Agent Gate tool flags GitHub Actions permission escalations for human review

·1 views

A developer tested a tool called Agent Gate by submitting a sandbox pull request that changed a GitHub Actions workflow permission from 'contents: read' to 'contents: write'. The tool detected the escalation using a built-in default policy — without relying on an LLM or executing any PR code — and posted a warning comment directly on the pull request. The developer clarified that the finding does not assume the PR is malicious, as permission increases can be intentional, but argues such changes warrant deliberate human review before merging. The current default behavior is to warn rather than block, with teams given the option to promote the rule into a hard merge gate after tuning. The developer opened a broader discussion asking how other teams treat this type of finding: as a blocker, a warning, or routine noise.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Hugging Face MCP lets AI agents audit model repos directly inside your IDE

Developers working with large language models often lose time manually browsing Hugging Face repositories to verify file structures, tags, and model weights across multiple browser tabs. The Model Context Protocol (MCP) addresses this by enabling AI agents to programmatically inspect Hugging Face repos — checking files, metadata, and discussions — without the developer leaving their coding environment. Tools such as list_model_files, get_model_tags, and list_model_discussions allow agents to perform deep technical audits rather than simple keyword searches. The same approach extends to dataset discovery, letting agents scan and verify dataset splits needed for fine-tuning runs entirely within the workflow context. However, the author flags a key security concern: granting an MCP server access to a Hugging Face API token requires careful consideration given the potential for credential exposure.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds Telegram-Based AI Bot to Handle Small Business Customer Tasks

A developer has built an AI-powered Telegram bot designed to act as a virtual employee for small businesses, handling customer service, order management, and sales support around the clock. The system is built on a Python/Flask stack with NGINX as a reverse proxy, using multiprocessing to run multiple employee roles simultaneously without slowdowns. AI responses are generated via the ModelHub API, which provides access to DeepSeek models at a lower cost than mainstream alternatives. Telegram webhooks are used instead of polling, allowing the bot to respond near-instantly only when a message is received. The developer claims the solution is affordable, easy to deploy without coding, and fills a gap between expensive human hires and overly simplistic chatbots.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

reskSecure Blocks LLM Jailbreaks at Token Level Using Bitmask Policy Engine

A new open-source Python library called reskSecure offers a token-level security firewall for large language models, blocking forbidden outputs before they are ever sampled rather than scanning text after generation. The tool uses a bitmask-based policy engine with YAML-defined rules, applying either hard blocks or configurable bias penalties to token probabilities when a matching pattern is detected. It leverages the Aho-Corasick algorithm to simultaneously search thousands of patterns with minimal latency impact. reskSecure integrates with any HuggingFace model via the logits processor API and supports hot-reloadable policies without requiring a restart. The library is available on PyPI under the package name resksecure and requires Python 3.13 and PyTorch 2.0 or higher.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer builds three-action unpublish and archive workflow in Sanity CMS

A developer has shared a custom content lifecycle workflow built for Sanity CMS client projects, replacing the default single unpublish action with three distinct actions: Unpublish, Archive, and Restore. The approach avoids permanent deletion by keeping all documents in the dataset and using a hidden status field to control visibility on the front end. Archiving a document unpublishes it and flags it with a status of 'archived', allowing the front end to serve a 404 or redirect rather than live content. A Restore action flips the status back to 'active' without auto-publishing, giving editors control over when content goes live again. The workflow is scoped to specific content types such as posts, pages, and case studies via Sanity's document actions API.

0 comments Read more at DEV Community