// tag
#security
4 posts
-
Five Bugs, a Real Diff, and the Token Bill
Phases 39-41 of kodr: a review that found five plausible bugs hiding behind green tests (including an SSRF redirect bypass), a zero-dependency unified diff worth reading, and token usage finally shown where you look.
#ai#kodr#local-models#agents#security#cli -
Two More Apps, and a Policy Gate
Phases 21-23 of kodr: generating a Markdown blog and a notes API as harness trials - each one shakes out a real bug in kodr itself - plus a permission policy gate that builds on the hooks layer.
#ai#local-models#agents#security#testing#kodr -
A Deterministic Layer Around a Non-Deterministic Model
Phase 20 of kodr: pre_tool_use hooks - deterministic callbacks that can observe, mutate, or block a tool call before it runs, so policy lives in code instead of in a prompt the model might ignore.
#ai#local-models#agents#security#kodr -
Letting a Model Write Files Without Losing the Plot
Phase 08 of kodr: a path jail, dry-run diffs, and timestamped backups - the gate that sits between model output and your filesystem.
#ai#local-models#agents#safety#security#kodr