Show HN: Fence – Jiminy Cricket for AI coding agents
TL;DR
Andrios, founder of hoop.dev, presents Fence as the first of three open-source projects created during an internal 20 percent side-project push. Fence is meant to stop AI coding agents such as Claude Code and Codex before they execute destructive commands, including variants of 'rm -rf' or 'sudo rm -rf $HOME'. The claimed difference from a denylist is intent detection: the tool says it reads what the agent is trying to do, not only the literal command string.
Nauti's Take
Fence lands on a real pain point because agent safety often becomes urgent only after something breaks. The idea is strong, but the pitch is still thin: 'reads intent' sounds useful, yet needs concrete examples, false-positive data, and bypass testing.
As a guardrail for Claude Code and Codex, it is plausible; as a standalone safety promise, it is not enough yet. The early HN traction suggests this is more of a technical trial balloon than a validated standard.
Briefingshow
Coding agents increasingly get shell access and operate inside real repositories, not just toy sandboxes. In that setting, a classic denylist is brittle because commands can be varied, wrapped, or expressed indirectly. Fence targets a real safety gap, but its value depends on whether intent detection can separate legitimate maintenance work from genuinely destructive edge cases.