Brex open-sources an HTTP proxy that judges whether your agent's actions are safe.
Top Signal
CrabTrap: Brex Open-Sources LLM-as-a-Judge HTTP Proxy for Agent Security
new tool
HN Front Page
Brex released CrabTrap, an open-source HTTP proxy that sits between your AI agents and external services, using an LLM to evaluate whether each outbound request is safe before it executes. Instead of hardcoding allowlists or regex rules, you define policies in natural language and CrabTrap judges each action against them in real time. This addresses the #1 blocker for deploying autonomous agents in production: preventing them from taking harmful actions on real systems. The architecture is a transparent proxy — drop it in front of any HTTP-calling agent without changing agent code. If you're running agents that touch APIs, databases, or third-party services, this is the missing guardrail layer. Star the repo, read Brex's engineering blog post on design decisions, and evaluate it against your agent deployment pipeline.
Read more →
Fast Signals
Claude Code Pricing in Flux — May Leave Pro Plan Entirely
platform change
Simon Willison, HN Front Page, r/LocalLLaMA
Anthropic quietly updated their pricing page suggesting Claude Code may require a separate $100/month plan, then walked it back as 'confusing.' Simon Willison, HN, and r/LocalLLaMA all covered the chaos. If you depend on Claude Code in your workflow, watch this closely — and have a fallback plan with local models or OpenClaw-style wrappers (which Anthropic just re-allowed).
Link →
Roo Code Shuts Down at 3M Installs, Pivots to Cloud-Based Roomote
platform change
r/LocalLLaMA
The Roo Code VS Code extension — a popular Cline alternative — is being discontinued. The team is going all-in on Roomote, a cloud-based coding agent. If you're a Roo Code user, start migrating now. The broader signal: local VS Code extensions may be losing ground to cloud-native agent platforms.
Link →
Moonshot Open-Sources FlashKDA — 2.2x Faster Kimi K2.6 Inference Kernels
new tool
r/LocalLLaMA
Moonshot released FlashKDA, CUTLASS-based kernels implementing Kimi's Delta Attention mechanism. Benchmarks show 2.22x speedup over the Triton baseline on H20 hardware. If you're self-hosting Kimi K2.6, these kernels are the difference between viable and too-slow inference at scale.
Link →
Claude Mythos Preview Finds Real Zero-Days in Firefox 150
research to practice
Simon Willison
Mozilla and Anthropic used an early version of Claude Mythos Preview to audit Firefox source code, finding and fixing actual zero-day vulnerabilities shipped in Firefox 150. This is the clearest evidence yet that LLMs can do meaningful security auditing — not toy CTF challenges, but production browser code.
Link →
SpaceX Acquires Cursor for $60B — Coding Agent Market Consolidates
platform change
HN Front Page
SpaceX announced an agreement to acquire Anysphere (Cursor) for $60 billion. If you build on Cursor or its API, expect product direction changes. The acquisition signals that coding agents are now strategic infrastructure, not just developer tools.
Link →
Ctx: Cross-Agent Session Persistence for Claude Code and Codex
new tool
HN Show
A new SQLite-backed tool that stores workstream context — decisions, todos, notes — and makes it resumable across both Claude Code and Codex sessions. If you switch between coding agents or lose context between sessions, this is a practical fix you can install today.
Link →
Radar
Ling-2.6-Flash Unmasked as Stealth 'Elephant Alpha'
The mystery model that made waves on benchmarks days ago turns out to be Ling-2.6-Flash. Worth watching if it gets open weights — another strong contender in the flash-tier model race.
Link →
Daemons: Pivoting from Building Agents to Cleaning Up After Them
Charlie Labs shut down their coding agent to build 'Daemons' — tooling for monitoring and fixing agent-generated code in production. The pivot itself is the signal: agent cleanup is becoming its own category.
Link →
GoModel: Open-Source AI Gateway in Go
A solo-founder-built AI gateway that routes between OpenAI, Anthropic, and other providers. Lightweight alternative to LiteLLM if your stack is Go-native.
Link →
Convergence Watch
kimi k2.6
TRENDING
12 mentions across r/LocalLLaMA, HN Front Page
Day 2 of intense Kimi K2.6 coverage. GGUF quants now available from both Unsloth and ubergarm, FlashKDA kernels shipped, and real deployment guides appearing. Moving from 'interesting release' to 'production-viable open alternative to Opus 4.7' in community perception.
claude code ecosystem
TRENDING
6 mentions across Simon Willison, HN Front Page, r/LocalLLaMA
Fifth consecutive day. Today's signal is pricing uncertainty — possible Pro plan removal, $100/month standalone pricing, and OpenClaw re-allowed. Combined with Ctx cross-agent persistence and claude-context MCP on GitHub Trending, the ecosystem is simultaneously growing and destabilizing.
qwen 3.6
TRENDING
8 mentions across r/LocalLLaMA, HN Front Page
Fourth consecutive day. Qwen3.6-Max-Preview live with 617 HN points. Community now publishing local deployment configs, head-to-head comparisons with Gemma 4, and coding agent benchmarks. The 35B-A3B MoE variant is becoming the default local coding model recommendation.
vercel security incident
3 mentions across HN Front Page
Third day of coverage. New details: the breach originated from a Roblox cheat tool combined with an AI tool exploiting OAuth flows. Trend Micro published a full technical analysis. If you deploy on Vercel, rotate your environment variables now.
coding agent platform shifts
5 mentions across HN Front Page, r/LocalLLaMA, Simon Willison
Three independent signals in one day: Cursor acquired by SpaceX, Roo Code shutting down, Claude Code pricing in flux. The coding agent market is consolidating and repricing simultaneously. Builders should diversify their toolchain.