Projects
Developer Matt Coles has built lgtmaybe, a provider-agnostic PR reviewer supporting six model backends with a single --provider flag, shipping as a PyPI CLI and GitHub Action. He also maintains a home…
Developer Matt Coles has built lgtmaybe, a provider-agnostic PR reviewer supporting six model backends with a single --provider flag, shipping as a PyPI CLI and GitHub Action. He also maintains a home…
The Sovereign SDK version 1.0.1 has been released on PyPI as a Python-native framework that eliminates conversational overhead in AI agent communications while generating cryptographic forensic receip…
Perplexity launched Bumblebee, an open-source read-only scanner that checks developer machines for risky packages, extensions, and AI tool configurations during supply-chain incidents. The tool, avail…
A developer expanded their AI-agent security benchmark from 10 to 16 scenarios, revealing that Claude Code Sonnet 4.6 scores +9 out of 16 while Haiku 4.5 scores only +3. The original tie between the t…
A cybersecurity prediction log forecasts a wave of low-skill attackers exploiting CI/CD configuration files (GitHub Actions, GitLab CI, CircleCI) at scale, beginning in Q3 2026. The prediction disting…
The article introduces **django-deploy-probes**, a small Django package that provides standardized health check endpoints (`/healthz`, `/readyz`, `/startupz`, `/version`) for production deployment wor…
Perplexity released Bumblebee, an open-source security scanner for macOS and Linux that detects risky packages, browser extensions, editor extensions, and AI tool configurations in local developer env…
The article introduces **llm-nano-vm v0.8.0**, a deterministic Finite State Machine (FSM) runtime for LLM pipelines that flips the typical architecture by making the runtime the orchestrator rather th…
Agentra is an open-source enterprise AI engineering control plane designed to manage and secure AI coding agents like Cursor, Claude, and Copilot. It sits between developers and coding agents to enfor…
Agentleash, a lightweight Python guardrail library (~280 lines) designed to enforce safety controls on LLM agents like Hermes Agent by intercepting tool calls at the function boundary. It implements f…
Pip 26.1 introduces dependency cooldowns, which enforce a waiting period before freshly published packages can be installed, and experimental support for `pylock.toml` lockfiles from PEP 751. The cool…
Process of registering the "CLI Market" server on the official MCP Registry, which involved creating a `mcp.json` file, proving ownership by embedding a specific HTML comment in the PyPI package's REA…
A maximum-severity vulnerability, tracked as CVE-2026-45829, has been discovered in the Python FastAPI version of the open-source AI database ChromaDB, allowing unauthenticated attackers to execute ar…
A developer has released an open-source supply-chain audit script, "Mini Shai-Hulud," designed to detect the TanStack Router and Mistral AI supply-chain attacks. The bash script checks for specific SH…
The PyTorch Lightning deep-learning framework was compromised on PyPI, with versions 2.6.2 and 2.6.3 containing a credential-stealing worm called Shai-Hulud. The malware activates when Python code run…