Skip to content

HackerNews AI - 2026-06-28

1. What People Are Talking About

June 28 rose only slightly from June 27's 46 stories to 50, but it was much more launch-heavy: 22 Show HN posts, 49 link posts, 21 GitHub links, and 11 explicit Claude Code mentions. The day's biggest item was not another benchmark or model launch. It was a personal account of using Claude Code on shoulder MRI data, which pulled the conversation from coding productivity into trust, liability, and expert review. Around that, Hacker News kept building practical control layers: secret boundaries, budget gates, tool-call firewalls, pass@k harnesses, and UI for running many Claude Code instances at once.

1.1 High-stakes second-opinion workflows are escaping the codebase (🡕)

The biggest conversation on June 28 was about using a coding-style agent workflow on medical evidence, not source code. That shifted the usual "can the agent code?" debate into a harder question: what happens when the same subagent-plus-tooling pattern is used to challenge experts in domains where neither human nor model is fully trusted.

engmarketer posted I used Claude Code to get a second opinion on my MRI (257 points, 366 comments). The linked article says GPT 5.5 Pro first flagged questionable treatment details, then Claude Code Opus 4.8 analyzed a 266 MB DICOM export, installed packages, produced an initial report that contradicted the clinician's Grade III tear diagnosis, and then ran a second arbitration pass with multiple subagents that again favored "no discrete partial- or full-thickness tear identified." The distinctive angle is not just "AI read an MRI." It is Claude Code being used as an auditable workflow engine for a data-heavy second opinion, with planning, package installation, and multiple review passes all exposed to the user.

binyu posted Guy in his basement creates a drug to treat Alzheimer's disease using AI (21 points, 28 comments). The HN replies immediately pushed back on the framing: comboy (score 0) noted that the founder said he created a drug candidate, not a treatment, while WarmWash (score 0) argued the interesting part was using AI to program robot arms rather than the headline's implication of a clinical breakthrough. Even as a lower-signal item, it shows the same pattern as the MRI post: people are willing to entertain AI-heavy expert workflows, but they are also quick to challenge inflated claims.

Discussion insight: The top MRI thread was notable because the strongest replies did not dismiss second opinions outright; they narrowed the trust boundary. sxg (score 0) said the calcification question could not be settled without the full 3D dataset and that ultrasound can miss small calcifications. rasmus1610 (score 0) said Claude and ChatGPT were "absolutely terrible at MRI," while AceJohnny2 (score 0) argued that the real need is better information, not just more information. The result was not blind optimism or blind rejection. It was visible demand for second-opinion tooling that exposes uncertainty more clearly than either the doctor or the model did alone.

Comparison to prior day: June 27's trust discussion focused on exploit chains, MCP authority, and safer control planes. June 28 extended the same trust problem into medicine and scientific claims, where a "second opinion" can still leave the user stuck between two untrusted answers.

1.2 Developers still want deterministic boundaries before they trust agents with real systems (🡕)

June 27 already pushed toward typed interfaces and explicit approval gates. June 28 made that impulse more concrete: path-level secrecy, budget ceilings, and pre-tool-call security checks all got treated as first-class infrastructure instead of optional polish.

pikseladam posted A way to exclude sensitive files issue still open for OpenAI Codex (166 points, 110 comments). The linked GitHub issue asks for repo-local and global ignore files that keep .env, keys, .aws/**, .ssh/**, and similar paths out of model reads while remaining deterministic and shareable across a team. The comments were stricter than the feature request: TheDong (score 0) said permissions or container mounts are the only real fix because shell and tool output can still leak file contents, and nikhilsimha (score 0) said his team solves the problem by copying only low-risk code and credentials into a sandbox before session creation.

Mohil_Sharma posted Show HN: AgentWatch - Prevent runaway AI agents with runtime budget enforcement (7 points, 4 comments). The linked site positions the product as "the spending limit on your AI credit card": every request passes a synchronous budget check, over-budget sessions get a 402 before the model call happens, and operators can choose fail-open or fail-closed behavior across OpenAI, Anthropic, Gemini, Bedrock, and other providers. cerberussec posted Cerberus - a local firewall for AI agents' tool calls (3 points, 0 comments), and the linked repo describes a local-first gateway that intercepts every tool call, risk-scores it across policy, behavior, content, and prompt-injection signals, and can allow, audit, require human approval, or block.

Discussion insight: The strongest replies across these items agreed on one thing: safe defaults have to live at a boundary the model cannot talk its way around. That is why commenters kept returning to Unix permissions, container mounts, proxy-based key access, synchronous budget checks, and pre-tool approval instead of softer "please don't read this file" conventions.

Comparison to prior day: June 27 emphasized deterministic control planes in the abstract. June 28 made the need more granular and operational: path-level secrecy, dollar ceilings, and tool-call approval before execution.

1.3 Builder energy concentrated in teachable interfaces, evals, and workflow wrappers (🡕)

If the top stories set the trust agenda, the rest of the day showed how builders are responding to it. June 28 had 22 Show HN launches and 21 GitHub links, and the common pattern was not "train a new frontier model." It was "package the workflow so a person or an agent can reliably repeat it."

jackpriceburns posted Show HN: Decomp Academy - Learn to decompile GameCube games into matching C (185 points, 71 comments). The post says the site has 250-plus interactive lessons, runs a live Metrowerks CodeWarrior GC/2.0 compiler in the browser, starts from beginner level, and stores lessons as markdown. The linked site and repo frame it as a free browser-first course with 258 lessons and byte-matching feedback against real GameCube binaries, while the author said in comments that the backend is written in Rust on AWS Lambda, DynamoDB, and API Gateway. The distinctive angle is that it turns a historically painful reverse-engineering toolchain into a live, graded interface that lowers the cost of learning by a lot.

vforno posted Show HN: NanoEuler - GPT-2 scale model in pure C/CUDA from scratch (24 points, 3 comments). The linked repo describes a GPT-2-class model built entirely in C/CUDA, including hand-written forward and backward passes, a byte-level BPE tokenizer, hand-written FlashAttention, pretraining, and supervised fine-tuning on a single RTX 4070. The value proposition is not product polish. It is total legibility of the training stack for people who want to understand how the model works all the way down.

Low-score launches filled out the same pattern from different angles. psafronov posted Show HN: Engye - transfer files between any two devices by scanning a QR code (12 points, 2 comments), a WebRTC file-transfer tool that the author said was designed by him and implemented iteratively with Claude over several months. edonadei posted Show HN: Caliper - pass@k reliability testing for Claude Code and Codex skills (2 points, 1 comment), and the linked repo turns agent-skill evaluation into repeatable YAML specs and baseline comparisons. tem_alThor posted Show HN: Better Graphs - Teach agents to stop making plain Matplotlib slop (6 points, 1 comment), whose site and repo encode chart "taste" into explicit house rules and reusable CLAUDE.md guidance.

Discussion insight: In Finding It Challenging to Maintain Software Created with Coding Agents? (8 points, 5 comments), rurban (score 0) said, "If you cannot maintain it, the agent has to maintain it. If the agent cannot maintain it, you are lost." That helps explain why so many same-day launches were about tests, rules, structure, and browser-first onboarding instead of more raw autonomy. Even Show HN: Claudete - Command a legion of Claude Code instances and shells (3 points, 4 comments) and the SigNoz-backed Newer Claude models use more tokens but cost less per task solved (4 points, 0 comments) fit the same instinct: expose usage, resets, and outcomes instead of treating the agent as a black box.

Comparison to prior day: June 27 focused on operating multiple agent sessions and safer execution layers. June 28 kept the workflow theme but pushed it into teachable assets, eval harnesses, and interface layers that other people can reuse.


2. What Frustrates People

High-stakes AI advice can unsettle trust faster than it resolves it

I used Claude Code to get a second opinion on my MRI (257 points, 366 comments) is the clearest example of a new kind of frustration: AI can surface enough contrary evidence to make a user doubt the original expert, but not enough to make the new answer comfortably trustworthy. The thread's radiologist comments narrowed the evidence and modality limits instead of endorsing the model, while the Alzheimer's thread showed the same skepticism toward headline-level breakthrough claims. Severity: High. People cope with additional human second opinions, more artifact sharing, and more explicit uncertainty. Worth building for: yes, but only if the product is verification-heavy.

Safe defaults for secret scope and tool authority are still missing

A way to exclude sensitive files issue still open for OpenAI Codex (166 points, 110 comments), Show HN: AgentWatch - Prevent runaway AI agents with runtime budget enforcement (7 points, 4 comments), and Cerberus - a local firewall for AI agents' tool calls (3 points, 0 comments) all point to the same pain: people still do not trust the default agent loop to keep secrets private, spending bounded, or tool calls safe. The comments on the Codex issue were especially blunt that ignore files alone will not solve exfiltration if the process can still read the files. Coping behavior is shifting toward containers, copied workspaces, proxy-based credentials, pre-tool approval, and hard budget checks. Severity: High. Worth building for: yes, directly.

Agent-written code is expanding faster than teams' understanding of it

Finding It Challenging to Maintain Software Created with Coding Agents? (8 points, 5 comments) makes the maintenance problem explicit: developers can ship more code, but they do not spend the same 6-8 hours per day building intuition about it. The same-day responses to that pain were procedural. Show HN: Caliper - pass@k reliability testing for Claude Code and Codex skills (2 points, 1 comment) turns skill quality into a repeatable metric, Academic-writing kit for Claude Code (5 points, 0 comments) ships source-grounded writing workflows and hostile-review gates, and Show HN: Better Graphs - Teach agents to stop making plain Matplotlib slop (6 points, 1 comment) turns visual taste into repo-native rules. Severity: Medium-High. People cope by encoding more standards into skills, specs, and checked-in instructions. Worth building for: yes, directly.

Running many agents still creates operational clutter around limits, resets, and visibility

Show HN: Claudete - Command a legion of Claude Code instances and shells (3 points, 4 comments), Show HN: AgentWatch - Prevent runaway AI agents with runtime budget enforcement (7 points, 4 comments), and Newer Claude models use more tokens but cost less per task solved (4 points, 0 comments) all show the same operational irritation from different angles: plan caps, session sprawl, runaway loops, and poor visibility into what an agent is costing or consuming while it works. People cope with native control panels, budget proxies, and telemetry dashboards instead of trusting the base agent to manage itself. Severity: Medium. Worth building for: yes, directly.


3. What People Wish Existed

Deterministic repo and global policies for what agents may see or send

A way to exclude sensitive files issue still open for OpenAI Codex (166 points, 110 comments) asks for this directly, but the comments raise the bar: users want something stronger than conventions and weaker than hand-built security engineering for every repo. They want rules that are explicit, shareable, and actually enforced at the runtime boundary. This is a practical need with high urgency because teams are already using containers, copied workspaces, and custom terminals as ad hoc substitutes. Opportunity: direct.

Second-opinion systems that preserve uncertainty instead of pretending certainty

I used Claude Code to get a second opinion on my MRI (257 points, 366 comments) shows why the need is real: users want help interrogating an expert conclusion, especially when the treatment feels aggressive or poorly explained. But the thread also shows they do not just want a more confident answer from the model. They want a workflow that makes evidence, disagreement, and modality limits legible. This is a practical need with high urgency but heavy credibility requirements. Opportunity: direct.

Reliability and memory layers that keep agent-generated work understandable

Finding It Challenging to Maintain Software Created with Coding Agents? (8 points, 5 comments), Show HN: Caliper - pass@k reliability testing for Claude Code and Codex skills (2 points, 1 comment), and Academic-writing kit for Claude Code (5 points, 0 comments) all point to the same missing layer: if agents are going to generate more code, docs, and research structure, teams need durable ways to keep the why, not just the output. This is a practical need with high urgency because the pain appears after productivity gains have already arrived. Opportunity: direct.

Control planes for parallel agents, budgets, and local/cloud handoff

Show HN: Claudete - Command a legion of Claude Code instances and shells (3 points, 4 comments), Using Local Coding Agents (3 points, 0 comments), and Show HN: AgentWatch - Prevent runaway AI agents with runtime budget enforcement (7 points, 4 comments) together imply a broader need than "another agent app." People want one place to see session state, remaining limits, reset windows, and whether the current job should stay on a hosted frontier model or fall back to a local stack. This is a practical need with medium urgency and likely to get competitive quickly. Opportunity: competitive.


4. Tools and Methods in Use

Tool Category Sentiment Strengths Limitations
Claude Code Coding agent (+/-) Handles long workflows with plans, package installs, subagents, and repo-native skills; now being used even for non-code second-opinion work Trust in outputs remains domain-limited, and teams still need extra rules, evals, and ops layers around it
OpenAI Codex Coding agent / harness (+/-) Useful enough that teams want repo-wide governance for it; client-server setup works well for remote containers according to HN comments Still lacks deterministic sensitive-file controls, so users fall back to containers, permissions, and copied workspaces
AgentWatch Budget enforcement proxy (+) Blocks over-budget requests before they hit the model, works across major providers, and supports fail-open or fail-closed policies Focused on spend and routing rather than broader security; stronger anti-bypass guarantees are gated to enterprise-style setups
Cerberus Tool-call security gateway (+) Intercepts every tool call locally, risk-scores it, and supports human approval before dangerous actions Early-stage and adds policy-tuning and approval overhead to the loop
Claudete Multi-instance agent operations (+) Gives one macOS window for 10+ Claude Code sessions, shells, broadcast prompts, and usage tracking macOS-only and still fundamentally a response to session sprawl rather than a replacement for it
Caliper Eval harness (+) Measures skill reliability with pass@k, isolated reruns, and with-skill vs no-skill baselines Tells you whether a skill is reliable; it does not itself solve the quality problem
Better Graphs Agent instruction kit / visualization method (+) Encodes chart taste into reusable house rules, CLAUDE.md, and style files so agents can reproduce better output Narrowly scoped to Matplotlib-style work and depends on keeping the rules curated
SigNoz + Terminal-Bench Benchmarking / observability method (+) Measures cost per solved task, cache use, requests, tool calls, and active time instead of relying on a single benchmark score Still time- and token-intensive, and task selection can shape the outcome
Ornith-1.0 Open-weight coding model (+/-) Self-scaffolding training approach, wide size range from 9B to 397B, and strong claimed Terminal-Bench/SWE-Bench numbers Performance claims are self-reported and HN remains skeptical of benchmark-only evidence
Qwen-Code + Ollama local stack Local coding-agent method (+) Transparent, inspectable, privacy-friendly, reproducible, fixed-cost, and usable offline Strong local models still need substantial RAM or hardware, and even advocates still keep Claude Code or Codex around as daily drivers

Overall satisfaction was highest for tools that made boundaries, measurement, or taste explicit instead of promising more autonomous magic. AgentWatch makes budgets legible. Cerberus makes tool authority legible. Caliper makes skill reliability legible. Better Graphs makes visual taste legible. The SigNoz workflow makes model choice legible in dollars and solved tasks instead of just tokens or benchmarks.

The common workaround pattern was to wrap the base agent rather than replace it. Teams are adding copied workspaces, budget proxies, skill harnesses, control panels, and checked-in house rules around Claude Code or Codex. Model migration looked similar: not a full shift away from frontier vendors, but a growing hedge toward open-weight and local stacks when privacy, reproducibility, or cost predictability matter more than absolute peak capability.


5. What People Are Building

Project Who built it What it does Problem it solves Stack Stage Links
Decomp Academy jackpriceburns Browser-first course for learning matching GameCube decompilation with live grading Reverse-engineering education is hard to start because the toolchain and feedback loop are painful TypeScript frontend, markdown curriculum, Rust/AWS backend, real MWCC GC/2.0 compiler Shipped post, site, repo
NanoEuler vforno GPT-2-class model and training pipeline built entirely from scratch Builders want to understand how models train and run without hiding behind PyTorch abstractions C, CUDA, OpenMP, cuBLAS, hand-written FlashAttention, BPE tokenizer Alpha post, repo
Engye psafronov Transfers files, clipboard text, and virtual drives between devices via QR code Sending a file to a public or shared computer is still awkward without accounts, cloud upload, or thumb drives Vite/TypeScript, WebRTC, AES-256-GCM, GitLab Pages, mobile apps Shipped post, site
AgentWatch Mohil_Sharma Enforces per-session spend limits before agent requests reach the provider Runaway loops and surprise LLM bills are hard to catch after the fact Edge proxy, env-var routing, multi-provider LLM APIs, policy modes Beta post, site
Claudete morion4000 Native macOS control panel for multiple Claude Code instances and shells Teams and power users need visibility over many concurrent agent sessions Native macOS app, grid UI, shell panes, usage tracking, broadcast prompts Beta post, site
Caliper edonadei Runs agent skills repeatedly and reports pass@k against a baseline A skill that works once can still be unreliable across model updates or prompt changes Python, YAML specs, isolated environments, Claude Code/Codex/Pi backends Beta post, repo
Cerberus cerberussec Intercepts agent tool calls and can block or require approval locally Autonomous shell, file, and network actions need a checkpoint at the tool boundary TypeScript, local risk engine, policy/behavior/content/injection checks Beta post, repo
Study-kit josefslerka Reproducible scholarly-writing kit with grounding and hostile review AI-assisted writing needs stronger provenance if humans are going to stand behind the output Markdown, CLAUDE.md, slash commands, provenance rules, bilingual project kits Beta post, repo

The repeated build pattern was not "beat the frontier model." It was "encode the missing workflow contract." AgentWatch and Cerberus codify runtime policy. Caliper codifies what success means. Study-kit codifies provenance. Claudete codifies multi-instance operations. Even Engye, though not itself an AI tool, was explicitly built through a long Claude loop and solves an everyday transfer job with fewer assumptions than cloud-share defaults.

Decomp Academy was the day's clearest proof that browser-first interfaces still matter. The comments kept coming back to the same point: reverse engineering has a high enthusiasm ceiling but a very low tolerance for ancient toolchain pain. By turning the feedback loop into an in-browser "does this byte-match or not?" experience, the project made a niche craft feel more like a modern coding tutorial.

Low-score supporting projects showed the same move in knowledge work. Better Graphs writes visual judgment into reusable artifacts so the next agent does not need the taste re-explained. ARA-Labs' Agent-Native Research Artifact, linked from Toolkit for Your AI Scientists - Rigorous, Auditable and Verifiable (3 points, 0 comments), frames AI science the same way: not as "let the agent publish," but as "make the research process observable, verifiable, and structured enough that humans can still trust it."


6. New and Notable

Coding-agent workflows are being used as evidence-workflow engines, not just code generators

engmarketer posted I used Claude Code to get a second opinion on my MRI (257 points, 366 comments). What matters is not just that Claude read a medical artifact. It is that the user treated Claude Code as a full workflow surface: package installs, DICOM processing, report generation, and multi-pass arbitration. That is a different product category from "chat with a model about your symptoms."

Cost-per-outcome measurement is getting more credible than raw token counting

gkarthi2800 posted Newer Claude models use more tokens but cost less per task solved (4 points, 0 comments). The linked SigNoz post compares Sonnet 4.6, Opus 4.7, and Opus 4.8 on Terminal-Bench with OpenTelemetry instrumentation and finds that Opus 4.8 solves more tasks while costing less per solved task than Opus 4.7. Paired with Caliper's pass@k framing, that is notable because it shifts evaluation away from "which model uses fewer tokens?" toward "which workflow actually gets the job done reliably?"

Verifiability itself is becoming a product surface

josefslerka posted Academic-writing kit for Claude Code (5 points, 0 comments), and amberjcjj posted Toolkit for Your AI Scientists - Rigorous, Auditable and Verifiable (3 points, 0 comments). The linked Study-kit repo and ARA repo both treat provenance, hostile review, and structured process logs as core features instead of afterthoughts. That is notable because it suggests the next layer of differentiation may be less about raw generation and more about whether humans can defend the output after the fact.


7. Where the Opportunities Are

[+++] Runtime boundary infrastructure for agent actions - The Codex sensitive-file issue, AgentWatch's synchronous budget gates, Cerberus's local tool firewall, and the comments demanding containers and copied workspaces all point to the same gap: teams want agents to touch real systems, but only through boundaries that are deterministic, inspectable, and hard to bypass.

[+++] Reliability and knowledge-retention layers around agent-authored work - The maintainability Ask HN post, Caliper's pass@k harness, Better Graphs' house rules, Study-kit, and the SigNoz benchmark all show the same need: once agents can produce more output than humans can fully internalize, teams need products that preserve standards, provenance, and confidence in the result.

[++] High-trust second-opinion workflows in expert domains - The MRI thread and the skeptical biotech discussion show clear user demand for AI-assisted second opinions, but they also show that credibility will depend on audit trails, evidence visibility, and explicit uncertainty rather than on confident prose alone.

[+] Multi-instance and local-first agent operations - Claudete, AgentWatch, and Raschka's local-agent tutorial show an emerging operational layer around session management, plan limits, reset timing, and local/cloud routing. The need is real, but the winning shape is still unsettled.


8. Takeaways

  1. AI trust is no longer just a software engineering question. The biggest story of the day used Claude Code on MRI data, and the value proposition was not code generation but evidence review and arbitration. (source)
  2. HN still wants controls at boundaries the model cannot override. The Codex issue comments, AgentWatch, and Cerberus all favor containers, copied workspaces, proxy checks, and tool-call gates over prompt-level promises. (source)
  3. The strongest builder pattern is wrapping the agent, not replacing it. Caliper, Claudete, AgentWatch, Better Graphs, and Study-kit all add evaluation, visibility, or workflow structure around existing base agents. (source)
  4. Browser-first and feedback-rich interfaces still unlock enthusiasm. Decomp Academy drew one of the day's strongest positive responses because it removed the old reverse-engineering setup tax and replaced it with immediate graded feedback. (source)
  5. Model choice is becoming a workflow economics question, not just a leaderboard question. The SigNoz comparison and local-agent tutorial both treat cost, reproducibility, privacy, and hardware fit as part of the decision, not as side constraints after the fact. (source)