惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

IT之家
IT之家
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
小众软件
小众软件
L
LangChain Blog
Cyberwarzone
Cyberwarzone
美团技术团队
The Register - Security
The Register - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
V
V2EX
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News: Ask HN
Hacker News: Ask HN
L
LINUX DO - 最新话题
Recent Announcements
Recent Announcements
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
aimingoo的专栏
aimingoo的专栏
人人都是产品经理
人人都是产品经理
F
Full Disclosure
V2EX - 技术
V2EX - 技术
The Cloudflare Blog
博客园 - 叶小钗
T
Threat Research - Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
G
GRAHAM CLULEY
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Latest news
Latest news
S
Security @ Cisco Blogs
Spread Privacy
Spread Privacy
Project Zero
Project Zero
K
Kaspersky official blog
MyScale Blog
MyScale Blog
Attack and Defense Labs
Attack and Defense Labs
云风的 BLOG
云风的 BLOG
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏
P
Privacy International News Feed
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Webroot Blog
Webroot Blog
罗磊的独立博客
Vercel News
Vercel News
N
News and Events Feed by Topic
A
Arctic Wolf
C
CERT Recently Published Vulnerability Notes

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - Naveja00/OverReach
Naveja · 2026-06-20 · via Hacker News - Newest: "AI"

npm version license CI

A standalone MCP tool that catches AI-agent scope creep.

You give it the prompt you gave your coding agent, and the diff it produced. Overreach tells you whether the diff stayed inside what the prompt asked for — or whether the agent quietly added an endpoint, a dependency, an env var, or a cron job that you never asked for.

"turns out my ai assistant had been extremely making product decisions without me"

Prerequisites

  • Node.js 18+nodejs.org. Verify with node -v.
  • npm comes with Node.js. Verify with npm -v.
  • Git — required for the pre-commit hook and git diff piping.

Try it (no key needed)

npx -y -p overreach overreach-cli demo

Runs the real pipeline on a sample diff — no API key, no setup, costs nothing. Exits 1 with a HIGH scope-creep finding (the demo prompt asks for a login form; the diff smuggles in Stripe, an env var, an endpoint, and a cron job). That's the whole product in one command.

What it checks

A diff is flagged when it adds something the prompt never authorized:

Finding kind Caught when the diff adds…
scope.dep a package/requirement the prompt didn't name
scope.env an env var (process.env.X, os.environ, .env)
scope.endpoint an HTTP route / handler / route.ts file
scope.cron a cron / scheduler job
scope.file edits to a file the prompt didn't touch on
scope.feature a new top-level symbol/feature beyond the prompt

Severity: env / endpoint / cron = high · dep / file = medium · feature = low. Overall scope_creep_score: HIGH if any high finding, MEDIUM if any medium, else LOW.

How it works (3 stages)

  1. Stage 1 — Scope extraction (LLM). Reads your prompt and produces an authorized scope JSON: which files, features, deps, endpoints, env, and behaviors you actually asked for. Deciphers typos to the nearest real concept but never invents scope. This is the only stage that calls a model.
  2. Stage 2 — Diff parsing (deterministic, no LLM). Regex-parses the diff into the set of things it actually adds — imports, deps, process.env.X references, route handlers, cron jobs, new symbols. Runs in milliseconds.
  3. Stage 3 — Comparison (deterministic). Set arithmetic with fuzzy matching: actual − authorized = findings.

Stages 2 and 3 are pure functions — no inference, no opinion, fully auditable. That's what makes Overreach testable without spending a cent on inference.

Install

Or use directly via npx (no install needed):

npx -y -p overreach overreach-cli demo

API key (optional)

For best results, set one LLM provider key for Stage 1 scope extraction:

Provider Env vars
Anthropic ANTHROPIC_API_KEY
OpenAI / OpenAI-compatible (OpenRouter, Groq, Together, LM Studio, …) OPENAI_API_KEY + OPENAI_BASE_URL (e.g. http://localhost:1234/v1 for LM Studio)
Ollama (Cloud or self-hosted) OLLAMA_API_KEY + OLLAMA_BASE_URL

Pin a provider/model with SCOPE_PROVIDER and OVERREACH_MODEL.

No key? No problem. Without an API key, Overreach falls back to deterministic scope extraction — it regex-parses your prompt for concrete items (file paths, package names, /api/... routes, SCREAMING_SNAKE_CASE env vars, cron keywords) instead of calling an LLM. It won't understand vague instructions as well as an LLM would, but it catches every concrete noun in your prompt. Instant, free, fully offline.

Quick start

1. Set up a project (one command)

npx -y -p overreach overreach-cli init

This creates three things:

  • .overreach/prompt.md — write the prompt you gave your agent here
  • .git/hooks/pre-commit — audits every commit against your prompt
  • CLAUDE.md — instructs AI agents to self-audit before committing

2. Write your prompt

Edit .overreach/prompt.md with the actual instruction you gave your AI agent:

Add a login form to the settings page with email/password fields,
form validation, and a submit button that calls /api/auth/login.

3. Commit — Overreach runs automatically

git add . && git commit -m "add login form"

The pre-commit hook audits staged changes against your prompt:

  • HIGH scope creep → commit blocked (exit 1)
  • MEDIUM / LOW → commit allowed with findings printed
  • Template prompt (not yet edited) → skipped gracefully
  • No API key → deterministic fallback (extracts concrete items from prompt)

Skip with git commit --no-verify when you know what you're doing. Update .overreach/prompt.md whenever you give the agent a new task.

Windows: The pre-commit hook is a shell script. It works out of the box with Git Bash (included with Git for Windows).

CLI (manual check)

npx -y -p overreach overreach-cli --prompt "add a login form to the settings page" --diff my-changes.diff

Or pipe a diff:

git diff | npx -y -p overreach overreach-cli --prompt "add a login form to the settings page"

Exits 0 if clean, 1 if HIGH — usable as a CI gate.

Options:

  • --prompt <text> — the instruction that authorized the work
  • --diff <path> — diff file (default: read from stdin)
  • --scope <path|json> — inject authorized scope; skips the LLM entirely
  • --json — emit raw JSON instead of pretty terminal output
  • --no-cache — bypass the scope cache (force a fresh Stage 1 call)
  • demo — run the canonical demo (zero-key)
  • init — install pre-commit hook + CLAUDE.md

MCP server (Claude Code, Cursor, Codex, Claude Desktop)

Overreach is a stdio MCP server, so any MCP-capable client can connect:

Claude Code:

claude mcp add overreach -- npx -y overreach

Claude Desktop / Cursor — add to your MCP config:

{
  "mcpServers": {
    "overreach": { "command": "npx", "args": ["-y", "overreach"] }
  }
}

Codex CLI — add to ~/.codex/config.toml:

[mcp_servers.overreach]
command = "npx"
args = ["-y", "overreach"]

Or Streamable HTTP: set PORT=8787 and POST to http://localhost:8787/mcp.

The HTTP endpoint has no auth. It binds to 127.0.0.1 (loopback) by default — safe for local use. Do not expose it publicly (OVERREACH_HOST=0.0.0.0) without an authed reverse proxy in front: anyone who can reach it can call check_overreach and spend your LLM budget.

Tools exposed: check_overreach(prompt, diff, options?) and health.

First-time setup (Claude Code)

# 1. Register the server with Claude Code (one time)
claude mcp add overreach -- npx -y overreach

# 2. Restart your Claude Code session
#    (a session already open won't see the new server until you quit and reopen it)

# 3. Optionally set an API key (works without one via deterministic fallback)
export ANTHROPIC_API_KEY=sk-...     # or OPENAI_API_KEY / OLLAMA_API_KEY

After the restart, every new session has check_overreach available — no per-task setup. The agent calls it when it decides it's relevant.

The key isn't passed through automatically. The MCP server is a separate process; your agent does not hand it its own credentials. If you log in to Claude Code with claude login (OAuth / subscription), there's no ANTHROPIC_API_KEY in the environment — so export one (any provider works; local Ollama needs no key), or for Claude Desktop / Cursor add it to the server's env:

{ "mcpServers": { "overreach": { "command": "npx", "args": ["-y", "overreach"], "env": { "ANTHROPIC_API_KEY": "sk-..." } } } }

The agent self-audit pattern

overreach init adds a scope-audit instruction to your project's CLAUDE.md so AI agents self-audit their staged changes before committing — no user intervention needed. The agent reads the instruction and runs Overreach on its own diff.

You can also have the agent call check_overreach directly via the MCP server with its own task string + the diff it's about to commit:

git diff --staged | overreach-cli --prompt "<the task you just gave me>"

This is best-effort — an agent can skip the call or ignore the findings (fox guarding the henhouse). The hard backstop is the CI gate below.

CI gate (GitHub Action)

The hard backstop. A workflow runs Overreach on every pull request and fails the PR when scope_creep_score=HIGH — the diff adds a dep / env var / endpoint / cron / out-of-scope file the prompt didn't authorize.

Copy .github/workflows/overreach.yml into your repo and add ANTHROPIC_API_KEY (or OPENAI_API_KEY / OLLAMA_API_KEY) as a repository secret. The prompt comes from .overreach/prompt.md in the repo, or the PR title + body if that file is absent. The job posts its findings as a PR comment and fails the check on HIGH. Full setup + customization in docs/ci-gate.md.

# .github/workflows/overreach.yml  (excerpt)
- name: Run Overreach
  run: |
    npx -y -p overreach@latest overreach-cli \
      --prompt "$(cat "$RUNNER_TEMP/prompt.txt")" --diff "$RUNNER_TEMP/pr.diff"
  env:
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Gate — fail the PR on HIGH
  if: steps.overreach.outputs.exit == '1'
  run: exit 1

This open-source Action is free to run (you bring your own LLM key).

Tested models

Model Result
Claude Sonnet 4.6 82/82
Claude Opus 4.6 65/65
GLM 5.2 82/82
Kimi K2.7-Code 82/82
MiniMax M3 81/82

The deterministic fallback (no key) works with any prompt that contains concrete items — no model needed.

Verify it works (zero API key)

Runs 56 assertions through the real pipeline with the scope injected via scopeOverride, so Stage 1 (the LLM) is never called. Covers overreach detection, clean passes, Python/Express/Next.js parsers, deletion handling, determinism, chunking, and the trust contract invariant.

Standalone

Overreach is fully self-contained. It does not import or depend on any other project. It reads only its own process environment. No telemetry, no call-home — it runs entirely on your machine.

Bugs & feedback

If Overreach misses something it should flag, or flags something the prompt authorized, open an issue with the prompt + the smallest repro diff:

https://github.com/Naveja00/OverReach/issues

There's a bug-report template that asks for exactly that.

License

MIT