It seems like a pretty simple rule in 2025: if your AI-related devtool project is not an open source, doesn't allow to self-host, and is not a tier-1 (your own models, or similar level of "secret sauce") -> it will be replicated within a week or so. And I like this new realm.
We are thinking of open sourcing it, the current codebase requires Cloudflare Workers so it will take some changes to make it more generic. Thank you for the feedback!
As a privacy conscious person, I am developing a desktop/local only app and collecting feedback from beta testers. I would appreciate if you can participate as a beta tester and share your feedback.
At the moment, app is only available for MacOS, and in the process of security audit (not SOC-2 yet, but we will get there). I am planning to sell a license.
Please let me know how to contact you, if you prefer to send email here is my disposable email: kzphefll8@mozmail.com (to prevent spam emails, not sharing my original email)
Currently we are only recording which tools were requested by the MCP client. We don't store details of the executed tool, neither the arguments nor the response. Currently we are not open source but we are considering that. Thanks for the feedback!
Agreed, I think adding guardrails to this would be really useful to ensure the AI only has limited permissions to these services (or asking for some sort of confirmation before making potentially dangerous tool calls).
HEY GUYS. I just made an amazing NPM package - it just adds in whatever other packages you need depending on what it looks up randomly on the internet and runs them.
Actually now a read this it does sound kinda similar to how NPM works…
It seems like a pretty simple rule in 2025: if your AI-related devtool project is not an open source, doesn't allow to self-host, and is not a tier-1 (your own models, or similar level of "secret sauce") -> it will be replicated within a week or so. And I like this new realm.
We are thinking of open sourcing it, the current codebase requires Cloudflare Workers so it will take some changes to make it more generic. Thank you for the feedback!
Isn't the issue that you all can possibly retain any data since you are acting as an intermediary? And your code is not open source?
Would you prefer a local only tool?
As a privacy conscious person, I am developing a desktop/local only app and collecting feedback from beta testers. I would appreciate if you can participate as a beta tester and share your feedback.
At the moment, app is only available for MacOS, and in the process of security audit (not SOC-2 yet, but we will get there). I am planning to sell a license.
Please let me know how to contact you, if you prefer to send email here is my disposable email: kzphefll8@mozmail.com (to prevent spam emails, not sharing my original email)
Currently we are only recording which tools were requested by the MCP client. We don't store details of the executed tool, neither the arguments nor the response. Currently we are not open source but we are considering that. Thanks for the feedback!
Creating your own MCP server in Cursor requires <50 lines of code for the base (https://blog.toolkami.com/toolkami-shttp-server/)
Maybe I’m just getting old but having lots of MCP servers happening automatically feels scary.
Agreed, I think adding guardrails to this would be really useful to ensure the AI only has limited permissions to these services (or asking for some sort of confirmation before making potentially dangerous tool calls).
It really concerns me that this is an afterthought rather than MVP table stakes.
Imagine the show HN post of:
HEY GUYS. I just made an amazing NPM package - it just adds in whatever other packages you need depending on what it looks up randomly on the internet and runs them.
Actually now a read this it does sound kinda similar to how NPM works…