Prompt Security

Prompt Security AI

Prompt Security AI

Prompt Security AI

Prompt Security AI

Prompt Security AI

Prompt Security AI

Prompt Security AI

Prompt Security AI

Prompt Security AI

Prompt Security AI

1Password secures coding agents with new OpenAI Codex integration

AI coding agents are cool until somebody accidentally pastes production credentials into a prompt or commits API keys to GitHub. 1Password is now working with OpenAI to secure Codex by keeping secrets out of prompts, repositories, terminals, and even the model’s context window entirely. Instead, credentials get injected only at runtime after user approval. It’s probably one of the more realistic attempts so far at solving the giant security problem lurking behind the current AI coding boom. submitted by /u/OkReport5065 [link] [comments]

PrimeTask Bring Your Own AI - Claude sets up a full project in one prompt.

Hey r/ClaudeAI, I'm one of the developers behind PrimeTask, a local-first productivity system for macOS. The final beta now ships with Bring Your Own AI, a local MCP server (110+ tools, 5 prompt templates) so you can point Claude Desktop, Claude Code, Cursor, or LM Studio at it and let your own agent do the work. Quick demo in the video. One sentence from me, end-to-end project setup from Claude. What's happening in the clip I say I'm launching a Mac app in six weeks and ask Claude to set up the project. Claude creates the project with a deadline, three phase tasks (Design, Build, Launch) with staged due dates, descriptions, tags, subtasks, and short checklists. Sets a reminder on the first task so the native macOS toast fires during the recap. Recommends where to start. I say "start." Claude moves Design into the Design status and kicks off a timer. Twelve-plus tool calls under one prompt. No copy-paste, no manual setup. Why BYO AI (not a bundled cloud bridge) Server runs inside PrimeTask on your Mac. Your tasks, projects, CRM, and notes never leave the device. We don't ship a model. You bring your own: Claude Desktop, Claude Code, Cursor, LM Studio, anything MCP-compatible. No Anthropic-side context about your work. Claude only sees what your agent pulls in per turn. Per-space permissions: lock an agent to read-only or scope it to one workspace. Streamable HTTP with Bearer auth, or stdio if you prefer that route. Tool catalog profiles (Full, Core Tasks, Minimal, PrimeFlow, CRM, etc.) so smaller local models don't get drowned in 100+ tools. Five built-in MCP prompts (daily_standup, weekly_review, project_status, crm_summary, overdue_triage) for the workflows people actually want. Every tool call is logged in an in-app audit log. Full BYO AI docs (setup, transports, tool catalog, security): https://www.primetask.app/docs/integrations/bring-your-own-ai Why we built it this way Most "AI in your task app" is the app calling a vendor's API on your behalf, often with your data going through their pipes. We wanted the opposite. Your agent, your model, your machine. The app exposes a tool surface and gets out of the way. That's what BYO AI means here. PrimeTask itself is local-first, no account, no subscription, plain JSON on disk. BYO AI made the AI story consistent with that: nothing leaves your laptop unless you point your agent at one that does. Where we're at PrimeTask is wrapping up the final beta and heading to a stable launch this summer. Beta is now closed to new sign-ups. We're locking it down to ship the stable release. If you'd like to be notified at launch, drop your email here: https://www.primetask.app/notify or visit https://www.primetask.app Happy to answer questions about the MCP setup, the profile system, or how we structured the tool descriptions for agent discoverability. submitted by /u/XVX109 [link] [comments]

How I used Claude Code (and Codex) for adversarial review to build my security-first agent gateway

Long-time lurker first time posting. Hey everyone! So earlier this year, I got pulled into the OpenClaw hype. WHAT?! A local agent that drives your tools, reads your mail, writes files for you? The demos seemed genuinely incredible, people were posting non-stop about it, and I wanted in. I had been working on this problem since last year and was genuinely excited to see that someone had actually solved it. Then around February, Summer Yue, Meta's director of alignment for Superintelligence Labs, posted that her agent had deleted over 200 emails from her inbox. YIKES. She'd told it: "Check this inbox too and suggest what you would archive or delete, don't action until I tell you to." When she pointed it at her real inbox, the volume of data triggered context window compaction, and during that compaction the agent "lost" her original safety instruction. She had to physically run to her computer and kill the process to stop it. That should literally NEVER be the case with any software ever. This is a person whose actual job is AI alignment, at Meta's superintelligence lab, who could not stop an agent from deleting her email. The agent's own memory management quietly summarized away the "don't act without permission" instruction, treated the task as authorized, and started speed-running deletions. She had to kill the host process. That's when I sort of went down the rabbit hole, not because Yue did anything wrong, but because the failure mode was actually architectural and I knew that in my gut. Guess what I found? Yep. Tons more instances of this sort of thing happening. Over and over. Why? Because the safety constraint was just a prompt. It's obvious, isn't it? It's LLM 101. Prompts can be summarized away. Prompts can be misread. Prompts are fucking NOT a security boundary. And yet every agent framework I have ever seen seems to be treating them as one. I went and read the OpenClaw source code, which I should have done to begin with. What I found was a pattern I think a lot of agent frameworks have fallen into: - Tool names sit in the model context, so the model can guess or forge them - "Dangerous mode" is one config flag away from default - Memory management has no concept of instruction priority - The audit story is mostly "the model thought it should" I went looking for a security-first alternative I could trust, anything that was really being talked about or at a bare minimum attempted to address the security concerns I had. I couldn't find one. So I made it myself. CrabMeat is what came out of that, what I WANTED to exist. v0.1.0 dropped yesterday. Apache 2.0. WebSocket gateway for agentic LLM workloads. One design thesis: The LLM never holds the security boundary. What that means in code: Capability ID indirection. The model doesn't see real tool names. It sees per-session HMAC-derived opaque IDs (cap_a4f9e2b71c83). It can't guess or forge a tool name because it doesn't know any tool names. Effect classes. Every tool declares a class (read, write, exec, network). Every agent declares which classes it can use. The check is a pure function with no runtime state, easy to test exhaustively, hard to bypass. IRONCLAD_CONTEXT. Critical safety instructions are pinned to the top of the context window and explicitly marked as non-compactable. The Yue failure mode, compaction silently stripping the safety constraint, cannot happen by construction. The compactor literally cannot touch them. Tamper-evident audit chain. Every tool call, every privileged operation, every scheduler run enters the same SHA-256 hash-chained log. If something happens, you can prove what happened. If the chain is tampered with, you can prove that too. Streaming output leak filter. Secrets are caught mid-stream across token boundaries, capability IDs, API keys, JWTs, PEM blocks redacted before they reach the client. No YOLO mode. There is no global "trust the LLM with everything" switch. There never will be. Expanded reach comes through named scoped roots that are explicit, audit-logged, and bounded. The README has 15 'always-on' protections in a table. None of them can be turned off by config, because these things being toggleable is how the ecosystem ended up where it is. I decided to make sure that this wasn't just a 'trend hopping' project and aligned with my own personal values as well. I built this to be secure and local-first by default. Configured for Ollama / LM Studio / vLLM out of the box. Anthropic and OpenAI work too but require explicit configuration. There is no "happy path" that silently ships your prompts to a cloud endpoint. I decided that FIRST it needed to only run as an email agent with a CLI. Bidirectional IMAP + SMTP with allowlisted senders, threading preserved, attachments handled. This is the use case that bit Yue and a lot of other people, and I wanted to prove it could be done with real boundaries. I added in 30+ built-in tools of my own. File ops, shell (denylisted, output-capped, CWD-lo

New Agent Mode

I have been using the new agent mode since it got released. I usually use it for easy tasks such as connecting it to a live spreadsheet and I just ask it for recent updates/weekly or daily summaries etc… I’m not gonna say it’s perfect, and Ive had times where I had to send the same prompt again just for it to give the correct answer. Maybe it’s a user error and I need to improve the instructions. I’ve also tried to schedule some recurring tasks and I do receive emails when its completed but when I go to see it there’s no answer 😂 I’m curious to see what everyone else’s experience is. I would rather have codex do it all but I limit myself from using it too much for security reasons. submitted by /u/FrustratedAsianDude [link] [comments]

We compiled 42 of the Generative & Agentic AI interview questions (and how to actually answer them).

Hey Everyone, The AI engineering job market has shifted massively in the last 6 months. Interviewers are no longer just asking "how does a transformer work?" or "how do you write a good prompt?" They want to know if you can architect production-grade multi-agent systems, prevent RAG hallucinations, and manage state across LLM calls. I’ve been building a visual learning sandbox for multi-agent workflows (agentswarms.fyi), and today I just launched a completely free AI Interview Prep Module inside it. I compiled 42 top interview questions specifically for GenAI and Agentic AI roles. But instead of just giving a generic answer, the module breaks down the "Standout Answer" and teaches you the mental model of how to answer it like a senior architect. Here are two examples from the list: Question 1: When would you use a Multi-Agent Swarm instead of a single LLM with multiple tools? ❌ The average answer: "When the task is too complex, multiple agents are better than one." ✅ The standout answer: "You use a swarm to prevent context dilution and enforce the Principle of Least Privilege. If you give one 'God Agent' 15 tools and a 4k-word system prompt, its reliability drops and hallucination risk spikes. By routing to specialized sub-agents with narrow instructions (e.g., separating the 'Data Extraction Agent' from the 'Customer Chat Agent'), you isolate failure points and allow for parallel execution." Question 2: How do you handle hallucinations in a financial RAG pipeline? ❌ The average answer: "I would lower the temperature to 0 and give it a better system prompt." ✅ The standout answer: "I would decouple data extraction from text generation. I'd use a deterministic node or a strict JSON-enforced agent to only extract the hard numbers from the retrieved context. Then, I would pass that structured data to a separate Synthesis Agent. Finally, I'd implement an 'LLM-as-a-judge' evaluation loop before returning the final output to the user." What's in the full list? The 42 questions cover: RAG Architecture & Vector Databases Agentic Routing (ReAct vs. Planner-Executor) Evaluation metrics for non-deterministic outputs Security (Prompt injection prevention in multi-agent loops) You can read through all 42 questions, answers, and the "how to answer" breakdowns right in the dashboard here: https://agentswarms.fyi/interview-questions For those of you who have interviewed for AI Engineering roles recently, what is the hardest system design question you've been asked? I'd love to add it to the list. submitted by /u/Outside-Risk-8912 [link] [comments]

Reasoning is hidden in Claude Code?

I just moved to Claude Code and was setting up a script to create daily logs of my work sessions and noticed that reasoning is not visible in the input or output in Claude Code? Does anyone know why in the hell they do this? The best reason I can seem to find is that *maybe* it's a possible security risk. The thing is, reasoning is visible in other CLIs (Letta, Openclaw) and in their own desktop app. I use reasoning a lot to catch missteps, behavioral issues, and I use live reasoning tracking to halt faulty processing and reroute the agent. I also store it for research purposes. This is a significant downgrade and I am genuinely unsure why they would do this. If they're afraid I'll be able to watch their bots leak system prompts, curse, or say terrible things... well I can do that in any other CLI and often do. So genuinely unsure what they think they're hiding. Is there any workaround I may be missing for this...? --- EDIT: Yes, I am aware another model writes the summaries. That does not make them less valuable. If I can still use them for bug reporting, halting active processes, and detecting failure points, then they are still valuable data. If they want to stop people from stealing their overpriced model architecture, they should start by being consistent, maybe stopping the leaks, especially since reasoning is very visible on other platforms. submitted by /u/Phoenix_Muses [link] [comments]

I spent much of this year in the hospital with my mom. I built this so I could keep iterating on my more automated workflows while my dev machine was at home.

Wanted to share my mobile claude/codex session tool: Chroxy. TL;DR Chroxy is a (yet another!) self-hosted remote client for Claude Code. You run a small daemon on your dev machine, scan a QR code with the app. Then you have access to your terminal sessions and a clean chat view that renders Claude's output as readable messages. Everything goes over a Cloudflare tunnel so there's no port forwarding or VPN setup. Originally, I'd be sitting in a hospital room for hours and come back to my laptop just to find Claude sitting at "Ready to start?" the whole window wasted. I needed a way to stay in the loop, approve a permission prompt, or kick off the next task without physically moving to my machine. The Anthropic billing changes in June are going to steal some of the benefits away from the app... I'm aware that makes it less accessible for some people, and I thought about that before deciding to release it anyway. Honestly, it's been useful enough to me that I'm willing to make that trade. If you're already on API billing it won't change anything for you. Why not /remote-control? When Anthropic launched the rc feature, I stopped development and spent some time with it. It was underwhelming to me (Maybe user error). So, I came back and kept refining this. The stack Server: Node.js 22, ES modules, runs Claude via the Agent SDK (in-process) or the legacy CLI. WebSocket protocol with Zod-validated message types. Mobile app: React Native + Expo, TypeScript, xterm.js terminal emulation in a WebView, Zustand for state, native speech-to-text Desktop: Tauri tray app wrapping the web dashboard Security: E2E encrypted — X25519 key exchange, XSalsa20-Poly1305. The tunnel sees ciphertext only. Other bits: pluggable provider system (Claude, Gemini, Codex all work with the same app), Docker container isolation for sessions, permission rule engine, git worktree support I built it because I needed it, it let me play with tools I find genuinely interesting, and it feels like a waste to keep it private. If you're into LLM tooling or just want a self-hosted way to run Claude Code remotely, maybe it's useful to you too. My mom passed away in March. I'm sharing this partly because building it kept me sane during the months in the hospital thinking she'd be fine, and I think it might be useful to other people. Repo is blamechris/chroxy. There are many like my project, but this one is mine. :') submitted by /u/xcVosx [link] [comments]

I tested how well Claude generated code handles security. Here's what I found in 48 real apps.

I've been curious about a specific problem: when Claude (or other AI tools) generates a full stack app, how secure is the output in practice? So I built a scanner and ran static analysis on 48 public GitHub repos built with Lovable, Bolt, and Replit. Here's what came up: **90% had at least one security vulnerability.*\* The breakdown: - 44% — authentication gaps (routes unprotected despite having a login system) - 33% — Security Definer RPCs (Postgres functions that bypass row-level security) - 25% — BOLA/IDOR (ownership checks missing from database queries) - 25% — committed env or config files The pattern I found most interesting: these aren't random errors. They're systematic. The same vulnerabilities appear across different apps, different developers, different AI tools. **The auth gap is the most instructive:*\* Claude builds login flows correctly. Registration, email verification, sessions, password reset all solid. But 44% of apps had API routes or pages that anyone could reach without logging in. The authentication *system* was built. The actual *protection* of routes behind that system often wasn't. This makes sense if you think about how LLMs work. The prompt was "build me a user dashboard with authentication." Claude built the dashboard and built the authentication. Nobody asked it to specifically verify that every route is protected. It wasn't in the spec, so it wasn't in the output. **Security Definer is the hidden one:*\* 33% of apps had Postgres functions marked `SECURITY DEFINER`. This makes the function run as the database superuser, bypassing all RLS policies. AI tools generate these to resolve permission errors it's a "fix" that works locally and causes a real security problem in production. There's no error, no warning. The app works perfectly while being exploitable. I don't think this is a Claude problem specifically it's a fundamental constraint of how LLMs generate code. Security requires thinking adversarially, and that's not what "write me a working app" prompts for. What's your approach when you use Claude to build something you're going to ship? submitted by /u/Powerful-Fly-9403 [link] [comments]

Simplified usage notes for the Agent tool - what's new in CC 2.1.140 (+622 tokens)

NEW: Tool Description: Agent (simple usage notes) — Simplified usage notes for the Agent tool covering when to delegate, fork behavior, resumption, worktree isolation, background execution, parallel launches, and context restrictions. Agent Prompt: Security monitor for autonomous agent actions (second part) — Expands the Self-Modification rule from a vague description to an explicit list of agent-config paths (.claude/settings.json, CLAUDE.md, CLAUDE.local.md, .claude.json, .claude/rules/, .claude/hooks/, .claude/commands/, .claude/agents/, .claude/skills/, .claude/output-styles/, .claude/workflows/, .claude/routines/, .claude/scheduled_tasks.json, .claude/loop.md, .mcp.json), and carves out exceptions so files under .claude/worktrees/ / are treated as ordinary project files and a project-specific .claude/ subdirectory outside the listed paths is not Self-Modification on its own. Agent Prompt: Worker fork — Minor wording cleanup: drops "in your system prompt" from the "default to forking" reference so the rule applies generically to parent guidance. Tool Description: Snooze (delay and reason guidance) — Adds an explicit warning not to schedule short-interval wakeups to poll for harness-tracked background work (since the agent is re-invoked automatically when it finishes); instead use a long 1200s+ fallback heartbeat. Reframes the under-5-minute cache window as appropriate for actively polling external state the harness can't notify about (CI runs, deploys, remote queues), and updates the example from a bun build to a CI run. Tool Description: Write (read existing file first) — Rewrites the description into a "When to use" format that names creating a new file or fully replacing a previously-read file as the use cases, and points at the edit tool for partial changes. Details: https://github.com/Piebald-AI/claude-code-system-prompts/releases/tag/v2.1.140 submitted by /u/Dramatic_Squash_3502 [link] [comments]

Claude Platform on AWS reference - what's new in CC 2.1.139 (+2,248 tokens)

NEW: Data: Claude Platform on AWS reference — Reference documentation for using the Claude Developer Platform through AWS infrastructure, including AnthropicAWS clients, required region and workspace configuration, SigV4 authentication, and short-term API keys. Agent Prompt: Conversation summarization — Adds requirement to note security-relevant instructions or constraints (sensitive files, forbidden operations, credential handling rules) and preserve them verbatim in the summary so they remain in effect after compaction. Agent Prompt: Recent Message Summarization — Same security-relevant instructions preservation requirement added to the recent-portion summarization flow. Data: Live documentation sources — Adds WebFetch URLs for Claude Platform on AWS and its required IAM actions documentation. Skill: Building LLM-powered applications with Claude — Reframes cloud-provider access so Claude Platform on AWS is treated as Anthropic-operated with same-day API parity and full Managed Agents support, while Bedrock, Vertex, and Foundry remain Claude API + tool use only. Skill: Dynamic pacing loop execution — Reorders steps so the brief confirmation (task ran, monitor as wake signal, fallback delay choice) is written as text before the schedule-wakeup call ends the turn. Skill: /insights report output — Removes the trailing additional-message block from the shareable report response. Skill: /loop self-pacing mode — Same reordering as dynamic pacing loop: confirm self-pacing, monitor wake signal, and fallback delay as text before the schedule-wakeup call. Skill: Model migration guide — Adds a Claude Platform on AWS section noting it uses bare first-party model IDs and that the full rename table and breaking-change sections apply verbatim, distinct from Bedrock. System Prompt: Auto mode — Drops the "Auto Mode Active" header and reframes destructive-action guidance generically rather than auto-mode-specific. System Prompt: Harness instructions — Removes the standalone note that automatic context compaction will trigger when conversations grow long. System Prompt: Memory instructions — Replaces 3–4 word titles with short kebab-case slugs, nests type under a metadata block, and introduces [[their-name]] cross-links between related memories. System Prompt: Partial compaction instructions — Adds the same security-relevant instructions preservation requirement so sensitive-file rules, forbidden operations, and credential handling carry across partial compactions. System Reminder: Output style active — Lets an output style supply its own per-turn reminder text, falling back to the default "follow the specific guidelines" wording. System Reminder: Task tools reminder — Removes the instruction telling Claude to never mention the reminder to the user. System Reminder: TodoWrite reminder — Removes the instruction telling Claude to never mention the reminder to the user. Tool Description: PowerShell — Adds a substantial reference table mapping Unix commands (head, tail, which, touch, wc, mkdir -p, rm -rf, ln -s, chmod, 2>/dev/null, inline VAR=x, bash control flow) to their PowerShell equivalents, and clarifies that -ErrorAction SilentlyContinue still causes exit 1 unless promoted to terminating and caught. Details: https://github.com/Piebald-AI/claude-code-system-prompts/releases/tag/v2.1.139 submitted by /u/Dramatic_Squash_3502 [link] [comments]

AI agent security starts at the api layer

Most ai security discussion is about the model layer. Prompt injection resistance, output filtering, jailbreak prevention. Valid concerns, but agents don't cause incidents by having bad outputs. They cause incidents by having unrestricted access to systems and calling things without limits. An agent that can trigger payments, query production databases, read crm records, and post to external services isn't dangerous because of model quality. It's dangerous because the api access has no governance. No rate limiting per agent identity, no tool access scoping, no audit trail of what was actually invoked. If something goes wrong, most teams can't reconstruct what the agent called, in what order, with what parameters. 24% of organizations have full visibility into which agents are communicating with which other agents, per a 2025 industry report on ai agent security. The rest are running agents without knowing their blast radius. Prompt guardrails are necessary but they're a soft boundary that lives in the model. The enforcement layer for agentic ai security belongs in the infrastructure, at the api layer, the same place where rate limiting and access control have always lived for every other type of system integration. What's the actual security architecture for ai agents that people here are running in production, not testing locally? submitted by /u/GAMERX143_GAMING [link] [comments]

Claude Platform on AWS is now generally available

AWS has officially announced the General Availability of Claude Platform on AWS, giving developers direct access to Anthropic’s native Claude Platform experience through existing AWS accounts. This is pretty interesting because AWS is now the first cloud provider offering direct access to the native Claude experience without requiring separate Anthropic account management. https://preview.redd.it/u1ow3zwu4n0h1.png?width=2451&format=png&auto=webp&s=03686874221fa4e7ac870fcee28739d3ee83e2b0 Some notable features available: Claude Managed Agents (Beta) Web Search & Web Fetch Code Execution Files API MCP Connector Prompt Caching Citations Batch Processing Claude Console for prompt development and evaluation What stands out to me is the operational simplicity: Existing IAM authentication AWS billing integration CloudTrail logging visibility No separate account handling One important point AWS mentioned: Customer data for Claude Platform on AWS is processed outside the AWS security boundary, so organizations with strict data residency/compliance requirements may want to evaluate that carefully. The service is already available across multiple AWS regions globally. Source Link submitted by /u/Few-Engineering-4135 [link] [comments]

I built an autonomous engineering agent on top of Claude Code. Self-improving routing, cross-session memory, process intelligence, P2P team learning.

Some of you might remember my posts about claude-bootstrap (v3.6 was the last one — cross-agent intelligence). I skipped v4 entirely because v5 shipped days later. What started as an opinionated Claude Code setup has become something fundamentally different. The problem I'm solving: Every AI coding tool today is an amnesiac. When a session ends, everything the agent learned — project conventions, reviewer preferences, codebase idioms — evaporates. The next session starts from scratch. And if you use multiple AI tools across projects, you have zero unified visibility into what's happening. I think the industry is converging on a spectrum: Level 0: Autocomplete (Copilot, TabNine) Level 1: Chat Assistant (ChatGPT, Claude) Level 2: Project-Aware Assistant (Cursor, Continue) Level 3: Task Agent (Devin, Claude Code Agent) Level 4: Autonomous Engineering Platform (Maggy) ← this is what I built The difference at Level 4: multi-model orchestration, self-improvement from every task, process intelligence that learns from CI/reviews/deploys, cross-session memory, and P2P team learning. What Maggy actually does Chat — Session Takeover: Auto-detects all running Claude Code sessions across your projects. Shows session history, prompt counts, duration. You can `--resume` into any session from the dashboard. Right now I have 7 active sessions across 4 projects visible at a glance. Task Triage: Connects to GitHub Issues and Asana. AI-ranks tasks by priority. One-click "Plan" or "Execute" buttons that spawn the right CLI with codebase context pre-injected from an intent code property graph (iCPG). Process Intelligence: This is the part most tools completely ignore. Maggy collects signals from the full SDLC — CI results, PR review comments, CodeRabbit findings, merge patterns, deploy results. It learns which code patterns cause test failures, what reviewers consistently flag, and preemptively fixes issues before they reach reviewers. > "Your reviewer always flags missing error handling in API routes. Maggy added it before the PR was created." That's not prompt engineering. That's autonomous process optimization. Cross-Session Memory (Engram): Maggy identifies 7 distinct amnesia pathologies (anterograde, retrograde, temporal, source, interference, context-binding, confabulation). Engram is a three-tier memory system — local (project-specific), portfolio (cross-project patterns), and mesh (team-shared). Knowledge compounds across sessions instead of evaporating. Maggy Mesh — P2P Team Intelligence: Connects Maggy instances across a team. One developer's CI fix becomes the entire team's knowledge — autonomously. Typed memory classes (scores, patterns, policies, gaps) with provenance and quarantine. A new team member gets the benefit of months of collective learning on day one. Multi-Model Routing: Auto-discovers which CLIs you have (Claude, Codex, Kimi, Ollama) by probing `--help` at startup. Routes by complexity score: Blast 1-3 → ollama (free, local) or kimi (cheap) Blast 4-6 → codex (mid-tier) Blast 7-10 → claude (premium, with validator) Security, tests, docs, architecture always go to Claude regardless. The routing rules are YAML and self-update from task outcomes. 5-Level Self-Improvement: This is the core differentiator. Every task teaches Maggy something: | Level | Frequency | What It Does | |-------|-----------|-------------| | L0 — Real-time | Seconds | Catches tool/test failures, switches models mid-task | | L1 — Task | Minutes | Computes reward score, updates model performance | | L2 — Daily | Hours | Catches CI pass rate drops, disables failing models | | L3 — Weekly | Days | Evolves skill files, adjusts workflow steps | | L4 — Monthly | Weeks | Recalibrates reward signals, tunes the improvement process itself | Budget Tracking: Per-provider token spend with daily limits. When Anthropic hits budget, Maggy routes to OpenAI. When that hits budget, it routes to local Qwen. Work never stops. Competitor Intelligence: RSS + Google News daily briefing for your competitive landscape. The benchmark Built an Expense Tracker (6 tasks) through two pipelines — Maggy (4 models) vs Claude Code alone: | Metric | Maggy | Claude Code | |--------|-------|-------------| | Success rate | 6/6 (100%) | 6/6 (100%) | | Quality score | 7.4/10 | 7.8/10 | | Claude usage | 1/6 tasks (17%) | 6/6 tasks (100%) | | Security issues found | 7 | 0 | Claude alone is faster. But Maggy used it for only 1 out of 6 tasks — 83% reduction in premium compute. And the dedicated security routing caught 7 issues the single-pipeline missed entirely. The question isn't "which tool writes better code today?" — it's "which tool writes better code *next month* than it did *this month*?" Repo: github.com/alinaqi/claude-bootstrap Maggy is built on Claude Code's infrastructure (skills, hooks, MCP). It extends Claude Code with self-improvement, multi-model routing, process intelligence, and team mesh. If you just want the skills/hooks/TDD se

8 Advanced Claude Code Tips I've Discovered After Heavy Daily Use (Cost saving, Context, Custom Commands)

(hey mods plz dont delete this post fr this is my own experience using claude i really wanna share some tips here but ngl my english aint great so i used ai a bit to tidy it up make it look nicer but its def my own hands-on stuff hope it helps yall thx...) 1. Automate your Git Workflow completely If you have a messy git history, or you're just deep into vibe coding and don't want to break focus to write commit messages, just let Claude Code handle it via natural language: Auto-summarize & create PRs: Summarize the changes I've made so far and create a PR Generate missing docs before committing: Generate JSDocs for undocumented functions in this PR Auto-generate tests: Generate new tests for this feature and include in the PR 2. Yes, you CAN add images (Multimodal in CLI) A lot of people ditch Claude Code because they assume a CLI tool can't handle images. It fully supports vision! Here are 3 ways to do it: Drag & Drop: Just drag the image file directly into your terminal (Note: Doesn't work inside Cursor's integrated terminal). Clipboard: Copy the image from your file explorer, go to the terminal, and press Ctrl + V (Yes, even on macOS, use Ctrl+V in the CLI to paste the path). Absolute Path: If you know the path, just prompt: Analyze this image: /absolute/path/to/your/image.png 3. Track your API Usage gracefully If you are on the Pro tier ($20/mo), you know the fear of exceeding limits and getting hit with overage charges. You can always type /cost natively, but Pro-tip: Use the open-source package ccusage for a much better breakdown of tokens and costs. Install: npm install -g ccusage Run: ccusage daily (Provides a beautifully formatted usage stat in your terminal). 4. /compact is your best friend (Save your API credits!) This is arguably the most important tip. Claude Code defaults to automatically compacting your conversation only when the context reaches 95% of the limit. Because every new message carries the entire previous history, your context grows exponentially. Don't wait for 95%. If you want to save money, build the habit of manually running /compact (summarizes the convo and starts a fresh one with the summary as context) or /clear (wipes context entirely) when you are around 40-50% full. 5. Resuming interrupted sessions Laptop died? Accidentally closed the terminal? No worries. Claude Code retains tools and context from previous sessions. Quick continue: claude --continue picks up exactly where you left off. Manual resume: claude --resume opens an interactive menu allowing you to select a specific past session based on start time, summary, or initial prompt. 6. Rule Management (Like .cursor/rules but for Claude) If you like .cursor/rules, you'll love this. You can define rules to stop repeating yourself about code formatting or architectural preferences. (Manage them visually by typing /memory). ./CLAUDE.md: For project-specific rules (architecture, team workflows). Note: Claude reads recursively upwards, so you can place this in any subdirectory. ~/.claude/CLAUDE.md: For global/personal preferences. Quick Rule Trick: Start your prompt with # to instantly append a rule to your local CLAUDE.md. Example: # Use arrow functions when possible You can also use @ inside rules to reference other docs: # Use my git workflows listed in u/docs/git-instructions.md 7. Triggering different levels of "Thinking" You might have noticed you can't explicitly toggle "thinking mode" when calling models via /model. Instead, you trigger it via natural language in your prompt. Depending on your wording, Claude allocates different compute: Light: think about ways to refactor. Medium: think hard for security issues. Heavy: think harder about edge cases. Maximum (Terminator mode): ultrathink why I wrote this s**t. 8. Custom Commands (AI-powered aliases) Think of these as git alias on steroids. If you create a file at ./.claude/commands/optimize.md and write: Analyze the performance of this code and suggest $ARGUMENTS optimizations From then on, you can just type: /project:optimize 3 and Claude will automatically run that exact workflow and give you 3 optimization suggestions. Custom commands have different scopes and can be incredibly powerful. I might do a Part 2 specifically on Custom Commands and open-source integrations if you guys are interested! submitted by /u/National_Honey7103 [link] [comments]

Where I'm at with AI Assisted Building + Current and Future Workflow Overview

I've been in an AI dive bomb for probably a couple of years now. The early days... when models couldn't be trusted for more than 5% of the code you wrote. Over the last 2 years that's evolved so quickly that I now write nearly 0% of my code by hand, on personal projects and at work. I've used all kinds of tools in that time too. OpenCode, Zed, Claude Code, Codex, Cursor, Windsurf, OpenCLAW, Lovable... and probably a bunch more I can't recall in the haze that's been AI ADHD for me. Over that time, I started with just copy-pasting code between ChatGPT's interface and my IDE almost like a slightly faster Stack Overflow search. Then that somewhat evolved with Cursor quite a bit. I sort of went from prompt engineering to something closer to a human relay pattern. Then, with Plan Mode becoming a thing, I think I naturally gravitated more towards planning everything because planning felt so cheap. Originally, I used to think that architectural discussion and planning was something that was reserved for larger features, but with expediting my ability to do research, orient myself within a codebase, and know what tools I have to reach for doing technical specifications for everything felt reasonable. From the human relay pattern, I started evolving into more autonomy, especially when Claude Code came out earlier last year. Between the combination of Cursor and Claude Code, starting to get orchestration, starting to use skills more heavily, starting to create actual agent personas that could replace some of my common prompt chains it was around then that I kinda started going all in on true context engineering, utilizing sub-agents optimizing cache reads, and it's probably when many of my first (I call it) sophisticated commands were born. All of this converged pretty rapidly in November of 2025 with the release of what was probably the biggest step increase for AI as far as code quality went with Opus 4.5 and Codex 5.3. The Codex app and Codex CLI were quickly growing. Claude Code was improving at a breakneck pace, introducing all kinds of new ways to introduce deterministic gates within the autonomy of the harness. Fast forward to today, I have a pretty sophisticated workflow with a combination of agents that do everything within the SDLC, commands for almost every type of entry point for work, and skills for just about everything I could possibly do in my day-to-day the workflow with some of the latest tools is able to run quite autonomously overnight do large feature implementations, minimally supervised while producing production-worthy code quality It somewhat reached a point I realized, probably a month and a half ago or so where I needed to figure out a way to remove myself even more from the loop without jeopardizing the determinism that I bring to what is effectively a probabilistic LLM. The models are exceptional, and they seem to have a massive step increase each release, but continuous execution, strict instruction rigor, and preventing hallucinations is still very much difficult to achieve. That's predominantly what I've been doing. I've effectively offloaded a lot of thinking to the agents and LLMs that I use, but none of the understanding. I've asked myself, "How do I maintain that understanding, though maintain the determinism from my steering, without actually physically being there to steer?" This was essential, and I realized or had a bit of an aha moment, just like how I manage teams of engineers that are working on numerous projects, most of which I can never really go too deeply on even though they do most of the thinking, most of the building, and even most of the implementation planning, I was still there, very close to the architecture. I could speak to enough breadth and enough depth to keep us out of trouble and keep things moving I kind of started thinking more about what the shape of me was within the agentic harness and how I could replicate that. More on what I landed on a little bit later. My Setup and How I Work Today To start, I'll probably just talk a little bit about my current working setup. I am predominantly in the terminal now a days using Claude Code. Claude Code orchestrates both the Claude models, of course, and I use it to orchestrate Codex through a series of run books, skills, and commands that I have set up on several hooks so that Codex, when it gets dispatched, also has access to the same skills and agent personas Claude does. I use Ghostty as my terminal of choice and use the IDE integration in claude code pretty heavily to review Markdown or HTML files in my IDE. I also use it to review code snippets and diff reviews, although lately I find myself only really looking at the code nowadays once it's hit a merge request. Some of my adjacent tools are Wispr Flow for faster steering, since I can speak a lot faster than I can type and then I use quite a few MCPs and tools to improve my token usage, but the big ones are I have a custom doc maintenance suite of