← AI Hacker Daily

Edition

06

picks

The agent runs while you're elsewhere.

The agent runs while you're elsewhere. Today's tools are for the elsewhere. The weekend's loudest agent story was Zuckerberg telling Reuters that agent development is going slower than expected, with a 97-point cost-breakeven essay ("When AI Costs More Than the Engineer") right behind it — the mainstream read is that unattended work is late and expensive. The builders in today's pool aren't waiting for better autonomy; they're engineering around the attendance problem. Every pick assumes the agent keeps working after you leave the desk and answers what "away" needs: the secrets stay home (agent-vault), the approval button follows you to a lock screen (CodeMote), review happens on the rendered page (Sidenote), bug reports happen inside the running app (Heckle), and the work survives the session that started it (Handoff). Dropped as news or paper: the GPT-5.6-Sol-Ultra-in-Codex announcement, the Dartmouth AI-tutor effect-size PDF, and the does-code-cleanliness-affect-agents arXiv study. Open Science (a three-day-old open workbench answering Claude Science) is real but for scientists, not our lane. Two 16.5k-star establisheds re-trending — Steve Yegge's Gas Town and steipete's CodexBar — are in the footer.

01

agent-vault — the agent uses your credentials without ever holding them

An open-source credential proxy from Infisical (the secrets-management company) that sits between your agent and the internet. Agents route outbound traffic through it via `HTTPS_PROXY`; their config holds only dummy placeholders like `__anthropic_api_key__`, and the proxy substitutes the real credential into the request on the way out. A prompt injection can make the agent do plenty of stupid things, but it cannot exfiltrate a secret the agent never possessed. You also get egress filtering and a request log — which endpoints your agent actually called, with which identity. Ships as a single binary for macOS/Linux (one curl install) or Docker, SQLite by default, Postgres for production, management UI included. 1,820 stars since March, pushed yesterday. This is the credential version of a pattern we keep seeing: enforcement at the layer the agent can't talk its way around, not advice in a prompt. It's designed to run on a separate machine from the agents precisely because the agents are the untrusted parties. Reach for it the moment agents run anywhere you aren't watching — remote boxes, sandboxes, overnight jobs. Delete the `.env` full of live keys you've been copying into every agent sandbox. Tradeoffs: it's a man-in-the-middle proxy, so it terminates TLS and you're trusting its CA and its box with everything; and the license is MIT except an `ee` directory of paid enterprise features — read the boundary before you build on it.
github.com/Infisical/agent-vault

02

CodeMote — the approval prompt moves to your lock screen

An iPhone/iPad app that gives you a live window into CLI agents running on your machine or VPS — Claude Code, Codex CLI, Gemini CLI, opencode, aider, "if it runs in your terminal, it runs in CodeMote." The concrete trick is the lock-screen terminal: streaming agent output and git diffs in real time, with a push notification when the agent hits an approval gate, so the "press y to continue" moment no longer requires being at the desk the agent is chained to. Connections are direct encrypted tunnels over devtunnel, Tailscale, or ngrok — no relay server holding your code. Multiple simultaneous sessions, one per agent. #9 on Product Hunt today at 103 votes. The honest framing: agents already run for twenty unattended minutes and then block on a permission prompt nobody is there to answer — which is the worst of both worlds, and exactly the "new thing to attend to" the twoheads essay named last week. This makes the blocking prompt ambient instead of desk-bound. Reach for it if your agent sessions regularly outlive your attention span or your lunch. Delete the SSH-from-the-phone-keyboard ritual. Tradeoffs: closed source, free for a month and paid after (price unstated at launch), and you are — soberly, deliberately — putting the approve button for a code-writing agent on a phone lock screen.
www.producthunt.com/products/codemote-remote-control-for-any-ai

03

Sidenote — comment on the rendered page, an agent writes the git diff

An MIT npm tool (`remark-sidenote` plugin plus `sidenote-cli`) that puts a Google-Docs-style comment layer on your rendered markdown site in dev mode. Select a passage in the browser, leave a comment — "this paragraph buries the point," "wrong date" — and the CLI hands it to `claude` or `codex` on your PATH, which resolves the comments into a clean git diff you approve or reject, still in the browser. It works where remark renders your markdown (Next.js blogs are the stated target), has a mock-agent mode for trying it without an LLM, and shipped with published npm packages and CI on day one. The insight is about *where* review happens: you don't proofread your site in the source files, you proofread it rendered — and until now the fix meant finding the source paragraph, describing the change to an agent, and checking the result. This collapses that loop to the page itself. Reach for it on any markdown site you revise more than you write. Delete the copy-the-paragraph-into-the-chat-and-explain-where-it-lives step. Tradeoffs: created yesterday, two stars, remark-based markdown sites only — a fresh bet, but it's MIT, local, and small enough to read before you trust it.
github.com/bharadwaj-pendyala/sidenote

04

Heckle — talk at the bug, the agent gets the whole crime scene

An MIT CLI that wraps your dev server (`heckle dev -- npm run dev`) and adds a hotkey overlay to the running app. When something breaks, you speak or type what's wrong; Heckle captures the DOM state, console errors, network activity, and your recent actions, and converts the complaint plus evidence into a task for Claude Code, Cursor, or Codex — you review the proposed fix before it's applied. No agent configured? It writes the task to a file instead. The pitch is the anti-screenshot: the context your agent actually needs to reproduce a frontend bug is exactly the context you were about to describe badly. This is the same move as Sidenote one layer down — feedback originates at the artifact, arrives at the agent with its evidence attached — and it's the natural companion to last week's supervision tools: those watched the code being written, this catches what slipped through at runtime. Reach for it during agent-heavy frontend work, where you're the QA department for code you didn't write. Delete the screenshot-annotate-paste-explain bug report. Tradeoffs: created yesterday, one star, needs Node 24+, and it brings its own reasoning model — local Ollama (qwen3:14b, ~16GB RAM) or an OpenAI/DeepSeek/Gemini/Groq key — on top of the coding agent you already run.
github.com/rbsriram/heckle

05

Handoff — the session ends; the work gets a verified will

An MIT Claude Code skill that writes a `HANDOFF.md` when a session winds down — but the mechanism is the product: before writing any claim, it re-checks reality. Git status, log, and diff establish what actually changed; every file mentioned gets re-read to catch hallucinated descriptions; stated test results come from re-running the tests, not from memory. Each entry lands tagged `[V]` (verified) or `[?]` (recalled, unverified), and the next session re-verifies the `[V]` claims and surfaces any drift. What it chooses to preserve is the right list too: failed approaches, design decisions, known pitfalls — the things a fresh session can't rediscover cheaply and will otherwise re-attempt. Install is a git clone into `~/.claude/skills/`. Thursday's edition was about grounding a session's start — maps of the code, the corpus, past transcripts. This is the other end of the same blindness: continuity at session death, for exactly the long half-attended runs the rest of today's picks enable. The `[V]`/`[?]` split is the difference between this and every hand-written "where I left off" note that turns out to be wrong about what got committed. Reach for it on multi-day work that outlives context windows. Delete the morning ritual of re-explaining yesterday to a fresh session. Tradeoffs: created yesterday, seven stars, Claude Code-only, and verification isn't free — it spends end-of-session tokens re-reading files and re-running tests to earn those `[V]` tags.
github.com/ostikwhy-blip/claude-code-handoff-skill

06

Off the thread but worth knowing: the pool's two biggest products today are both 16.5k-star establisheds re-trending, not launches. **Gas Town** (github.com/gastownhall/gastown, MIT, created December, `brew install gastown`) is Steve Yegge's multi-agent workspace manager — git-backed work state, agent mailboxes, a "Beads ledger" instead of agent memory, built to keep 20–30 concurrent agents coherent across Claude Code, Copilot, Codex, Gemini, and most of the CLI-agent field; it first crossed our pool May 16 and is having another moment. **CodexBar** (github.com/steipete/CodexBar, MIT, created November) is steipete's macOS menu-bar readout of your Codex and Claude Code usage and quota without logging in anywhere — the glanceable half of the fleet-ops story. Neither is new; the sustained pull toward operating agents like infrastructure is the signal.

One of these,
every weekday.

Free. Unsubscribe by replying with one word. No tracking pixels in the email.

2026-07-06 — AI Hacker Daily