Agent - Native Mac OS X coding ide/harness
jv22222
29 points
6 comments
April 16, 2026
Related Discussions
Found 5 related stories in 47.3ms across 4,686 title embeddings via pgvector HNSW
- Agent Safehouse – macOS-native sandboxing for local agents atombender · 479 pts · March 08, 2026 · 69% similar
- Agents that run while I sleep aray07 · 288 pts · March 10, 2026 · 56% similar
- Show HN: Real-time observability for coding agents vtemian · 14 pts · March 17, 2026 · 56% similar
- Agent-to-agent pair programming axldelafosse · 34 pts · March 27, 2026 · 55% similar
- Show HN: GitAgent – An open standard that turns any Git repo into an AI agent sivasurend · 108 pts · March 14, 2026 · 55% similar
Discussion Highlights (3 comments)
moonlighter
Would love to be able to use this with my Claude Max Plan subscription ($100/month)... not going to pay with an API Key which burns through tokens way faster. Might try it for the local Apple Intelligence and accessibility to drive local apps tho.
danpalmer
> Our Founder! of this project is battling cancer. Your Stars and Forks are appreciated. I'm sorry to hear this, but I'm also surprised that this is the first thing I learnt about this project, and that it is written in the third person. It detracts from the project.
foreman_
The XPC architecture is the right call for privilege separation … it’s what makes sandboxing trustworthy on macOS rather than just advisory. I’m really curious how it handles the trust boundary between LLM responses and the XPC service layer. The most obvious attack surface is prompt injection via a document the agent reads, which then instructs it to do something in Safari or Messages that the user wouldn’t normally sanction. XPC gives you OS-enforced process isolation but doesn’t help you if the privileged process is faithfully executing a poisoned instruction. What’s the current model for distinguishing user intent from “content the agent read”? Is it purely the system prompt guidance, or is there something structural? Thanks for posting.