How much of this is due to Microsoft Culture of not innovating and buying leading companies with their revenue from windows/office and slowly destroying the aspects of companies that made them great in the first place?
Is all the recent GitHub downtime entirely attributable to GitHub AI Copilot related development? How hard can it be to reduce the blast radius of new AI features to not affect the core parts of hosting repositories? Because of Copilot everywhere, The UX has become bad and I had to click all over the place and on my profile to find repositories.
This is surprisingly good, once you create multiple copies and use each copy as a specialized agent. Maybe we don't need OpenClaw just to manage email, calendar, slack, todo lists etc using natural language.
Agent-kernel has personality, persistent memory, self-modifying capability, using Skills is same as using Skills from Claude code.
Some of the good quotes or analogies in this article:
1 - “It seems like 99% of society has agreed that code is dead.
…It's the same as thinking storytelling is dead at the invention of the printing press. No you dummies, code is just getting started. AI is going to be such a boon for coding.“
2 - Another one comparing writing and coding, and explaining how Code is both a means and an end to manage complexity:
“we're confused because we (incorrectly) think that code is only for the software it produces. It's only partly about that. The code itself is also a centrally important artifact… I think this is a lot clearer if you make an analogy to writing. Isn't it fucking telling that nobody is talking about "vibe writing"?”
Yep that's the implication. Anecdotally this is obvious to me. I'm using LLMs to write Java and C++, and then can churn out generic plumbing with no issues, but novel code for a novel implementation of a novel idea, they have no idea what they're doing.
I'm getting good productivity gains, but it requires a lot of hand holding because AI does not know what it's doing.
On far less novel problems I get far better results.
You do realize that AI seems magical because text response is converted into actions or tool calls. The AI is deciding the order in which the tools get called to fulfill your prompts. True Intelligence of Type 2 and 3 above needs to formulate, plan, analyse tradeoffs, think critically and solve novel unforeseen problems.
This can also be done using existing Vaults or Secrets manager. Hashicorp Vault can do this and agents can be instructed to get secrets, which are set without the agent's knowledge. I use these 2 simple scripts with OpenClaw to achieve this, along with time-scoped expiration. The call to vault_get.sh is inside the agent's skill script so that the secrets are not leaked to LLMs or in any trace logs:
It seems that the architecture you describe still gives the key to the agent (who could email it to red team or perform nefarious actions with it). The advantage of OP's architecture is that the agent never sees the key and you could inspect the request before proxying it. Is that right or do I misunderstand something?
Sort of. The point of Vault is you're supposed to actually use RBAC and least privilege and store NPE credentials that are properly scoped to the actions you're comfortable automating, which your NPE then gets a certificate to fetch on demand, rather than just giving it your own personal root credentials that can do anything.
We're going to see this reinvented thousands of times in the next few months by people whose understanding of security is far poorer than HashiCorp's, via implementations that are nowhere near as well-tested, if tested at all.
The call flow is:
agent -> select skill (ex: reddit) -> execute action in skill -> script or code associated with skill -> get api key -> call reddit -> reddit posts -> agent.
The agent sees the output of the service, it does not directly see the keys. In OpenClaw, it’s possible to create the skill in a way that the agent does not directly know about or use vault_get command.
It would seem in this design that all the tools should be called through a wrapper that understands the vault and provides the credentials to the tool in the right way. How otherwise can curl use the credentials? Curl has no idea that there's a vault somewhere
OpenKanban is pretty cool if you’re on the other end and want to use Terminal for both Coding and Task/Project management. It’s almost as good as a Terminal version of VibeKanban, but not so feature rich - https://github.com/TechDufus/openkanban
That does look great. I will check that out. What is the storage for the tasks? I didn't love the Git worktree flow when I tried vibe kanban, spawning lots of folders seemed like it could get problematic on large codebases - unless I'm missing something and just need to get used to that?
If you intercept what an agent (client) sends to the LLM with multiple MCP servers and tools, the context or header is filled with available MCP servers and all tools as part of the conversation.
With a CLI, you avoid sending this context to the LLM and it progressively discovers only what is needed.
The input token costs come down because of using a CLI instead of MCP
Is all the recent GitHub downtime entirely attributable to GitHub AI Copilot related development? How hard can it be to reduce the blast radius of new AI features to not affect the core parts of hosting repositories? Because of Copilot everywhere, The UX has become bad and I had to click all over the place and on my profile to find repositories.
reply