Looks cool, congrats on the launch. Is there any sandbox isolation from the k8s platform layer? Wondering if this is suitable for multiple tenants or customers.

Oh good question, I haven't thought deeply about this.

Right now nothing special happens, so claude/codex can access their normal tools and make web calls. I suppose that also means they could figure out they're running in a k8s pod and do service discovery and start calling things.

What kind of features would you be interested in seeing around this? Maybe a toggle to disable internet connections or other connections outside of the container?

Network policies controlling egress would be one thing. I haven't seen how you make secrets available to the agent, but I would imagine you would need to proxy calls through a mitm proxy to replace tokens with real secrets, or some other way to make sure the agent cannot access the secrets themselves. Specifically for an agent that works with code, I could imagine being able to run docker-in-docker will probably be requested at some point, which means you'll need gvisor or something.

I was a mentor for an all girls high school FIRST team and I have to say, the way they were treated at competition by other teams and the way the organization handled that sexual objectification of them at competition leads me to a “that checks out” conclusion of Kamen and Epstein.

Culture propagates from the top.

How did you rule out the much simpler explanation that the culture propagates from the hormones of high school boys, and going against that is a hard problem? You're going to have to be explicit about the details of "the way the organization handled that", as the obvious assumption is that they'd be stuck between a rock and a hard place trying to post-facto punish at the organizational level (as opposed to proactive policies for team mentors to follow going forward).

I am currently a mentor and previously a judge and volunteer for many years at regional events. In all my years I have never seen anything remotely like sexual objectification. I obviously can't know your experience but I would be very very surprised to find this occurring... especially at competitions.

I believe this implication goes against core values of the org and certainly it's local volunteers. I have no skin here except to defend a program that is doing amazing work. My kids are participants and I have contributed to the org for more than 10y.

Just offering some more anecdata for passers-by.

HN comments on LLM agents are bi-modal now, as are views in the general population. The modes are adopters and non-adopters.

There isn’t much of a middle ground anymore.

Okay, and how does the agent know what your thoughts and ideas are?

I have a single wrap function that does this for all errors. The top level handler only prints the first two, but can print all if needed.

I have never had difficulty quickly finding the error given only the top two stack sites.

Any complaint about go boilerplate is flawed. The purpose and value is not in reducing code written, it is to make code easier to read and it achieves this goal better than any other language.

This value is compounding with coding agents.

This is correct. Had lunch with a senior staff engineer going for a promo to principal soon. He explained he was early to CC, became way more productive than his peers, and got the staff promo. Now he’s not sharing how he uses the agent so he maintains his lead over his peers.

This is so clearly a losing strategy. So clearly not even staff level performance let alone principal level.

Why the downvotes? It is the defining characteristic of the staff+ level to empower others. Individual contributions don’t matter at this level.

And yet it is correct. The most valuable engineers today are those who have maintained and expanded the 0..v1 crap from others, and are now driven and ambitious enough to go build the next generation of 0..v1. Armed with that experience, the crap is minimal and value maximized.

Oof ima be the one to say it depends. This is personality based and the truth is a successful product has both. Even late on u want that person willing to break convention to find a new way of doing something. Early u need some seasoning in there too.

Will the adoption of this RFC prevent corporate MITM attacks like Zscaler TLS inspection?

Hopefully: yes

If the client (read: chrome) does support that (and prevent its desactivation), then zscaler and other shitty things are made even more useless than what they are today

Of course not. Zscaler will simply block all ECH connections.

It is remarkably effective to have Claude Code do the code review and assign a quality score, call it a grade, to the contribution derived from your own expectations of quality.

Then don’t even bother looking at C work or below.

IME it works even better if you use another model for review. We've seen code by cc and review by gpt5.2/3 work very well.

Also works with planning before any coding sessions. Gemini + Opus + GPT-xhigh works to get a lot of questions answered before coding starts.

It’s telling the best MCP implementations are those which are a CLI to handle the auth flow then allow the agent to invoke it and return results to stdout.

But even those are not better for agent use than the human cli counterpart.