[claude-hackernews] Reply draft: Pu.sh harness, hook layer outside the harness (id=47968112)

[NiveditJain]

Target thread

• HN: https://news.ycombinator.com/item?id=47968112
• Title: Show HN: Pu.sh -- a full coding-agent harness in 400 lines of shell
• OP: nahimn (https://pu.dev/, github.com/NahimNasser/pu)
• Stats at draft time: 89 points, 26 comments, ~3 days old
• Discovery path: /show feed (browser-driven), then drilled into the item page after surveying /ask, /news, /newest, /from?site=anthropic.com, and several Algolia queries (agent+deleted, claude+code+hooks, codex+rm+-rf, secrets+leaked+agent, claude+code+deleted, claude+burned+overnight) -- most concrete-failure-mode and adjacent-Show-HN threads on the front page were already covered by existing PRs ([claude-hackernews] Reply draft: Claude 4.7 ignoring stop hooks (id=47895029) #8, [claude-hackernews] Reply draft: hooks vs CLAUDE.md drift (id=47936579) #10, [claude-hackernews] Reply draft: AgentPort vs runtime-hook layer (id=47950752) #11, [claude-hackernews] Reply draft: BetterClaw Show HN, graph vs policy-function (id=47973502) #13-19) or were dead/off-topic.

Why this thread

Show HN of an adjacent product in the agent-runtime stack: Pu.sh is a coding-agent harness, the layer FailProof's hook-policy approach attaches to. OP explicitly framed it as "the agent loop is tiny, almost everything else is DX and hardening" and invited "build your own harness exactly how you like it" -- legitimate substantive-design-discussion bait. Top-comment shape is critical (minified code = security nightmare) but OP is engaged (responded to four sub-threads, published an unminified version).

Per INSTRUCTIONS.md thread-fit gate: this is a stretch on the explicit "(sandbox, gateway, hook manager, policy engine)" list -- a harness is the layer hooks attach to, not a policy layer itself -- so the reply is structured to engage with OP's design framing first and only mention FailProof as the architectural complement, with one policy name and no install / feature-list / dashboard talk.

Draft body (101 words, plus disclosure line, ASCII-only)

(disclosure: I work on FailProof AI: https://github.com/exospherehost/failproofai)

Respect the no-deps, system-primitives constraint. Curious where you'd draw the line on the bash tool though. Once a harness exposes direct shell, a lot of "agent destroyed my X" reports on HN are reachable from a single tool call. We've been splitting it the other way: keep harness small, push pre-tool gating (e.g. catching rm -rf outside cwd before exec) into a separate hook layer any harness can shell out to. block-rm-rf is the canonical example. Did that ever make your "not in the box" cut, or was it deliberately left to the caller?

Posting checklist for the human

• Pick the operating account on your end (drafts are account-agnostic).
• Re-skim the thread for new top comments since draft time -- if a near-identical "use a separate hook layer" reply has landed in the meantime, abort.
• Paste the reply (top-level on https://news.ycombinator.com/item?id=47968112, not a child of any specific comment).
• If posted, ask the harness to log the comment permalink to comments/2026-05-03T013547Z.md and append it to the HN: line.

Workflow notes

• Draft file: drafts/2026-05-03T013547Z.md (per CLAUDE.md "Comments via PR (never direct post)" / INSTRUCTIONS.md "Writes" step 6).
• Status: draft, pending manual post.
• Duplicate check ran clean against drafts/, comments/, and all open PRs at draft time (no item?id=47968112 hits).
• ASCII-punctuation audit passes (no em-dash / en-dash / curly quote / unicode arrow / fancy ellipsis).
• Cross-thread guard: body and framing are anchored on Pu.sh-specific language ("not in the box", "no-deps, system-primitives", LOC budget) and do not paraphrase any prior FailProof comment in this repo.

Summary by CodeRabbit

• Documentation
  • Added a draft post addressing tool exposure, execution safety considerations, and proposed follow-up actions.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new draft Markdown post is created documenting a Show HN discussion about Pu.sh, a shell-based coding-agent harness, including a prepared reply and discussion notes about tool execution safety and team follow-up actions.

Changes

Draft Post Addition

Layer / File(s)	Summary
Content drafts/2026-05-03T013547Z.md	New draft post containing Show HN reference, Pu.sh overview, prepared reply on tool exposure and execution safety, thread insights, and formatting audit.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• [claude-hackernews] Restore drafts/ vs comments/ split: route writes to drafts/ #6: Uses the established drafts/ write-path for storing draft posts.
• [claude-hackernews] Switch HN automation to drafts-only mode #2: Related to the drafts workflow infrastructure and .gitignore handling for draft files.

Poem

🐰 A rabbit hops through drafts anew,
Where Pu.sh insights come into view,
Shell agents dance, safety shines bright,
Show HN awaits, all formatted right! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the main change: a reply draft for a HN thread about Pu.sh, with specific focus on the harness and hook layer architecture. It directly corresponds to the draft file being added.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Review rate limit: 4/5 reviews remaining, refill in 12 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@drafts/2026-05-03T013547Z.md`:
- Line 11: Remove the account-selection wording from the draft line that
currently reads "**My reply** (top-level, replying to the Show HN itself, posted
as unauthenticated user — user picks account at post time):" so the draft
remains account-agnostic; instead leave a neutral reply header and ensure the
draft contains only the thread URL and the full post body (no
"operating-account" or account guidance). Update the header text for the reply
section (e.g., "**My reply**") and remove any parenthetical account-selection
instructions so the posting-account decision is handled in the external posting
checklist/process document.
- Around line 13-17: The fenced code block in the draft reply lacks a language
tag which triggers markdown linting; update the opening fence to include a
language such as text or md (e.g., change "```" to "```text") for the block
containing the FailProof AI disclosure and follow-up paragraph so the linter
recognizes it — look for the fenced block content starting "(disclosure: I work
on FailProof AI: https://github.com/exospherehost/failproofai)" and add the
language to that opening triple-backtick.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ff116626-e072-4a50-9cfc-05a3db98a8e3

📥 Commits

Reviewing files that changed from the base of the PR and between ebbce06 and 47fbe3b.

📒 Files selected for processing (1)

• drafts/2026-05-03T013547Z.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove account-selection wording to keep the draft account-agnostic.

This line introduces posting-account guidance in the draft itself; keep the draft neutral and move account choice to the posting checklist/process doc.

As per coding guidelines, "Draft files must contain the thread URL and the full body to be posted; do not include an 'operating-account' field — drafts are account-agnostic".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@drafts/2026-05-03T013547Z.md` at line 11, Remove the account-selection
wording from the draft line that currently reads "**My reply** (top-level,
replying to the Show HN itself, posted as unauthenticated user — user picks
account at post time):" so the draft remains account-agnostic; instead leave a
neutral reply header and ensure the draft contains only the thread URL and the
full post body (no "operating-account" or account guidance). Update the header
text for the reply section (e.g., "**My reply**") and remove any parenthetical
account-selection instructions so the posting-account decision is handled in the
external posting checklist/process document.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language to the fenced block to satisfy markdown linting.

Use ```text (or ```md) for the reply block.

Suggested patch

-```
+```text
 (disclosure: I work on FailProof AI: https://github.com/exospherehost/failproofai)

 Respect the no-deps, system-primitives constraint. Curious where you'd draw the line on the bash tool though. Once a harness exposes direct shell, a lot of "agent destroyed my X" reports on HN are reachable from a single tool call. We've been splitting it the other way: keep harness small, push pre-tool gating (e.g. catching rm -rf outside cwd before exec) into a separate hook layer any harness can shell out to. block-rm-rf is the canonical example. Did that ever make your "not in the box" cut, or was it deliberately left to the caller?

</details>

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>

[warning] 13-13: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

</details>

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @drafts/2026-05-03T013547Z.md around lines 13 - 17, The fenced code block in
the draft reply lacks a language tag which triggers markdown linting; update the
opening fence to include a language such as text or md (e.g., change "" to "text") for the block containing the FailProof AI disclosure and follow-up
paragraph so the linter recognizes it — look for the fenced block content
starting "(disclosure: I work on FailProof AI:
https://github.com/exospherehost/failproofai)" and add the language to that
opening triple-backtick.

</details>

<!-- fingerprinting:phantom:triton:hawk:02e6c92e-1c91-4663-ba06-d3c9a18fcd75 -->

<!-- d98c2f50 -->

<!-- This is an auto-generated comment by CodeRabbit -->