Hacker News: gbrindisi

New comment by gbrindisi in "Open Code Review – An AI-powered code review CLI tool"

gbrindisi — Fri, 05 Jun 2026 08:01:39 +0000

I like the pattern of making a dedicated cli/harness and just build a skill to teach coding agents to use it.

At $work we built a thorough workflow to do security reviews, which is a pure skill to simplify adoption https://www.synthesia.io/post/automating-code-security-revie...

But the user experience is tricky because if we aim for very low false positives the run time for this kind of workflows is too long, it's then hard to justify blocking PRs.

Automating Code Security Reviews

gbrindisi — Fri, 15 May 2026 13:49:28 +0000

Article URL: https://cloudberry.engineering/article/automating-code-security-reviews/

Comments URL: https://news.ycombinator.com/item?id=48148576

Points: 2

# Comments: 0

New comment by gbrindisi in "RSS feeds send me more traffic than Google"

gbrindisi — Thu, 07 May 2026 14:02:24 +0000

I protest the modern web by trying to consume all content via RSS.

The feed reader shall be my main window to the world, and I am sorry that it's not obvious to content creators that I read them so I often send an email on the note of "I enjoyed this article you wrote, thanks".

I write a small blog myself and I see the other side of it, but I just gave up on SEO, metrics, etc. I want to be the change I'd like see in the world: I publish full content RSS, I remove all analytics, make the website as lean as I can, put out my contact data and my only success metric is # of interactions I get with occasional readers.

New comment by gbrindisi in "My AI-Assisted Workflow"

gbrindisi — Wed, 15 Apr 2026 08:35:19 +0000

This is pretty much a spec driven workflow.

I do similar, but my favorite step is the first: /rubberduck to discuss the problem with the agent, who is instructed by the command to help me frame and validate it. Hands down the most impactful piece of my workflow, because it helps me achieve the right clarity and I can use it also for non coding tasks.

After which is the usual: write PRDs, specs, tasks and then build and then verify the output.

I started with one the spec frameworks and eventually simplify everything to the bone.

I do feel it’s working great but someday I fear a lot of this might still be too much productivity theater.

New comment by gbrindisi in "Anatomy of the .claude/ folder"

gbrindisi — Fri, 27 Mar 2026 20:20:45 +0000

are agents/ still relevant after we got skills? I am genuinely confused on why I would need custom system prompts for specific agents, what should I use them for?

New comment by gbrindisi in "My minute-by-minute response to the LiteLLM malware attack"

gbrindisi — Thu, 26 Mar 2026 16:27:10 +0000

thanks for raising the alarm and sharing this, very insightful

(also beautifully presented!)

New comment by gbrindisi in "Scaling Vulnerability Management with AI: What Worked"

gbrindisi — Thu, 19 Mar 2026 14:16:47 +0000

1. I dont have hard metrics at hand but with the latest Sonnet I'd say we reach consensus around 80% of the time, with Opus is almost always but we are not using it due to cost

2. The difference I see in agent behavior when they don't reach consensus is usually either

- when one of them didn't explore enough and lack context

- and/or when their risk assessment is off

The latest happen often, in other workflows based on agents we are now giving clear instruction on how to assess risk and where to draw a line to consider something a true positive.

3. validation is on Sonnet, we don't use persona based prompts but all the 3 validators get's the same task and context. The agent orchestrating them will take their output and make the final decision. We use an internal fork of the claude code github action for now.

Scaling Vulnerability Management with AI: What Worked

gbrindisi — Thu, 19 Mar 2026 12:52:15 +0000

Article URL: https://www.synthesia.io/post/scaling-vulnerability-management-with-ai-what-actually-worked

Comments URL: https://news.ycombinator.com/item?id=47438533

Points: 8

# Comments: 3

New comment by gbrindisi in "Get Shit Done: A meta-prompting, context engineering and spec-driven dev system"

gbrindisi — Wed, 18 Mar 2026 08:01:15 +0000

I am doing something similar: I use openspec to create context and a sequential task list that I feed to ralph loops, so that i’m involved for the planning and the verification step but completely hands off the wheel during code generation.

New comment by gbrindisi in "Get Shit Done: A meta-prompting, context engineering and spec-driven dev system"

gbrindisi — Tue, 17 Mar 2026 21:04:30 +0000

I like openspec, it lets you tune the workflow to your liking and doesn’t get in the way.

I started with all the standard spec flow and as I got more confident and opinionated I simplified it to my liking.

I think the point of any spec driven framework is that you want to eventually own the workflow yourself, so that you can constraint code generation on your own terms.

Facing bankruptcy after unauthorized Gemini API usage of about $128k

gbrindisi — Mon, 16 Mar 2026 09:11:34 +0000

Article URL: https://old.reddit.com/r/googlecloud/comments/1rv3xr9/we_are_facing_possible_bankruptcy_after/

Comments URL: https://news.ycombinator.com/item?id=47396643

Points: 5

# Comments: 1

Agentic Risks

gbrindisi — Wed, 11 Mar 2026 10:18:24 +0000

Article URL: https://cloudberry.engineering/article/agentic-risks/

Comments URL: https://news.ycombinator.com/item?id=47333765

Points: 1

# Comments: 0

Sandboxing Agents

gbrindisi — Tue, 10 Mar 2026 21:45:45 +0000

Article URL: https://cloudberry.engineering/article/on-sandboxing-agents/

Comments URL: https://news.ycombinator.com/item?id=47329165

Points: 1

# Comments: 0

New comment by gbrindisi in "Jolla on track to ship new phone with Sailfish OS, user-replaceable battery"

gbrindisi — Mon, 09 Mar 2026 19:32:17 +0000

fifteen years ago I use to do mobile pentests for banks and when we could not find anything significant for the reports we could’ve always count on “lack of rooting detection” and pin the risk on some vague mobile banking malware threat pushed by marketing. I am sorry I contributed to this nonsense.

100% security theater, and here we are.

New comment by gbrindisi in "Agent Safehouse – macOS-native sandboxing for local agents"

gbrindisi — Mon, 09 Mar 2026 09:04:31 +0000

ah I also did my own sandbox and at least twice the agent inside tried really hard to go around the firewall, so I ended up intercepting calls to `connect` to return a message that says "Connection refused by the sandbox, don't try to bypass".

Code here: https://github.com/gbrindisi/agentbox

New comment by gbrindisi in "Google Workspace CLI"

gbrindisi — Thu, 05 Mar 2026 08:15:10 +0000

the most annoying thing with Google Workspace is that you need super admin privilege to properly audit the environment programmatically, I believe because of the cloud-identity api.

I Automated a Daily Intelligence Briefing with OpenClaw

gbrindisi — Tue, 10 Feb 2026 22:50:51 +0000

Article URL: https://www.josecasanova.com/blog/openclaw-daily-intel-report

Comments URL: https://news.ycombinator.com/item?id=46968120

Points: 1

# Comments: 0

New comment by gbrindisi in "AI Slop Report: The Global Rise of Low-Quality AI Videos"

gbrindisi — Sun, 28 Dec 2025 08:32:11 +0000

I noticed that too and it’s kinda scary. Soon we will have the opposite of canceling, where the target will be deepfaked to say everything and its opposite to nullify their signal to noise ratio.

New comment by gbrindisi in "Cloudflare was down"

gbrindisi — Fri, 05 Dec 2025 11:43:34 +0000

The crowdstrike incident taught us that no one is going to review any dependency whatsoever.

New comment by gbrindisi in "How to build a coding agent"

gbrindisi — Sun, 24 Aug 2025 12:50:54 +0000

I wonder how far I could go with a barebone agent prompted to take advantage of this with Sonnet and the Bash tool only, so that it will always try to use the tool to only do `python -c …`