cuppa

today's signal · no scroll

brewed 03:05 AM

Friday

jun19

2026

the brief

Today’s pulse tilts toward safer, governable AI tooling. MCP rolls out zero-touch OAuth, Anthropic adds hard‑guardrails to Claude Code, and OpenAI ships spend analytics for ChatGPT Enterprise. On the open-source side, Datasette lands Apps and ACL upgrades, while Cloudflare and Hugging Face surface concrete methods and evals to curb leaks and attacks.

the poursit · sip · 10 items

pulse

(07)

anthropics/claude-code· feedJun 19, 01:20 AM
Claude Code adds destructive-command guards
Blocks destructive git resets/cleans and unowned amend commits, gates terraform/pulumi/cdk destroy to explicit stacks, and warns on deprecated models—reducing accidental data loss in auto mode.
v2.1.183 — What's changed Improved auto mode safety: destructive git commands (git reset --hard, git checkout -- ., git clean -fd, git stash drop) are now blocked when you didn't ask to discard local work, git commit --amend is blocked when the commit wasn't made by the agent this session, and terraform destroy/pulumi destroy/cdk destroy are blocked unless you asked for the specific stack Added a warning when the requested model is deprecated or automatically updated to a newer model, shown o...
signal 9hype 1release_notesagent_safetyclaude_codesource ↗
hn/frontpage· feedJun 18, 09:54 PM
Zero-Touch OAuth arrives for MCP
Enterprise-managed OAuth brings centralized, zero-touch credential flows to MCP tools, cutting token sprawl and making secure agent integrations deployable in stricter enterprise environments.
Zero-Touch OAuth for MCP — Article URL: https://blog.modelcontextprotocol.io/posts/enterprise-managed-auth/ Comments URL: https://news.ycombinator.com/item?id=48592163 Points: 112 # Comments: 47
signal 9hype 1mcpoauthauthsource ↗
vercel/next.js· feedJun 19, 12:15 AM
Next.js canary retries chunk loads
Turbopack now retries failed chunk loads and the React snapshot is updated, smoothing dev ergonomics and resiliency ahead of the 16.3.0 release.
v16.3.0-canary.58 — Misc Changes Fix dev overlay hydration error ordering: #94555 [turbopack] Retry chunk loading on failure: #94918 Upgrade React from ad78e251-20260616 to b1786c31-20260618: #94951 [ci] Update playwright to 1.61.0: #94871 [cd] reduce size of npm metadata on publish: #94953 Credits Huge thanks to @timneutkens, @sampoder, @vercel-release-bot, @bgw, and @styfle for helping!
signal 7hype 0nextjsrelease_notesturbopacksource ↗
simonw/blog· feedJun 18, 11:58 PM
Datasette Apps embeds custom UIs
A new plugin lets you host self-contained HTML apps inside Datasette, enabling richer interactive frontends co-located with your data, queries, and permissions.
Datasette Apps: Host custom HTML applications inside Datasette — Today we launched a new plugin for Datasette, <a href="https://github.com/datasette/datasette-apps">datasette-apps</a>, with <a href="https://datasette.io/blog/2026/datasette-apps/">this launch announcement post</a> on the Datasette project blog. That post has the what, but I'm going to expand on that a little bit here to provide the why. <h4 id="the-tl-dr">The TL;DR</h4> Datasette Apps are self-conta...
signal 6hype 1plugin_releaseopen_sourcedatasettesource ↗
simonw/blog· feedJun 18, 07:03 PM
Datasette ACL expands resource controls
The ACL plugin moves beyond table-only permissions to fine-grained, multi-user resource sharing—foundational for secure, collaborative Datasette deployments.
datasette-acl 0.6a0 — Release: <a href="https://github.com/datasette/datasette-acl/releases/tag/0.6a0">datasette-acl 0.6a0</a> <blockquote> This release expands <code>datasette-acl</code> from table-only permissions toward a general resource-sharing system. </blockquote> Alex Garcia did most of the work for this release - we're fleshing out the plugin that will allow multi-user Datasette instances finely grained control over who can access which resources wit...
signal 6hype 1release_notesplugindatasettesource ↗
openai/blog· feedJun 18, 05:00 PM
ChatGPT Enterprise adds spend analytics
Org-wide usage analytics and budget controls help admins track consumption by team and set limits, making ChatGPT Enterprise deployments easier to govern and forecast.
New usage analytics and updated spend controls for enterprises — OpenAI introduces new spend controls and usage analytics for ChatGPT Enterprise, helping organizations manage costs and scale AI with confidence.
signal 5hype 1openaiplatform_updatechatgpt_enterprisesource ↗
hn/frontpage· feedJun 18, 08:49 PM
Tool checks if models “know” you
A Show HN tool parallel-queries multiple LLMs and clusters responses to estimate recognition strength, spotlighting memorization and privacy risks as assistants spread.
Show HN: Are You in the Weights? — With more traffic moving off-web and into LLMs, I got curious about what traces we leave "in the weights". My design partner and I built a site in the past few weeks that checks recognition across frontier and small models. It queries many of them in parallel, clusters the responses, and tells you how strongly they recognize you. Happy to answer any questions here! Comments URL: https://news.ycombinator.com/item?id=48591348 Points: 201 # Comments: 127
signal 6hype 2show_hndemollm_behaviorsource ↗

findings

(03)

cloudflare/blog· feedJun 18, 05:59 PM
Cloudflare multi-stage vulnerability harness
Cloudflare details a multi-stage LLM-driven vulnerability discovery and automated triage loop, with state controls, adversarial review to squash false positives, and strategies to route around context limits.
Build your own vulnerability harness — We break down the technical architecture behind our multi-stage vulnerability discovery harness and automated triage loop. Learn how we manage state controls, squash false positives through adversarial review, and route around LLM context limits.
signal 9hype 1securityvulnerability_scanningagent_frameworkssource ↗
huggingface/blog· feedJun 18, 06:13 PM
MosaicLeaks tests agent data leakage
New evaluation framework probes whether research agents leak sensitive information, with reproducible tasks and metrics to harden retrieval and tool-use pipelines against inadvertent disclosure.
MosaicLeaks: Can your research agent keep a secret?
signal 4hype 3agentssecurityprivacysource ↗
cloudflare/blog· feedJun 18, 01:00 PM
Cloudflare reports attacks on civil society
Cloudflare’s first comprehensive Galileo report surfaces attack patterns targeting NGOs and journalists, offering data to tune protections for high-risk communities and platforms.
Celebrating 12 years of Project Galileo — To mark the 12th anniversary of Project Galileo, Cloudflare has released its first comprehensive report analyzing cyberattacks against civil society.
signal 4hype 2securityreport_releasecloudflaresource ↗

jun19

Claude Code adds destructive-command guards

Zero-Touch OAuth arrives for MCP

Next.js canary retries chunk loads

Datasette Apps embeds custom UIs

Datasette ACL expands resource controls

ChatGPT Enterprise adds spend analytics

Tool checks if models “know” you

Cloudflare multi-stage vulnerability harness

MosaicLeaks tests agent data leakage

Cloudflare reports attacks on civil society