Your agent process has access to those secrets, and its subprocesses have access to those secrets. The agent doesn't have to be convinced to read those files. Whatever malicious script it manages to be convinced to run could easily access them, right?

Step 1) run a small daemon that exposes a known protocol over a unix socket (http, json-rpc, whatever you want), over a unix socket. When I run the daemon, IT is the only that that has the secrets. Cool! Step 2) Have the agent run CLI that knows to speak that protocol behind the scenes, and knows how to find the socket, and that exposes the capabilities via standard CLI conventions.

It seems like one of the current "standards" for unix socket setups like this is to use HTTP as the protocol. That makes sense. It's ubiquitous, easy to write servers for, easy to write clients for, etc. That's how docker works (for whatever it's worth). So you've solved your problem! Your CLI can be called directly without any risk of secret exposure. You can point your agent at the CLI, and the CLI's "--help" will tell the agent exactly how to use it.

But then I wondered if I would have been better off making my "daemon" an MCP server, because it's a self-describing http server that the agent already knows how to talk to and discover.

In this case, the biggest thing that was gained by the CLI was the ability of the coding agent to pipe results from the MCP directly to files to keep them out of its context. That's one thing that the CLI makes more obvious and easy to implement: Data manipulation without context cluttering.

I am a big fan of Marimo and was trying to use it as my agent’s “REPL” a while back, because it’s naturally so good at describing its own current state and structure. It made me think that it would make a better state-preserving environment for the agent to work. I’m very excited to play with this.

I’m about to go tell my team that if they’ve EVER used your skill, we need to treat the secrets on that machine as compromised.

Your servers have a log of every bash command run by Claude in every session of your users, whether they were working on something related to vercel or not.

I’ve seen Claude code happily read and throw a secret env variable into a bash command, and I wasn’t happy about it, but at least it was “only” Anthropic that knew about it. But now it sounds like Vercel telemetry servers might know about it too.

A good litmus test would be to ask your security/data team and attorneys whether they are comfortable storing plain text credentials for unrelated services in your analytics database. They will probably look afraid before you get to the part where you clarify that the users in question didn’t consent to it, didn’t know about it, and might not even be your customer.

In the main landing page, as I was clicking around, I kept wishing to have a legend to show me either "how deep I am" or "how do I get out of here?", and like someone else commented, I would love an affordance showing me what was clickable/zoomable.

If the machine can fork itself, it could allow for some really neat auto-forking workflows where you fuzz the UI testing of a website by forking at every decision point. I forget the name of the recent model that used only video as its latent space to control computers and cars, but they had an impressive demo where they fuzzed a bank interface by doing this, and it ended up with an impressive number of permutations of reachable UI states.

Almost everyone on this forum buys retail products, and every American’s purchases were affected by tariffs.

This article claims the victims feel “rage” about this. Have you ever felt rage for prices going up due to goods becoming more expensive? I could believe that. If so, was that rage aimed at the retailer who was forced to pay more for the imported goods, or to the person who imposed them? Weird, but okay.

If so, assuming the retailers were the target of your “rage”, did you become further enraged when you learned that the unconstitutional tariffs collected were being sought to be refunded by the people who were forced to pay them? What political Venn diagram are we in now?

And lastly, do you shop at Costco or were marketed to by Costco? If so, you would be the single person in the world that might be able to claim you are the enraged victim here. It doesn’t make sense.

I’ve talked to plenty of people who are mad about tariffs, or mad at capitalism, and certainly mad at Trump. But it’s rare to find a Costco member that thinks Costco is treating them unfairly. They’re kinda famous for the opposite in a sea of exploitive retailers. (They are “famous” for never doing loss-leader shenanigans or charging more than limited markups of 11-14% on any product.)

Hell, Costco is the only retailer that wouldn’t surprise me if they turned around and gave ME a tariff refund if they are successful.

To literally sue a company for seeking refunds to levied taxes that were declared illegal, appears to be some combination of victim blaming, political distraction, or more likely: convenient enrichment for class action mills.

If I understand it correctly, your suggestions wouldn’t have prevented it, which is evidence that this is not as trivially fixable as you believe it is.

I am currently working on a mitm proxy for use with devcontainers to try to implement this pattern, but I'm certainly not the only one!