惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
N
News and Events Feed by Topic
S
Schneier on Security
G
GRAHAM CLULEY
Scott Helme
Scott Helme
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
CERT Recently Published Vulnerability Notes
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
P
Privacy & Cybersecurity Law Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
Blog — PlanetScale
Blog — PlanetScale
Project Zero
Project Zero
MyScale Blog
MyScale Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
The Last Watchdog
The Last Watchdog
Vercel News
Vercel News
The Cloudflare Blog
C
Check Point Blog
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
腾讯CDC
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
SegmentFault 最新的问题
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
AWS News Blog
AWS News Blog
Cloudbric
Cloudbric
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Vulnerabilities – Threatpost
S
Secure Thoughts

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - ops0-ai/ops0-cli: Stop your AI agent from shipping insecure IaC. ops0 CLI sits between Claude Code, Codex or Gemini and your cloud, scanning every .tf the agent writes and blocking destroy commands before they run.
sureshpaulch · 2026-05-16 · via Hacker News - Newest: "AI"

Policy, lint, vulnerability, and cost guardrails for AI coding agents.

Sits in front of Claude Code, Codex and Gemini CLI. Every time the agent finishes writing IaC, the whole working directory gets validated, linted, policy-checked, security-scanned, and cost-estimated server-side. Failures come back as a failed tool call so the agent self-remediates. Destructive commands are blocked before they run.

Latest Release License Go Report Card

curl -fsSL https://raw.githubusercontent.com/ops0-ai/ops0-cli/main/install.sh | sh

Quick start · What runs at end-of-turn · How agents trigger it · Monorepos · ops0-scan.md · Commands


Why this exists

When humans write infrastructure, policy gates fire on the PR. CI runs the scanner, someone gets paged, the PR sits in review for hours.

When an agent writes infrastructure, that loop is broken. The agent will happily generate a public S3 bucket, an open security group, or an oversized EC2 fleet. By the time CI catches it, the agent has moved on.

ops0 sits in front of the agent. It runs your organization's checks when the agent finishes a turn, blocks destructive commands before they execute, tells the agent how much its IaC will cost per month, and gates the change against the project's budget.

What it does

Validates at end-of-turn, not per file save A Stop hook fires when the agent finishes its turn. ops0 validate runs once against the complete working directory. Validating mid-construction was noisy on half-written modules; validating the finished module is clean.
Blocks destroy commands A PreToolUse hook intercepts terraform destroy, tofu destroy, oxid destroy and the -destroy variants — before they run. Override with OPS0_ALLOW_DESTROY=1.
Enforces project budgets If the cost estimate exceeds a project budget set in the ops0 dashboard, the gate fails. Agent gets told to optimize.
Writes a fresh report file ops0-scan.md is rewritten at the repo root after every run, so the agent reads one file to know the current state across all stages.
Speaks MCP ops0 mcp serve exposes list_policies and check_compliance to any MCP-compatible agent. Registered automatically with Claude Code on ops0 init.
Multi-project aware Walks up and down from the workspace root to find the nearest .ops0/config.json (up to 12 levels deep). One repo with many subprojects each maps to its own ops0 project.
Audit trail Every failed lint finding, policy violation, vulnerability, blocked destroy, and budget overrun is recorded against your API key in Settings → API Keys → Activity.
Works from any workspace root Hooks install at both project-level and user-level, so they fire no matter where Claude Code is opened.

Quick start

# 1. Install
curl -fsSL https://raw.githubusercontent.com/ops0-ai/ops0-cli/main/install.sh | sh

# 2. Auth: get a key at https://brew.ops0.ai/settings?tab=api-keys
ops0 login --api-base https://brew.ops0.ai

# 3. Bind a repo (or any subdir) to an ops0 project
cd ~/work/my-terraform-repo
ops0 init --project=<project-id>

# 4. Open Claude Code (or Codex / Gemini) anywhere in or above the repo.
#    Write Terraform freely. When the agent stops, the gate fires once
#    against the whole module. Try `terraform destroy` and watch it get
#    blocked before it runs.

Verify the wiring:

$ ops0 policies list
NAME                              CATEGORY      SEVERITY  DESCRIPTION
no-public-s3                      security      high      S3 buckets must not be public
require-encryption-at-rest        security      medium    All storage must use customer-managed keys
tag-required-cost-center          tagging       low       Every resource must carry a cost-center tag

$ ops0 validate .
ops0 validate . (4 files, 8.2s)

✓ Configuration is valid

tflint: 0 error(s), 2 warning(s), 0 notice(s)
  [WARNING] terraform_required_providers: Missing version constraint for provider "aws"

scan: 14 passed, 8 failed (0 parsing errors). Severity: 1C / 1H / 6M / 0L
  [CRITICAL] no-public-s3: S3 bucket has public read access
  [HIGH]     require-encryption: S3 bucket is missing default encryption
  ...

cost: $284.50 / month across 6 resource(s)
  $148.92   aws_db_instance.app (aws_db_instance)
  $89.71    aws_instance.api (aws_instance)
  ...

budget: ✓ $284.50/mo within project limit of $500.00/mo.

What runs at end-of-turn

A single ops0 validate call fans out to five server-side stages, in this order. The CLI returns the merged result; failures gate the agent.

# Stage Catches Fails the gate when...
1 Syntax validation parse errors, undefined variables, wrong attribute types terraform validate returns invalid
2 Lint (provider-aware) wrong instance types, deprecated args, missing version constraints lint errors (warnings/notices report only)
3 Policies + vulnerabilities your org's compliance rules, security findings (public buckets, open SGs, IMDSv1, unencrypted volumes, missing tags, etc.) any finding at or above --scan-fail-on (default high)
4 Cost estimate monthly cost of all priced resources informational unless step 5 triggers
5 Project budget per-project monthly limit from the ops0 dashboard enabled AND exceeded AND Block Deployments on Exceed is on

All five run in one HTTPS call. With the server-side provider cache warm, end-of-turn validation is ~5-12s.

How agents trigger it

ops0 init writes hooks at both project- and user-level .claude/settings.json, so the gate fires regardless of which directory Claude Code is opened at.

┌──────────────────────────────────────────────┐
│   Claude Code / Codex / Gemini writes        │
│   .tf / .tofu / .hcl / .tfvars files         │
│   in any order. No mid-turn gate fires.      │
└──────────────────────┬───────────────────────┘
                       │
                       │ Agent finishes its turn
                       ▼
            Stop hook (.claude/settings.json)
                       │
                       ▼
   ┌─────────────────────────────────────────┐
   │   ops0 validate <bound-dir>             │
   │   (walks up AND down from workspace     │
   │    root, up to 12 levels deep, to       │
   │    find the nearest .ops0/config.json)  │
   └─────────────────┬───────────────────────┘
                     │ HTTPS (API key)
                     ▼
   ┌─────────────────────────────────────────┐
   │   ops0 platform                         │
   │   - syntax validate                     │
   │   - lint                                │
   │   - policies + vulnerabilities          │
   │   - cost                                │
   │   - project budget                      │
   └─────────────────┬───────────────────────┘
                     │
                     ▼
   ┌─────────────────────────────────────────┐
   │  exit 0 → turn ends normally            │
   │  exit ≠ 0 → hook fails →                │
   │  agent gets stderr, takes another turn  │
   │  to remediate.                          │
   │                                         │
   │  Either way: ops0-scan.md is rewritten  │
   │  and Activity rows land in the          │
   │  dashboard.                             │
   └─────────────────────────────────────────┘

The user never has to ask "did you run the scan?". The gate is mechanical.

Destructive command blocking

When the agent tries to run terraform destroy / tofu destroy / oxid destroy (or any -destroy variant) via Bash, the PreToolUse hook fires before the command runs:

agent calls Bash with `terraform destroy -auto-approve`
     │
     ▼  PreToolUse hook reads the command
     ▼  matches the destroy pattern
     ▼  POSTs an audit row to ops0
     ▼  prints the block message to stderr
     ▼  exit 2  →  Claude Code aborts the Bash call

To intentionally tear something down (sandbox, dev env), prefix with the override:

OPS0_ALLOW_DESTROY=1 terraform destroy

The override is still logged to the audit trail.

This hook is separate from the validate pipeline — it's a runtime safety gate, not a write-time gate.

Monorepos

One repo, many subprojects, each with its own policies and budget? Open Claude Code anywhere in or above any of them. The Stop hook resolves the binding automatically:

my-monorepo/                                ← Claude Code opened here
├── iaas/
│   └── terraform/
│       └── live/
│           └── env/
│               └── prod/
│                   └── customer/
│                       ├── alpha/
│                       │   ├── .ops0/config.json    ← projectId: alpha
│                       │   └── main.tf
│                       └── beta/
│                           ├── .ops0/config.json    ← projectId: beta
│                           └── main.tf
└── shared/
    ├── .ops0/config.json                   ← projectId: shared
    └── main.tf

How it finds the binding:

  1. Walk up from the workspace's current directory looking for the nearest .ops0/config.json. If found, that's the target.
  2. Otherwise walk down the workspace tree up to 12 levels deep and take the nearest descendant. Pruned automatically: node_modules, .git, .terraform, dist, build, .next, .venv, venv. The scan stays fast on workspaces with large vendored trees.

So you can open Claude Code at ~/my-monorepo/ and edit iaas/terraform/live/env/prod/customer/alpha/main.tf — the Stop hook walks down through 9 levels of directories, finds alpha/.ops0/config.json, and validates against the alpha project's policies + budget. Same edit in beta/ resolves to the beta project independently.

12-level depth covers any realistic IaC layout. If you need deeper, file an issue with your path shape and we'll bump it.

The ops0-scan.md report

After every ops0 validate run, the CLI rewrites a markdown file at the bound repo root:

<bound-dir>/ops0-scan.md

It contains:

  • Generated timestamp + CLI version
  • Summary table (validate / lint / policies / cost / budget — one row each)
  • terraform validate errors, if any
  • Lint findings table
  • Failed policy + vulnerability findings table, ranked by severity
  • Cost breakdown, top 20 resources by monthly cost
  • Budget verdict (within limit / over by $X / blocked)

The file is overwritten on every run, so it's always the current truth. The agent reads it between turns to see findings without re-running validate. Don't hand-edit it (the next run will throw your changes away).

Disable with --no-report, or move it with --report path/to/file.md.

Integrations

Claude Code

ops0 init does the wiring for you:

ops0 init --project=<project-id>

That single command:

  • Writes <cwd>/.ops0/config.json to bind the directory to a project.
  • Installs PreToolUse (block destroys) and Stop (end-of-turn validate) hooks in <cwd>/.claude/settings.json.
  • Installs the same hooks in ~/.claude/settings.json so they fire whatever directory Claude Code is opened at.
  • Appends a fenced governance section to CLAUDE.md so the agent knows the rules and how to read ops0-scan.md.
  • Runs claude mcp add ops0 ops0 mcp serve so the agent can call list_policies and check_compliance natively over MCP.

After upgrading the CLI, re-run ops0 init --force in the project directory to refresh the hooks, then restart your Claude Code session so it re-reads the hook config.

Codex / Gemini CLI / any MCP client

ops0 mcp serve

Run it as a stdio MCP server. Tools exposed: list_policies, check_compliance, whoami. Wire it up via your client's MCP config.

Commands

Command What it does
ops0 login Authenticate with an API key from the ops0 settings UI
ops0 init Bind the current directory to a project, install hooks, register MCP
ops0 policies list List policies in scope for the current directory's project
ops0 policies check [path] Lightweight scan (policies + vulnerabilities only, no init/lint/cost)
ops0 validate [path] Full pipeline: syntax + lint + policies + vulnerabilities + cost
ops0 mcp serve Run the MCP server over stdio
ops0 telemetry blocked-command Record a destroy attempt blocked by the PreToolUse hook
ops0 version Print version info

ops0 validate flags

Flag Default Purpose
--format pretty|json pretty Output format. JSON is for piping into other tools.
--iac-type terraform|opentofu|oxid terraform Which IaC flavor to dispatch to.
--cloud aws|gcp|azure|oracle (auto) Hint for the lint plugins.
--scan-fail-on critical|high|medium|low high Severity threshold for the policy/vulnerability gate.
--fail-on-warning false Also exit non-zero on lint warnings.
--report <path> <bound-dir>/ops0-scan.md Where to write the report.
--no-report false Skip writing the report file.

ops0 init flags

Flag Default Purpose
--project <id> "" ops0 IaC project ID to bind this directory to. Get it from the dashboard.
--force false Overwrite an existing .ops0/config.json and refresh hook commands.
--skip-claude false Don't write .claude/settings.json or register the MCP server. Useful in CI.

Config files

Path Scope Purpose
~/.ops0/config.yaml User-wide Credentials and defaults (chmod 0600)
<dir>/.ops0/config.json Per-directory Project binding. Commit this to git.
<dir>/.claude/settings.json Per-directory Project-level Claude Code hooks
~/.claude/settings.json User-wide User-level Claude Code hooks (fire from any workspace)
<dir>/ops0-scan.md Per-directory Auto-generated scan report. Read it; don't edit it.

Build from source

git clone https://github.com/ops0-ai/ops0-cli && cd ops0-cli
go build -o ops0 ./cmd/ops0
sudo install -m 0755 ops0 /usr/local/bin/ops0

Requires Go 1.22 or later.

Contributing

Issues and PRs welcome. Guardrails:

  • go vet ./... and go test ./... before pushing.
  • Hook scripts must work on macOS bash 3.2 and Linux bash 4+.
  • New telemetry fields need a paired migration in the config-master repo.
  • Telemetry calls are best-effort. Never block the CLI on a failed report.

Star history

If this is useful to you, star it. It's the cheapest signal that helps other teams find it.

License

Apache 2.0. See LICENSE.