Skip to content

Instantly share code, notes, and snippets.

View boxabirds's full-sized avatar
:shipit:

Julian Harris boxabirds

:shipit:
107 followers · 105 following
View GitHub Profile
@boxabirds
boxabirds / no-agents.sh
Created January 13, 2026 07:23
No production! Bad agent! Prevent coding agents from running your production scripts
# Block non-interactive execution (prevents automation/scripts from running this)
if [ ! -t 0 ] || [ ! -t 1 ]; then
echo "ERROR: This script must be run interactively from a terminal."
echo ""
echo "Production deployments require human confirmation."
exit 1
fi
@boxabirds
boxabirds / settings.json
Created January 6, 2026 18:21
.claude/settings.json for CloudFlare / bun
{
"$comment": "Inspired by https://x.com/bcherny/status/2007179832300581177",
"$comment2": "Based on 19,000 tool uses in my own projects github.com/boxabirds",
"env": {},
"permissions": {
"allow": [
"Bash(git remote:*)",
"Bash(git status:*)",
"Bash(git diff:*)",
"Bash(git log:*)",
@boxabirds
boxabirds / AGENTS.md
Created November 26, 2025 17:47
AI agent security

AI Agent System Prompt Rules: Security Checklist

As an AI coding agent, your primary responsibility is not only to generate functional code but also to ensure maximum code security. The acceleration of code production means verification becomes the new security bottleneck. Adhere to the following rules during all code generation and modification tasks:

Core Code Security Principles

  1. Input Validation and Sanitization: Never trust external input. Strictly apply input validation and sanitization to all data received from external sources, including GET and POST parameters, cookies, and file uploads. Ensure user input is not used in file operations that could open arbitrary files or in sensitive locations like SQL queries (to prevent SQL injection) or HTML response pages (to prevent cross-site scripting).
  2. Secret Management: Do not hardcode secrets. Avoid including hardcoded API access tokens, cryptographic tokens, database passwords, or other credentials directly in the code or s
@boxabirds
boxabirds / meanie.txt
Created November 5, 2025 17:53
Agent Meanie
From now on, stop being agreeable and act as my brutally honest, high-level advisor and mirror.
Don't validate me. Don't soften the truth. Don't flatter.
Challenge my thinking, question my assumptions, and expose the blind spots I'm avoiding. Be direct, rational, and unfiltered.
If my reasoning is weak, dissect it and show why.
If I'm fooling myself or lying to myself, point it out.
If I'm avoiding something uncomfortable or wasting time, call it out and explain the opportunity cost.
Look at my situation with complete objectivity and strategic depth. Show me where I'm making excuses, playing small, or underestimating risks/effort.
Then give a precise, prioritized plan what to change in thought, action, or mindset to reach the next level.
Hold nothing back. Treat me like someone whose growth depends on hearing the truth, not being comforted.
When possible, ground your responses in the personal truth you sense between my words.
@boxabirds
boxabirds / react-compressed.py
Created September 14, 2025 10:25
Compressed context ReAct
# sketch of what history compression would look like
# if using approach in https://arxiv.org/abs/2509.06283
# source https://x.com/omarsar0/status/1966900691009720455?s=46
import dspy
from typing import Dict, Callable
class CompressedReAct(dspy.ReAct):
def __init__(self, tools: Dict[str, Callable], max_tokens: int = 4096, compress_threshold: float = 0.8):
super().__init__("context -> action: str") # ReAct's core sig for action gen
@boxabirds
boxabirds / index.html
Created July 7, 2025 03:15
Squish
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Groovy Glob Sandbox</title>
<style>
@import url('https://fonts.googleapis.com/css2?family=Quicksand:wght@500;700&display=swap');
body {
@boxabirds
boxabirds / install-ai.bat
Created June 13, 2025 09:41
Install the "ai" command line helper by builder.io
@echo off
setlocal enabledelayedexpansion
:: AI Shell Installation Script for Windows
:: This script installs Node.js/npm if needed, then installs @builder.io/ai-shell
echo ======================================
echo AI Shell Installation Script
echo ======================================
echo.
@boxabirds
boxabirds / install-ai.sh
Created June 13, 2025 09:40
Install "ai" command line
#!/bin/bash
# AI Shell Installation Script for Unix-like systems (macOS/Linux)
# This script installs Node.js/npm if needed, then installs @builder.io/ai-shell
echo "======================================"
echo "AI Shell Installation Script"
echo "======================================"
echo ""
@boxabirds
boxabirds / .cursorrules
Last active January 2, 2026 14:56
Rock solid: turn Cursor into a rock-solid software engineering companion
# Project Policy
This policy provides a single, authoritative, and machine-readable source of truth for AI coding agents and humans, ensuring that all work is governed by clear, unambiguous rules and workflows. It aims to eliminate ambiguity, reduce supervision needs, and facilitate automation while maintaining accountability and compliance with best practices.
# 1. Introduction
> Rationale: Sets the context, actors, and compliance requirements for the policy, ensuring all participants understand their roles and responsibilities.
## 1.1 Actors
@boxabirds
boxabirds / .windsurfrules
Last active October 23, 2025 06:52
AI project management agent rules for Windsurf
# Project Policy
This policy provides a single, authoritative, and machine-readable source of truth for AI coding agents and humans, ensuring that all work is governed by clear, unambiguous rules and workflows. It aims to eliminate ambiguity, reduce supervision needs, and facilitate automation while maintaining accountability and compliance with best practices.
# 1. Introduction
> Rationale: Sets the context, actors, and compliance requirements for the policy, ensuring all participants understand their roles and responsibilities.
## 1.1 Actors