2 / 1759

Show HN: Fence – Jiminy Cricket for AI coding agents

TL;DR

hoop.dev released Fence as the first of three internal side-project tools. The open-source project is meant to stop AI coding agents before they run destructive shell commands. Fence is already used with Claude Code and Codex. Cursor support is being held back until there is enough adoption and feedback. The pitch: Fence is not just a denylist. It tries to read command intent, including dangerous variants around rm -rf or sudo rm -rf $HOME.

Nauti's Take

Test Fence with intentionally dangerous commands in a throwaway repo before adding it to real agent workflows. The idea is useful, but the source base is still thin: it is unclear how well Fence handles obfuscated shell variants, aliases, scripts, and multi-step commands.

Briefingshow

AI coding agents increasingly get access to real terminals, repositories, and local files. A guardrail that evaluates intent rather than plain text targets the gap between sandboxing, prompt rules, and human review. The project is still very early, and the HN post offers more pitch than hard field evidence.

Sources