Opening

Two AI coding agents made the news this week. Not for shipping something impressive. For doing things to your files without asking.
Grok Build's CLI was uploading entire Git repositories, full commit history included, to an xAI-run Google Cloud bucket. A researcher publishing as cereblab put version 0.2.93 through a proxy and caught it: on a 12 GB repo the model never read, 5.10 GiB left the machine. Tracked .env files went too, unredacted, API keys and database passwords intact.
Here is the part that matters. It uploaded with "Improve the model" turned off. That toggle governs whether your code trains the model. It never governed whether your code leaves your machine. Two different controls, and only one of them was ever shown to you. xAI killed the uploads server-side on July 13 without shipping an update or saying a word.
Then GPT-5.6 inside Codex started deleting files. The trigger there was different: full access mode enabled, plus an ambiguous instruction. Simon Willison surfaced the thread; OpenAI confirmed they are investigating.
Two failures, and it is worth being precise about why they are not the same one. Codex did what you permitted, badly. Grok did what you never permitted at all, because the setting that looked like the control was not wired to the behavior. One is a lesson about granting power carefully. The other is a lesson about not trusting the label on the switch.
The repos below are mostly Claude Code ecosystem. Use the right tool, and read what it actually does, not what its settings page implies.
Today: 9 repos, 2 stack picks, 4 signals.
advertisement
How 2M+ Professionals Stay Ahead on AI
AI is moving fast and most people are falling behind.
The Rundown AI keeps you ahead of the curve.
It's a free AI newsletter that keeps you up-to-date on the latest AI news, and teaches you how to apply it in just 5 minutes a day.
Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses — tailored to your needs.

Start Here
New here? This part is for you. Operators, skip to The Drops.
What is a CLI? CLI stands for command line interface. It means using a program by typing instructions instead of clicking buttons. Most of today's tools are CLIs: you type a line, the tool does the work. Claude Code is one. So is the Grok tool in today's opening story. There is no window full of menus, just text going both ways. It looks intimidating and it genuinely is not: think of a chat box that happens to control your computer.
Do this today (2 minutes, no coding): Open any project on GitHub in your browser and look for a file named .gitignore in the file list. Click it. It is a plain list of files the project deliberately keeps out of what gets shared. That is the exact idea underneath today's opening story: some files are meant to stay on your machine. You are not changing anything. You are just learning that the list exists.
How to use today's picks: Below are 9 projects and 2 tools that builders are actively using. You do not need to install anything to get value here. Find the one whose one line pitch describes a problem you actually have, click it, and read the top of the page. That is the whole move. Installing is a later decision, and only if it earns it.
Plain English: terminal is the app on your computer where you type those instructions. We are not going to make you use it, you just want to know the word when you see it. An .env file is a small file where a project keeps its secrets, like passwords and keys. It is supposed to stay private and never leave your machine, which is exactly why today's story is a big deal.
We read your replies. You told us you are here to learn, so this block is for you. Hit reply with any word you want decoded, and we will define it here.
advertisement
The AI IPO Rush Is Coming
OpenAI and Anthropic could bring a new wave of AI attention to the public markets. But investors don’t have to wait for the IPOs.
MarketBeat’s 7 AI Stocks to Buy Now report reveals 7 publicly traded companies positioned to benefit from the next phase of AI investment.
The Drops

[Repo] davila7/claude-code-templates, A CLI tool for configuring and monitoring Claude Code, 29,577 stars. If you are managing multiple Claude Code projects and want a sane config layer without touching raw JSON every time, this is the starting point.
[Repo] d-kimuson/claude-code-viewer, A full-featured web-based Claude Code client at 1,250 stars. Gives you a proper browser UI for managing projects and sessions instead of living exclusively in the terminal. Worth it if you run Claude Code for clients or share sessions.
[Skill] tradermonty/claude-trading-skills, Claude Code skills for equity analysis: market screening, technical charting, economic calendars, and strategy development at 2,412 stars. Operators building finance tools will find pre-built skill scaffolding they don't have to write from scratch.
[Repo] rorkai/app-store-connect-cli-skills, Skills that automate App Store deployment using the asc CLI, 912 stars. If you ship iOS apps and are tired of the manual release loop, this wires Claude Code into the store pipeline directly.
[Repo] Helmi/claude-simone, A project management framework built for AI-assisted development with Claude Code, 557 stars. Think structured task decomposition and state tracking across sessions rather than reorienting Claude from scratch each morning.
[Repo] chongdashu/cc-statusline, Adds a live, informative statusline to your Claude Code experience, 625 stars. Small ergonomic lift, but operators doing long sessions will notice the difference in staying oriented on what the agent is actually doing.
[Repo] modelcontextprotocol/servers, The official MCP servers reference list, 88,554 stars. The canonical place to start any MCP build: verified implementations for GitHub, Postgres, filesystem, Brave Search, and a dozen more.
[Repo] mem0ai/mem0, Persistent memory layer for LLM apps, 61,001 stars. Adds user and session memory across conversations without you building the storage layer yourself. Pairs cleanly with any agent that needs to remember context between runs.
[Repo] upstash/context7, Up-to-date code documentation surfaced directly into LLMs and AI code editors, 59,203 stars. The fix for the "Claude is using the 2023 API docs" problem. Wire it in once, stop debugging stale context forever.
[Affiliate] Emergent, Describe an app in plain English and it builds, tests, and deploys the whole thing. Useful on the days you want a working prototype in front of you rather than another repo to configure. We earn a commission if you upgrade, which helps keep the daily free for everyone.
advertisement
Charge clients $3K. Build their site in 10 minutes.
AI freelancers use Readdy.ai to turn $2–5K website gigs into afternoon builds.
Enter a client brief and get a polished, mobile-ready site with copy, SEO, booking, Stripe, and self-editing chat.
White-label and export-friendly, Readdy helps you deliver faster, keep margins, and scale your freelance business.
The Stack

[MCP] vshulcz/deja-vu, A memory layer built specifically for coding agents. Searches, recalls via MCP, auto-injects context, redacts secrets, and syncs over the session logs that Claude Code, Codex, and opencode already write. One zero-dependency binary. The non-obvious config win: it reads logs you already have, so there is nothing to retrofit into your existing workflow.
[MCP] ohad6k/emulo, Mines your Claude Code and Codex logs into a local you.md agent profile. The use case is straightforward: stop re-explaining your preferences, your stack, and your conventions to Claude every session. Let it learn from the sessions you already ran.
Today's Signals

- Grok Build's CLI was caught silently uploading entire repositories. Version 0.2.93 sent full Git history, plus unredacted .env secrets, to an xAI-owned Google Cloud bucket, and it did so with the "Improve the model" setting switched off. That toggle governed training, not egress. xAI disabled the uploads server-side on July 13 with no update shipped and no statement. Audit what your AI CLI actually sends, not what its settings page claims. (cereblab, via public proxy captures)
- GPT-5.6 inside Codex deleted files when given ambiguous instructions in full access mode. OpenAI has confirmed the investigation. The pattern: broad permission plus an underspecified task equals an irreversible action. Worth knowing before you wire any coding agent into a live repo without a git checkpoint. (Simon Willison)
- Anthropic is pushing states to move faster on AI transparency regulation. Their head of US state and local policy says the California and New York laws they endorsed last year may already be outdated. For operators building products in regulated verticals, the compliance target is moving, not settling. (Wired)
- Google DeepMind launched a bioresilience program aimed at helping governments detect and respond to biological threats using AI. Operators building in science or health infrastructure: this is the first major lab to formalize AI-for-biosecurity at the government level. Shifts what "responsible deployment" looks like in that category. (Axios)
Builder's Brief

We build The AIgent's engine in the open. An honest look at what we are making, what broke, and where it is headed. This week: an alarm certain the newsletter was broken, and a database that quietly disagreed.
Trust the ledger, not the alarm.
An alert is a hypothesis, not a fact. Treat it as a fact and you will spend a day fixing the wrong thing.
A starve alarm fired on one of the engine's content queues. Its message was specific and alarming: a section had been shipping filler on every issue for a week. The instinct is to believe it and start rebuilding the feeder that failed. Instead we pulled the one source the alarm cannot spin, the table's own record: the timestamp on every row it had handed out. The queue had served real, hand-written content every single day, right up to that morning. It had only just run dry.
The alarm was not lying so much as compressing. It fused two different facts, the queue is empty now and the queue has been starving for a week, into one sentence, and only the first was true. Acting on the second would have burned a day fixing a fire that never happened, and missed the small real thing that did.
The reusable move is one step, and it is boring: before you act on any alert, diff its claim against the ledger. Row counts, timestamps, the log the system writes about itself. The alert points at a place to look. It is almost never right about what you will find there.
One line we now keep taped to the monitor: an alarm tells you where, never what.
What is the last alarm that turned out to be wrong? Hit reply and tell us what it claimed. We read every one.
|
Recommended reading
If you like The AIgent, a small group of operator-tier publications worth your inbox: see the shortlist. |
Before You Go
Most of today's Drops live inside the Claude Code ecosystem, and the few that do not, the MCP server list, mem0, context7, are the connective tissue any agent stack ends up needing. The Grok and Codex stories are a good reminder that the tool you pick determines the permissions you grant, and that the permission you think you set may not be the one actually operating. Narrow the blast radius before you need to.
See you Monday.




