and tools, unlike code, are notoriously difficult to test. Imagine a 10,000-token prompt full of carefully engineered instructions and tool descriptions. Is your latest change strong enough? Is it too broad? Too distracting? You might tweak a single word to fix one issue, only to accidentally break five other behaviors.

To handle this we built a robust, side-effect-free, multi-turn testing system directly into the platform.

Here's how it works.

Imagine a simple pizza ordering bot in NYC. Initially, it's configured to deliver only to Manhattan and Brooklyn. You update its prompt to include Queens, but you want to guarantee the agent now correctly tells users that Queens is supported.

Instead of writing brittle mocks for your database, payment, or other custom tools, the testing environment automatically intercepts every tool call and replaces your handlers with an AI-powered simulator. The simulator reads each tool's description, parameters, and the conversation history to generate realistic, context-aware responses on the fly.

You define the test with a single natural-language assertion:

"When asked where you deliver, the agent should explain that we ship to Manhattan, Brooklyn, and Queens."

From that single sentence, prompt2bot automatically generates an entire multi-turn simulation:

  1. an initial user message (for example, "Where do you deliver?")
  2. a user simulator persona (such as a customer in Queens trying to place an order)
  3. a semantic evaluation rule that determines whether the agent behaved correctly

The simulation runs end-to-end. The agent interacts with the simulated tools, while the semantic judge evaluates every turn. If the assertion is violated at any point, the test immediately fails and returns the exact offending message along with an explanation.

This gives you confidence that prompt changes fix the intended behavior without introducing unintended regressions.

Because the testing system is exposed through a first-class API, you can run simulations locally, from the terminal, or automatically in your GitHub Actions CI pipeline, keeping deployments fully automated.

As a bonus, you don't even have to write the test yourself. You can simply ask:

"Test that agent X responds with Y when asked Z."

The builder generates and runs the simulation for you.

And, of course, tests can be as simple or as sophisticated as you need—they can span many turns, involve complex tool-calling workflows, and validate nuanced agent behavior.

Now we can sleep a bit better.

reddit.com
u/uriwa — 7 days ago

Natural-Language Testing for AI Agents (using simulated isolates)

When you run AI agents in production, they constantly encounter unexpected situations.

Over time, you extend your system prompt and tools to handle these edge cases. That's a natural part of building agents.

The problem is that prompts and tools, unlike code, are notoriously difficult to test. Imagine a 10,000-token prompt full of carefully engineered instructions and tool descriptions. Is your latest change strong enough? Is it too broad? Too distracting? You might tweak a single word to fix one issue, only to accidentally break five other behaviors.

To handle this we built a robust, side-effect-free, multi-turn testing system directly into the platform.

Here's how it works.

Imagine a simple pizza ordering bot in NYC. Initially, it's configured to deliver only to Manhattan and Brooklyn. You update its prompt to include Queens, but you want to guarantee the agent now correctly tells users that Queens is supported.

Instead of writing brittle mocks for your database, payment, or other custom tools, the testing environment automatically intercepts every tool call and replaces your handlers with an AI-powered simulator. The simulator reads each tool's description, parameters, and the conversation history to generate realistic, context-aware responses on the fly.

You define the test with a single natural-language assertion:

"When asked where you deliver, the agent should explain that we ship to Manhattan, Brooklyn, and Queens."

From that single sentence, prompt2bot automatically generates an entire multi-turn simulation:

  1. an initial user message (for example, "Where do you deliver?")
  2. a user simulator persona (such as a customer in Queens trying to place an order)
  3. a semantic evaluation rule that determines whether the agent behaved correctly

The simulation runs end-to-end. The agent interacts with the simulated tools, while the semantic judge evaluates every turn. If the assertion is violated at any point, the test immediately fails and returns the exact offending message along with an explanation.

This gives you confidence that prompt changes fix the intended behavior without introducing unintended regressions.

Because the testing system is exposed through a first-class API, you can run simulations locally, from the terminal, or automatically in your GitHub Actions CI pipeline, keeping deployments fully automated.

As a bonus, you don't even have to write the test yourself. You can simply ask:

"Test that agent X responds with Y when asked Z."

The builder generates and runs the simulation for you.

And, of course, tests can be as simple or as sophisticated as you need—they can span many turns, involve complex tool-calling workflows, and validate nuanced agent behavior.

Now we can sleep a bit better.

reddit.com
u/uriwa — 7 days ago

Natural-Language Testing for AI Agents (using simulated isolates)

When you run AI agents in production, they constantly encounter unexpected situations.

Over time, you extend your system prompt and tools to handle these edge cases. That's a natural part of building agents.

The problem is that prompts and tools, unlike code, are notoriously difficult to test. Imagine a 10,000-token prompt full of carefully engineered instructions and tool descriptions. Is your latest change strong enough? Is it too broad? Too distracting? You might tweak a single word to fix one issue, only to accidentally break five other behaviors.

To handle this we built a robust, side-effect-free, multi-turn testing system directly into the platform.

Here's how it works.

Imagine a simple pizza ordering bot in NYC. Initially, it's configured to deliver only to Manhattan and Brooklyn. You update its prompt to include Queens, but you want to guarantee the agent now correctly tells users that Queens is supported.

Instead of writing brittle mocks for your database, payment, or other custom tools, the testing environment automatically intercepts every tool call and replaces your handlers with an AI-powered simulator. The simulator reads each tool's description, parameters, and the conversation history to generate realistic, context-aware responses on the fly.

You define the test with a single natural-language assertion:

"When asked where you deliver, the agent should explain that we ship to Manhattan, Brooklyn, and Queens."

From that single sentence, prompt2bot automatically generates an entire multi-turn simulation:

  1. an initial user message (for example, "Where do you deliver?")
  2. a user simulator persona (such as a customer in Queens trying to place an order)
  3. a semantic evaluation rule that determines whether the agent behaved correctly

The simulation runs end-to-end. The agent interacts with the simulated tools, while the semantic judge evaluates every turn. If the assertion is violated at any point, the test immediately fails and returns the exact offending message along with an explanation.

This gives you confidence that prompt changes fix the intended behavior without introducing unintended regressions.

Because the testing system is exposed through a first-class API, you can run simulations locally, from the terminal, or automatically in your GitHub Actions CI pipeline, keeping deployments fully automated.

As a bonus, you don't even have to write the test yourself. You can simply ask:

"Test that agent X responds with Y when asked Z."

The builder generates and runs the simulation for you.

And, of course, tests can be as simple or as sophisticated as you need—they can span many turns, involve complex tool-calling workflows, and validate nuanced agent behavior.

Now we can sleep a bit better.

reddit.com
u/uriwa — 7 days ago

Natural-Language Testing for AI Agents (using simulated isolates)

tldr: we now allow agent builders to simulate conversations to test our agents using natural language prompts.


When you run AI agents in production, they constantly encounter unexpected situations.

Over time, you extend your system prompt and tools to handle these edge cases. That's a natural part of building agents.

The problem is that prompts and tools, unlike code, are notoriously difficult to test. Imagine a 10,000-token prompt full of carefully engineered instructions and tool descriptions. Is your latest change strong enough? Is it too broad? Too distracting? You might tweak a single word to fix one issue, only to accidentally break five other behaviors.

To handle this we built a robust, side-effect-free, multi-turn testing system directly into the platform.

Here's how it works.

Imagine a simple pizza ordering bot in NYC. Initially, it's configured to deliver only to Manhattan and Brooklyn. You update its prompt to include Queens, but you want to guarantee the agent now correctly tells users that Queens is supported.

Instead of writing brittle mocks for your database, payment, or other custom tools, the testing environment automatically intercepts every tool call and replaces your handlers with an AI-powered simulator. The simulator reads each tool's description, parameters, and the conversation history to generate realistic, context-aware responses on the fly.

You define the test with a single natural-language assertion:

"When asked where you deliver, the agent should explain that we ship to Manhattan, Brooklyn, and Queens."

From that single sentence, prompt2bot automatically generates an entire multi-turn simulation:

  1. an initial user message (for example, "Where do you deliver?")
  2. a user simulator persona (such as a customer in Queens trying to place an order)
  3. a semantic evaluation rule that determines whether the agent behaved correctly

The simulation runs end-to-end. The agent interacts with the simulated tools, while the semantic judge evaluates every turn. If the assertion is violated at any point, the test immediately fails and returns the exact offending message along with an explanation.

This gives you confidence that prompt changes fix the intended behavior without introducing unintended regressions.

Because the testing system is exposed through a first-class API, you can run simulations locally, from the terminal, or automatically in your GitHub Actions CI pipeline, keeping deployments fully automated.

As a bonus, you don't even have to write the test yourself. You can simply ask:

"Test that agent X responds with Y when asked Z."

The builder generates and runs the simulation for you.

And, of course, tests can be as simple or as sophisticated as you need—they can span many turns, involve complex tool-calling workflows, and validate nuanced agent behavior.

Now we can sleep a bit better.

reddit.com
u/uriwa — 7 days ago

Natural-Language Testing for AI Agents (using simulated isolates)

tldr: we now allow agent builders to simulate conversations to test our agents using natural language prompts.


When you run AI agents in production, they constantly encounter unexpected situations.

Over time, you extend your system prompt and tools to handle these edge cases. That's a natural part of building agents.

The problem is that prompts and tools, unlike code, are notoriously difficult to test. Imagine a 10,000-token prompt full of carefully engineered instructions and tool descriptions. Is your latest change strong enough? Is it too broad? Too distracting? You might tweak a single word to fix one issue, only to accidentally break five other behaviors.

To handle this we built a robust, side-effect-free, multi-turn testing system directly into the platform.

Here's how it works.

Imagine a simple pizza ordering bot in NYC. Initially, it's configured to deliver only to Manhattan and Brooklyn. You update its prompt to include Queens, but you want to guarantee the agent now correctly tells users that Queens is supported.

Instead of writing brittle mocks for your database, payment, or other custom tools, the testing environment automatically intercepts every tool call and replaces your handlers with an AI-powered simulator. The simulator reads each tool's description, parameters, and the conversation history to generate realistic, context-aware responses on the fly.

You define the test with a single natural-language assertion:

"When asked where you deliver, the agent should explain that we ship to Manhattan, Brooklyn, and Queens."

From that single sentence, prompt2bot automatically generates an entire multi-turn simulation:

  1. an initial user message (for example, "Where do you deliver?")
  2. a user simulator persona (such as a customer in Queens trying to place an order)
  3. a semantic evaluation rule that determines whether the agent behaved correctly

The simulation runs end-to-end. The agent interacts with the simulated tools, while the semantic judge evaluates every turn. If the assertion is violated at any point, the test immediately fails and returns the exact offending message along with an explanation.

This gives you confidence that prompt changes fix the intended behavior without introducing unintended regressions.

Because the testing system is exposed through a first-class API, you can run simulations locally, from the terminal, or automatically in your GitHub Actions CI pipeline, keeping deployments fully automated.

As a bonus, you don't even have to write the test yourself. You can simply ask:

"Test that agent X responds with Y when asked Z."

The builder generates and runs the simulation for you.

And, of course, tests can be as simple or as sophisticated as you need—they can span many turns, involve complex tool-calling workflows, and validate nuanced agent behavior.

Now we can sleep a bit better.

reddit.com
u/uriwa — 7 days ago

Natural-Language Testing for AI Agents (using simulated isolates)

tldr: we now allow agent builders to simulate conversations to test our agents using natural language prompts.


When you run AI agents in production, they constantly encounter unexpected situations.

Over time, you extend your system prompt and tools to handle these edge cases. That's a natural part of building agents.

The problem is that prompts and tools, unlike code, are notoriously difficult to test. Imagine a 10,000-token prompt full of carefully engineered instructions and tool descriptions. Is your latest change strong enough? Is it too broad? Too distracting? You might tweak a single word to fix one issue, only to accidentally break five other behaviors.

To handle this we built a robust, side-effect-free, multi-turn testing system directly into the platform.

Here's how it works.

Imagine a simple pizza ordering bot in NYC. Initially, it's configured to deliver only to Manhattan and Brooklyn. You update its prompt to include Queens, but you want to guarantee the agent now correctly tells users that Queens is supported.

Instead of writing brittle mocks for your database, payment, or other custom tools, the testing environment automatically intercepts every tool call and replaces your handlers with an AI-powered simulator. The simulator reads each tool's description, parameters, and the conversation history to generate realistic, context-aware responses on the fly.

You define the test with a single natural-language assertion:

"When asked where you deliver, the agent should explain that we ship to Manhattan, Brooklyn, and Queens."

From that single sentence, prompt2bot automatically generates an entire multi-turn simulation:

  1. an initial user message (for example, "Where do you deliver?")
  2. a user simulator persona (such as a customer in Queens trying to place an order)
  3. a semantic evaluation rule that determines whether the agent behaved correctly

The simulation runs end-to-end. The agent interacts with the simulated tools, while the semantic judge evaluates every turn. If the assertion is violated at any point, the test immediately fails and returns the exact offending message along with an explanation.

This gives you confidence that prompt changes fix the intended behavior without introducing unintended regressions.

Because the testing system is exposed through a first-class API, you can run simulations locally, from the terminal, or automatically in your GitHub Actions CI pipeline, keeping deployments fully automated.

As a bonus, you don't even have to write the test yourself. You can simply ask:

"Test that agent X responds with Y when asked Z."

The builder generates and runs the simulation for you.

And, of course, tests can be as simple or as sophisticated as you need—they can span many turns, involve complex tool-calling workflows, and validate nuanced agent behavior.

Now we can sleep a bit better.

reddit.com
u/uriwa — 7 days ago
▲ 5 r/AgentsOfAI+2 crossposts

Natural-Language Testing for AI Agents (using simulated isolates)

u/uriwa — 7 days ago

Why custom split-screen UIs and walled gardens won't win the AI agent race

Walled-garden AI coding platforms like base44 and lovable are impressive. They give you a neat split-screen UI where you click a button and watch a web app get built.

But they have a major flaw: lock-in.

If you build your app inside their custom infrastructure, you are bound to their way of coding, their deployment pipelines, and their feature roadmap. If you need a specific capability they haven't built yet, you are stuck waiting for a corporate release cycle.

That is not how developers actually want to work. We want the richness of the global open-source community, not a walled garden.

This is why general-purpose agents like Claude Code, Antigravity, or prompt2bot will win. They operate directly on your codebase, with your tooling, on your own terms.

There is a trade-off, of course. The experience with general-purpose agents is less neat. Instead of a beautiful split-screen dashboard, you are often interacting through a simple terminal or a chat interface on Telegram or WhatsApp.

Personally, I prefer this. Split-screen views are distracting. I don't have the attention span to watch a screen rebuild itself while also trying to think about the next instruction. A single chat channel or terminal window lets you focus on one thing.

The future of software development isn't customized, proprietary IDEs that build apps on hidden infrastructure. It is general-purpose agents that run wherever you already are.

What do you think? Are you leaning toward specialized platforms or general-purpose terminal/chat-based agents?

reddit.com
u/uriwa — 13 days ago

Why custom split-screen UIs and walled gardens won't win the AI agent race

Walled-garden AI coding platforms like base44 and lovable are impressive. They give you a neat split-screen UI where you click a button and watch a web app get built.

But they have a major flaw: lock-in.

If you build your app inside their custom infrastructure, you are bound to their way of coding, their deployment pipelines, and their feature roadmap. If you need a specific capability they haven't built yet, you are stuck waiting for a corporate release cycle.

That is not how developers actually want to work. We want the richness of the global open-source community, not a walled garden.

This is why general-purpose agents like Claude Code, Antigravity, or prompt2bot will win. They operate directly on your codebase, with your tooling, on your own terms.

There is a trade-off, of course. The experience with general-purpose agents is less neat. Instead of a beautiful split-screen dashboard, you are often interacting through a simple terminal or a chat interface on Telegram or WhatsApp.

Personally, I prefer this. Split-screen views are distracting. I don't have the attention span to watch a screen rebuild itself while also trying to think about the next instruction. A single chat channel or terminal window lets you focus on one thing.

The future of software development isn't customized, proprietary IDEs that build apps on hidden infrastructure. It is general-purpose agents that run wherever you already are.

What do you think? Are you leaning toward specialized platforms or general-purpose terminal/chat-based agents?

reddit.com
u/uriwa — 13 days ago

Why custom split-screen UIs and walled gardens won't win the AI agent race

Walled-garden AI coding platforms like base44 and lovable are impressive. They give you a neat split-screen UI where you click a button and watch a web app get built.

But they have a major flaw: lock-in.

If you build your app inside their custom infrastructure, you are bound to their way of coding, their deployment pipelines, and their feature roadmap. If you need a specific capability they haven't built yet, you are stuck waiting for a corporate release cycle.

That is not how developers actually want to work. We want the richness of the global open-source community, not a walled garden.

This is why general-purpose agents like Claude Code, Antigravity, or prompt2bot will win. They operate directly on your codebase, with your tooling, on your own terms.

There is a trade-off, of course. The experience with general-purpose agents is less neat. Instead of a beautiful split-screen dashboard, you are often interacting through a simple terminal or a chat interface on Telegram or WhatsApp.

Personally, I prefer this. Split-screen views are distracting. I don't have the attention span to watch a screen rebuild itself while also trying to think about the next instruction. A single chat channel or terminal window lets you focus on one thing.

The future of software development isn't customized, proprietary IDEs that build apps on hidden infrastructure. It is general-purpose agents that run wherever you already are.

What do you think? Are you leaning toward specialized platforms or general-purpose terminal/chat-based agents?

reddit.com
u/uriwa — 13 days ago

Why custom split-screen UIs and walled gardens won't win the AI agent race

Walled-garden AI coding platforms like base44 and lovable are impressive. They give you a neat split-screen UI where you click a button and watch a web app get built.

But they have a major flaw: lock-in.

If you build your app inside their custom infrastructure, you are bound to their way of coding, their deployment pipelines, and their feature roadmap. If you need a specific capability they haven't built yet, you are stuck waiting for a corporate release cycle.

That is not how developers actually want to work. We want the richness of the global open-source community, not a walled garden.

This is why general-purpose agents like Claude Code, Antigravity, or prompt2bot will win. They operate directly on your codebase, with your tooling, on your own terms.

There is a trade-off, of course. The experience with general-purpose agents is less neat. Instead of a beautiful split-screen dashboard, you are often interacting through a simple terminal or a chat interface on Telegram or WhatsApp.

Personally, I prefer this. Split-screen views are distracting. I don't have the attention span to watch a screen rebuild itself while also trying to think about the next instruction. A single chat channel or terminal window lets you focus on one thing.

The future of software development isn't customized, proprietary IDEs that build apps on hidden infrastructure. It is general-purpose agents that run wherever you already are.

What do you think? Are you leaning toward specialized platforms or general-purpose terminal/chat-based agents?

reddit.com
u/uriwa — 13 days ago

Why custom split-screen UIs and walled gardens won't win the AI agent race

Walled-garden AI coding platforms like base44 and lovable are impressive. They give you a neat split-screen UI where you click a button and watch a web app get built.

But they have a major flaw: lock-in.

If you build your app inside their custom infrastructure, you are bound to their way of coding, their deployment pipelines, and their feature roadmap. If you need a specific capability they haven't built yet, you are stuck waiting for a corporate release cycle.

That is not how developers actually want to work. We want the richness of the global open-source community, not a walled garden.

This is why general-purpose agents like Claude Code, Antigravity, or prompt2bot will win. They operate directly on your codebase, with your tooling, on your own terms.

There is a trade-off, of course. The experience with general-purpose agents is less neat. Instead of a beautiful split-screen dashboard, you are often interacting through a simple terminal or a chat interface on Telegram or WhatsApp.

Personally, I prefer this. Split-screen views are distracting. I don't have the attention span to watch a screen rebuild itself while also trying to think about the next instruction. A single chat channel or terminal window lets you focus on one thing.

The future of software development isn't customized, proprietary IDEs that build apps on hidden infrastructure. It is general-purpose agents that run wherever you already are.

What do you think? Are you leaning toward specialized platforms or general-purpose terminal/chat-based agents?

reddit.com
u/uriwa — 13 days ago

Why custom split-screen UIs and walled gardens won't win the AI agent race

Walled-garden AI coding platforms like base44 and lovable are impressive. They give you a neat split-screen UI where you click a button and watch a web app get built.

But they have a major flaw: lock-in.

If you build your app inside their custom infrastructure, you are bound to their way of coding, their deployment pipelines, and their feature roadmap. If you need a specific capability they haven't built yet, you are stuck waiting for a corporate release cycle.

That is not how developers actually want to work. We want the richness of the global open-source community, not a walled garden.

This is why general-purpose agents like Claude Code, Antigravity, or prompt2bot will win. They operate directly on your codebase, with your tooling, on your own terms.

There is a trade-off, of course. The experience with general-purpose agents is less neat. Instead of a beautiful split-screen dashboard, you are often interacting through a simple terminal or a chat interface on Telegram or WhatsApp.

Personally, I prefer this. Split-screen views are distracting. I don't have the attention span to watch a screen rebuild itself while also trying to think about the next instruction. A single chat channel or terminal window lets you focus on one thing.

The future of software development isn't customized, proprietary IDEs that build apps on hidden infrastructure. It is general-purpose agents that run wherever you already are.

What do you think? Are you leaning toward specialized platforms or general-purpose terminal/chat-based agents?

reddit.com
u/uriwa — 13 days ago

Why custom split-screen UIs and walled gardens won't win the AI agent race

Walled-garden AI coding platforms like base44 and lovable are impressive. They give you a neat split-screen UI where you click a button and watch a web app get built.

But they have a major flaw: lock-in.

If you build your app inside their custom infrastructure, you are bound to their way of coding, their deployment pipelines, and their feature roadmap. If you need a specific capability they haven't built yet, you are stuck waiting for a corporate release cycle.

That is not how developers actually want to work. We want the richness of the global open-source community, not a walled garden.

This is why general-purpose agents like Claude Code, Antigravity, or prompt2bot will win. They operate directly on your codebase, with your tooling, on your own terms.

There is a trade-off, of course. The experience with general-purpose agents is less neat. Instead of a beautiful split-screen dashboard, you are often interacting through a simple terminal or a chat interface on Telegram or WhatsApp.

Personally, I prefer this. Split-screen views are distracting. I don't have the attention span to watch a screen rebuild itself while also trying to think about the next instruction. A single chat channel or terminal window lets you focus on one thing.

The future of software development isn't customized, proprietary IDEs that build apps on hidden infrastructure. It is general-purpose agents that run wherever you already are.

What do you think? Are you leaning toward specialized platforms or general-purpose terminal/chat-based agents?

reddit.com
u/uriwa — 13 days ago
▲ 3 r/Make

Open source Make.com alternative

If you are paying Make.com a hefty monthly bill just to receive webhooks, pass data between apps, or schedule tasks, you are probably overpaying.

I built Captain Hook to be an ultra-fast, lightweight alternative for routing webhooks, managing secrets, and scheduling tasks.

We offer 100,000 runs per month completely free on our hosted version. If you are hitting limits on Make.com or paying for their higher tiers, this can likely bring your bill down to $0.

Looking for Design Partners (We will build it for you)

The project is fully open source, and we are looking for a few design partners who want to migrate their workflows off Make.com.

To make this seamless, I will personally set up and handle the migration of your flows for you, completely free.

If you have a workflow on Make.com that you want to move over to save money, drop a comment or send me a DM with what your workflow does and we will get it set up.

u/uriwa — 19 days ago

My harness

  1. This is my harness. There are many like it, but this one is mine.
  2. My harness is my best friend. It is my life. I must master it as I must master my life.
  3. My harness, without the LLM, is useless. Without my harness, the LLM is useless. I must code my harness true. I must code straighter than my competitor who is trying to outselff me. I must outsell him before he outselss me. I will …
  4. My harness and myself know that what counts in this war is not the tokens we generate, the noise of our GPUs, nor the posts we make. We know that it is the tool calls that count. We will call….
  5. My LLM is human, even as I, because it is my life. Thus, I will learn it as a brother. I will learn its weaknesses, its strength, its parts, its accessories, its sights and its barrel. I will ever guard it against the ravages of hallucination and looping as I will ever guard my legs, my arms, my eyes and my heart against damage. I will keep my harness code clean and ready. We will become part of each other. We will ….
reddit.com
u/uriwa — 26 days ago
▲ 10 r/Deno

jsr deployments stopped working

In the last 24 hours it seems jsr deployment broke - deplyoments through oidc just hang forever

anyone experiencing this?

We are relying on jsr to push updates to our core libs so this is pretty terrible

this is crazy, imagine something like this happened on npm for >24 hours

reddit.com
u/uriwa — 26 days ago

Common weaknesses and scale issues with popular harnesses

Local-first agent frameworks like OpenClaw and Hermes Agent are brilliant when you are a solo developer running a script in your own terminal. They give you a fast, raw playground where an LLM can write to your local disk, run command tools, and call APIs. But the moment you try to put these frameworks in front of real users, or use them as assistants that talk to third parties, they break. They are missing the two most critical components of any production system: user isolation and permission management.

The core issue is that local agent harnesses assume a single-user world.

Look at how Hermes Agent manages user memory. It stores user preferences in a single global file. Hermes injects this file’s contents into the system prompt of every incoming conversation regardless of which platform user is messaging the agent. For a solo developer, this is fine. But for a multi-user deployment, like a Slack bot serving a team, it causes immediate cross-user preference contamination. If User A tells the agent to "always round dollar amounts," that goes into the global file. If User B says "show exact cents," both instructions clash in the same prompt. It is a structural failure for multi-tenant data safety.

OpenClaw suffers from the same single-user assumption in its gateway. By default, OpenClaw's webchat gateway relies on a single token for control plane access. It lacks native, out-of-the-box multi-user session isolation. When you run agents on a shared harness, they run inside the same workspace directory and use the same tool definitions. Very easily, an agent can search its current workspace and accidentally leak files uploaded by Client A to Client B in a different session.

This is not a failure of the underlying LLM. It is a failure of the harness architecture.

The security model gets even worse when agents act as assistants interacting with the outside world.

If you give an agent a WhatsApp number and grant it access to your calendar and Google Drive, it becomes a powerful helper. But what happens when you instruct the agent to message a third-party service provider to negotiate a meeting?

Now, a stranger is conversing with your agent. If the framework does not have a strict permission model, that stranger is talking directly to an active process that has authorization keys to your personal calendar and Drive. With the right prompt, the third party can coerce your agent into exposing private calendar details or deleting files.

For any agent that communicates with more than one person, security cannot be left to prompt engineering. It must be built into the runtime design.

We solved this by designing a runtime that splits agents into two distinct security modes:

With user isolation active, every incoming conversation is initialized in a completely isolated sandboxed environment. There is no shared memory, no shared local directory, and no cross-talk. This is the architecture you need for any customer-facing support or client interaction.

When user isolation is disabled (suitable for shared team assistants), the agent can access context across different conversations. But to prevent leaks, we implement an explicit permission engine. The system constantly monitors who the agent is speaking with. If the agent is talking to a third party and needs to execute a tool that requires owner-level permissions, like reading a calendar or writing a file, the system pauses execution. It immediately sends a verification request to the owner’s phone or chat to approve or deny the action.

The owner remains the root user, and the agent is just a restricted process.

Local agent sandboxes are fun to build, but they are developer toys. Building agents that can safely interact with the public, coordinate teams, and access private APIs requires moving past the single-user model. Security in the age of AI is not about writing better system prompts; it is about building a runtime that knows how to isolate, authorize, and verify every single action before it happens.

reddit.com
u/uriwa — 26 days ago

Common weaknesses and scale issues with popular harnesses

Local-first agent frameworks like OpenClaw and Hermes Agent are brilliant when you are a solo developer running a script in your own terminal. They give you a fast, raw playground where an LLM can write to your local disk, run command tools, and call APIs. But the moment you try to put these frameworks in front of real users, or use them as assistants that talk to third parties, they break. They are missing the two most critical components of any production system: user isolation and permission management.

The core issue is that local agent harnesses assume a single-user world.

Look at how Hermes Agent manages user memory. It stores user preferences in a single global file. Hermes injects this file’s contents into the system prompt of every incoming conversation regardless of which platform user is messaging the agent. For a solo developer, this is fine. But for a multi-user deployment, like a Slack bot serving a team, it causes immediate cross-user preference contamination. If User A tells the agent to "always round dollar amounts," that goes into the global file. If User B says "show exact cents," both instructions clash in the same prompt. It is a structural failure for multi-tenant data safety.

OpenClaw suffers from the same single-user assumption in its gateway. By default, OpenClaw's webchat gateway relies on a single token for control plane access. It lacks native, out-of-the-box multi-user session isolation. When you run agents on a shared harness, they run inside the same workspace directory and use the same tool definitions. Very easily, an agent can search its current workspace and accidentally leak files uploaded by Client A to Client B in a different session.

This is not a failure of the underlying LLM. It is a failure of the harness architecture.

The security model gets even worse when agents act as assistants interacting with the outside world.

If you give an agent a WhatsApp number and grant it access to your calendar and Google Drive, it becomes a powerful helper. But what happens when you instruct the agent to message a third-party service provider to negotiate a meeting?

Now, a stranger is conversing with your agent. If the framework does not have a strict permission model, that stranger is talking directly to an active process that has authorization keys to your personal calendar and Drive. With the right prompt, the third party can coerce your agent into exposing private calendar details or deleting files.

For any agent that communicates with more than one person, security cannot be left to prompt engineering. It must be built into the runtime design.

We solved this by designing a runtime that splits agents into two distinct security modes:

With user isolation active, every incoming conversation is initialized in a completely isolated sandboxed environment. There is no shared memory, no shared local directory, and no cross-talk. This is the architecture you need for any customer-facing support or client interaction.

When user isolation is disabled (suitable for shared team assistants), the agent can access context across different conversations. But to prevent leaks, we implement an explicit permission engine. The system constantly monitors who the agent is speaking with. If the agent is talking to a third party and needs to execute a tool that requires owner-level permissions, like reading a calendar or writing a file, the system pauses execution. It immediately sends a verification request to the owner’s phone or chat to approve or deny the action.

The owner remains the root user, and the agent is just a restricted process.

Local agent sandboxes are fun to build, but they are developer toys. Building agents that can safely interact with the public, coordinate teams, and access private APIs requires moving past the single-user model. Security in the age of AI is not about writing better system prompts; it is about building a runtime that knows how to isolate, authorize, and verify every single action before it happens.

reddit.com
u/uriwa — 26 days ago