More

moss_dog · 2026-01-13T00:31:01 1768264261

What's that?

BloodyIron · 2026-01-13T00:41:05 1768264865

lol you must be fresh to the internet

moss_dog · 2025-12-24T23:55:31 1766620531

IIRC HN typically removes the "How" from article titles like these, presumably to avoid clickbait titles.

moss_dog · 2025-12-24T23:51:17 1766620277

One of my favorites!

moss_dog · 2025-12-24T18:49:55 1766602195

I'd love to be able to lock down the browser to only allow certain URLs (e.g. localhost) so I can give Claude (and other tools) carte blanche to use browser automation (rather than manually approving each command). Is this something on your radar / roadmap?

ramoz · 2025-12-24T18:53:26 1766602406

If using Claude Code, a simple hook can govern `browser_navigate` (mcp)

A custom sh script or something for whitelists would take ~5min to setup.

For more robust governance (many policies), you can write Rego using https://github.com/eqtylab/cupcake

https://code.claude.com/docs/en/hooks#mcp-tool-naming

moss_dog · 2025-12-24T19:00:26 1766602826

Thank you for the links / info! I'm looking forward to digging into this.

hugs · 2025-12-24T18:54:50 1766602490

fully aware of the "blast radius" risk of using claude to do stuff. i'm doing all my vibium dev in a vm using UTM (and you should, too!). wonder if there are some network rules we can add.

i did post a v2 roadmap on the github repo. might be time to start the draft for v3!

falcor84 · 2025-12-24T19:37:51 1766605071

As I see it, the only real solution is to put it into a container that has a firewall with a short whitelist.

moss_dog · 2025-12-24T20:11:10 1766607070

I was looking into this earlier -- presumably you'd also need to allowlist Claude itself (whatever endpoints it hits to run inference etc). VM firewall gets a little trickier with Claude's web search tool, too.

The solution I landed on recently was to locally modify the Chrome devtools MCP to launch the browser instance with strict network restrictions. I believe the implementation used `--host-resolver-rules`, blocking all URLs by default with an environment variable to control the allowlist (which, in hindsight, Claude can easily work around if it needs to -- I should probably just hard-code the allowlist).

falcor84 · 2025-12-25T09:06:04 1766653564

> you'd also need to allowlist Claude itself

This is Anthropic's recommended setup for devcontainers:

https://github.com/anthropics/claude-code/blob/main/.devcont...

You may want to adapt it and particularly to remove the GitHub and VS Code stuff.

michelb · 2025-12-27T11:50:51 1766836251

Maybe this is something: https://github.com/vibheksoni/stealth-browser-mcp

moss_dog · 2025-12-22T00:59:59 1766365199

I use Navidrome [1] + an rclone'd S3 bucket on a Digital Ocean droplet. Works quite well for my purposes!

[1] https://github.com/navidrome/navidrome

moss_dog · 2025-12-19T03:42:27 1766115747

This is incredible! I wouldn't have thought it was possible to cleanly separate tracks like that. I wonder to what extent the model is filling in gaps, akin to Samsung's "ultra zoom" moon.

moss_dog · 2025-12-18T21:30:19 1766093419

Any notable examples you can share?

kevin_thibedeau · 2025-12-18T23:03:21 1766099001

PDF was purposely a non-Turing adaptation of PostScript. Then they added JavaScript support.

moss_dog · 2025-12-06T23:08:31 1765062511

"it's real nightmare material" (11:18)

moss_dog · 2025-12-02T14:03:00 1764684180

Thanks for the recommendation, just downloaded a few episodes!;

moss_dog · 2025-11-19T21:21:35 1763587295

I wish there was a link to the source of this information in the article! I'd like to read the updated version of these laws (if they're public).