Reading through the discussion I was also thinking of the other fly.io blog post around their setup with macaroon tokens and being able to quite easily reduce the blast radius of them by adding more caveats. Feels like you could build out some kind of capability system with that that might mitigate some risks somewhat.
I’ve been a year deep into my first job out of tech. There is a never ending slew of problems where being able to code, specially now with AI, means you have wizard-like powers to help your coworkers.
My codebase is full of one-offs that slowly but surely converge towards cohesive/well-defined/reusable capabilities based on ‘real’ needs.
I’m now starting to pitch consulting to a niche to see what sticks. If the dynamic from the office holds (as I help them, capabilities compound) then I’ll eventually find something to call ‘a product’.
That made me remember that one time many years ago, when I had a friend who literally called me a wizard.. He was working as a shift manager at a call center, and one of his most difficult tasks he kept ranting about was scheduling employees, who were not the most consistent bunch, and had varied skillset, yet he had to meet very strict support availability requirements.
He kept ranting about what a b*tch of a problem that was, every time we went out drinking, and one day, something got into me, and thought there must be some software that can help with this.
Surely there was, and I set up a server with an online web UI where every employee could put in when they were able to work, and the software figured out how to assign timeslots to cover requirements.
I thought it was a nice exercise for me in learning to admininster a linux server, but when I showed it to my friend, he looked me in the eye and told me I a saved him a day of work every week, and called me a wizard :D
It occured to me, how naturally part of the programming profession is to make things in fixed amounts of time, that turn difficult and time consuming tasks a human needed to do into something that essentially just happens on its own.
The problem we have as software engineers (from an entrepreneur's pov) is that we mostly struggle with stuff that's removed from the client's problem.
I mean it in terms of owning the solution to a problem, being accountable/responsible for something working e2e not just the software or even the product - the service/experience of the customer that makes them want to give you money. Once you put on another hat - guess what - you'd probably be the star of some operations team or a great supervisor of some department. You would automate everything around you to a point others think you're the most capable person they've ever seen in that role.
Just wrapped up my own module for this. Remixed my worktree workflow with a lima wrapper. I wanted to go head first to giving Claude Code full autonomy but realized capability and prevention need to go hand in hand
Next step for me is creating a secrets proxy like credit card numbers are tokenized to remove risk of exfiltrating credentials.
Edit: It’s nice that Deno Sandbox already does this. Will check it out.
I agree with you in spirit but this harms the potential for these new products to emerge. You’re saying you don’t want them to be able to accrue a data moat. It sounds good for user privacy and optionality later on but it makes it harder for these services to get started as they dont see that model as possible.
I have a directory called workspace where there’s a projects directory and the main area is for messing around. Just setup workspace once as a project.
You can activate the uv venv from anywhere just fine, just do source path_to_sandbox/.venv/bin/activate. Probably makes sense to define a shortcut for that like activate sandbox. Your conda env is also linked to a directory, it’s just a hidden one, you can also create the uv obe somewhere hidden. But I get it to some extent conda has this large prefilled envs with a lot of stuff in it already that work together. Still if you then end up needing anything else you wait ages for the install. I find conda so unbearable by now that I voluntarily switch every conda thing I have left over to uv the second I need to touch the conda env.
Spot on, this is a solid abstraction to build upon. I always felt MCP was a misstep in comparison to OpenAI’s focus on OpenAPI specs. HATEOAS is the principle that has become more useful as agents drive applications.
reply