frontpage.

I’ve been building agentctl, a small Go tool that sits between coding agents and the risky actions they want to take: package installs, shell execution, secret access, file writes, outbound API calls. The design is deliberately narrow and local-first. No HTTP server, no hosted component, no repo-level config sprawl. Everything lives under ~/.agentctl/. Policy is yours, traces are yours.

The workflow I keep coming back to: write a permissive policy, let the agent run for a week, then tighten the rules and replay the old sessions to see what would have been blocked. Much better than guessing at policy upfront, and it’s the part of the tool I didn’t expect to use as much as I do.

Every gated decision gets written to jsonl, so you can grep, diff, or feed traces back through a stricter policy without re-running the agent. There’s also a TUI for browsing sessions, inspecting individual gate decisions, and stepping through replays interactively, which makes it easier to spot patterns across runs.

Currently works with Claude Code and MCP-based clients like Codex.

Still a WIP and mostly a project for myself, but figured others experimenting with coding agents might find it interesting.

GitHub: https://github.com/chocks/agentctl

Evaluating Geekbench 6

Canadian sues DHS over alleged Google data grab tied to social media posts

How to Generate Terraform from Existing AWS Resources

Worlds first OptoSAR Satellite launched

Australian Renewable Energy Hub

Critical RCE found in Obsidian Tasks plugin

AI at Discount

Data Race Freedom in OxCaml

Got the syntax highlighting right, theming too – EaglePress.org v1.43

Show HN: Loxai.tech and Neutboom – Gen AI's frontier of individuality

SpaceX is starting to move on from the most successful rocket

Mojo 1.0 Beta

Why Are Morel Mushrooms Hard to Grow?

Coding plan comparisons based on actual usage

DNA matches identify four more sailors from Franklin expedition

Claude Code CVE-2026-39861:sandbox escape via symlink

Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'

Hexo accidentally made the repository private and lost all stars

Stop paying twice for storage. Use your spare webhosting as your own cloud drive

Thermal event affecting AWS AZ use1-az4

Companies help parents try to pick their babies' traits

Bliss (Photograph)

Silver, Silk, and States: The Spanish Empire and Ming China

SDLC is a power tool, not a compliance document

Anthropic and the Department of War

Summer of Math Expositions(2021-2025) – 3b1B archive

Archive.today requires scanning a QR code on your phone to use

Show HN: AnamDB – An AI-native, differentiable Datalog engine written in Rust

Agentic Coding at ClickHouse

It's time to stop using SMS, here's why [video]