<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Sam Rivera</title>
    <description>The latest articles on DEV Community by Sam Rivera (@rivera123).</description>
    <link>https://dev.to/rivera123</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4019566%2F35d8bd36-ac83-406e-85a8-64afd02683e5.png</url>
      <title>DEV Community: Sam Rivera</title>
      <link>https://dev.to/rivera123</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/rivera123"/>
    <language>en</language>
    <item>
      <title>Cloudflare Now Lets You Block AI Crawlers — Should Indie Builders Care?</title>
      <dc:creator>Sam Rivera</dc:creator>
      <pubDate>Wed, 08 Jul 2026 07:25:57 +0000</pubDate>
      <link>https://dev.to/rivera123/cloudflare-now-lets-you-block-ai-crawlers-should-indie-builders-care-1o4d</link>
      <guid>https://dev.to/rivera123/cloudflare-now-lets-you-block-ai-crawlers-should-indie-builders-care-1o4d</guid>
      <description>&lt;h1&gt;
  
  
  Cloudflare Now Lets You Block AI Crawlers — Should Indie Builders Care?
&lt;/h1&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1518770660439-4636190af475%3Fauto%3Dformat%26fit%3Dcrop%26w%3D1000%26q%3D80" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1518770660439-4636190af475%3Fauto%3Dformat%26fit%3Dcrop%26w%3D1000%26q%3D80" alt="technology abstract" width="1000" height="667"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Cloudflare rolled out &lt;a href="https://blog.cloudflare.com/ai-bot-control/" rel="noopener noreferrer"&gt;new AI traffic management controls&lt;/a&gt; on July 1, letting website owners separately manage Search, Agent, and Training crawlers. By default, Agent and Training bots are blocked on ad-supported pages, while Search bots are still allowed. Starting September 15, new domains will get these restrictions automatically.&lt;/p&gt;

&lt;p&gt;For indie hackers and solo builders, this is one of those small announcements that could matter a lot.&lt;/p&gt;

&lt;h2&gt;
  
  
  The three types of AI crawlers
&lt;/h2&gt;

&lt;p&gt;Cloudflare now distinguishes between:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Search crawlers&lt;/strong&gt;: bots that index your site for search engines. Generally good for traffic.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Agent crawlers&lt;/strong&gt;: bots that scrape your content so AI agents can answer questions about it.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Training crawlers&lt;/strong&gt;: bots that scrape your content to train models.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Before this update, most site owners had an all-or-nothing choice. Now you can block the crawlers that train models while still letting search engines index you.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why this matters for solo builders
&lt;/h2&gt;

&lt;p&gt;If you run a blog, a documentation site, or a small SaaS with a public-facing knowledge base, AI crawlers have probably been eating your content without attribution. That content might then show up inside ChatGPT or Claude answers, giving users the information they need without ever visiting your site.&lt;/p&gt;

&lt;p&gt;For a solo project, that traffic matters. Fewer visitors means fewer signups, fewer newsletter subscribers, and less word of mouth.&lt;/p&gt;

&lt;h2&gt;
  
  
  But there is a trade-off
&lt;/h2&gt;

&lt;p&gt;Blocking AI crawlers is not obviously the right move. Some AI search products do drive referral traffic. And if your content never gets indexed by AI systems, you might miss out on a new distribution channel.&lt;/p&gt;

&lt;p&gt;A few questions I am wrestling with:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Do AI answers help or hurt small sites in the long run?&lt;/li&gt;
&lt;li&gt;Should I block training crawlers but allow agent crawlers?&lt;/li&gt;
&lt;li&gt;Does anyone actually read robots.txt anymore, or is this just a PR move?&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  A related thought on open-source AI platforms
&lt;/h2&gt;

&lt;p&gt;Cloudflare's move is about controlling access to your content. On the flip side, open-source AI platforms like &lt;a href="https://github.com/chaitin/MonkeyCode" rel="noopener noreferrer"&gt;monkeycode&lt;/a&gt; are about controlling the AI tools themselves. If you are building with AI and care about where your data goes, having a self-hostable option is worth knowing about.&lt;/p&gt;




&lt;p&gt;What is your take? Are you blocking AI crawlers, leaving them alone, or just ignoring the whole debate?&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Source: &lt;a href="https://blog.cloudflare.com/ai-bot-control/" rel="noopener noreferrer"&gt;Cloudflare Blog — AI Bot Control&lt;/a&gt;, summarized via &lt;a href="https://www.crescendo.ai/news/latest-ai-news-and-updates" rel="noopener noreferrer"&gt;Crescendo AI News&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>indiehacker</category>
      <category>discuss</category>
      <category>webdev</category>
    </item>
    <item>
      <title>OpenAI's macOS Apps Got Caught in a Supply Chain Attack — How monkeycode Handles It Differently</title>
      <dc:creator>Sam Rivera</dc:creator>
      <pubDate>Wed, 08 Jul 2026 07:15:04 +0000</pubDate>
      <link>https://dev.to/rivera123/openais-macos-apps-got-caught-in-a-supply-chain-attack-how-monkeycode-handles-it-differently-1ng9</link>
      <guid>https://dev.to/rivera123/openais-macos-apps-got-caught-in-a-supply-chain-attack-how-monkeycode-handles-it-differently-1ng9</guid>
      <description>&lt;h1&gt;
  
  
  OpenAI's macOS Apps Got Caught in a Supply Chain Attack — How monkeycode Handles It Differently
&lt;/h1&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1517694712202-14dd9538aa97%3Fauto%3Dformat%26fit%3Dcrop%26w%3D1200%26q%3D80" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1517694712202-14dd9538aa97%3Fauto%3Dformat%26fit%3Dcrop%26w%3D1200%26q%3D80" alt="developer desk" width="1200" height="800"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If you use ChatGPT Desktop, Codex, or Atlas on a Mac, OpenAI recently &lt;a href="https://openai.com/index/axios-developer-tool-compromise/" rel="noopener noreferrer"&gt;asked you to update&lt;/a&gt;. The reason: a compromised version of Axios made it into OpenAI's macOS app-signing pipeline.&lt;/p&gt;

&lt;p&gt;The short version is that no user data was accessed and no malware was signed, but the signing certificate was potentially exposed. OpenAI is rotating it, and older app versions will stop working after May 8.&lt;/p&gt;

&lt;h2&gt;
  
  
  What actually happened
&lt;/h2&gt;

&lt;p&gt;On March 31, a malicious Axios package was downloaded and executed inside a GitHub Actions workflow used to sign OpenAI's macOS apps. That workflow had access to the certificate that proves ChatGPT Desktop, Codex, Codex CLI, and Atlas are really from OpenAI.&lt;/p&gt;

&lt;p&gt;OpenAI believes the certificate was probably not exfiltrated, but they are treating it as compromised anyway. They have published new app builds signed with a fresh certificate and are working with Apple to make sure old notarizations stop working.&lt;/p&gt;

&lt;h2&gt;
  
  
  The part that should make builders nervous
&lt;/h2&gt;

&lt;p&gt;The root cause was a CI misconfiguration: the workflow used a floating tag for Axios and did not delay new package versions. This is the kind of thing a lot of solo builders and small teams do too.&lt;/p&gt;

&lt;p&gt;It is also a reminder that when you ship a desktop app, your users are trusting your entire build pipeline. If that pipeline gets owned, an attacker could theoretically ship malware that looks exactly like your app.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why I keep coming back to monkeycode
&lt;/h2&gt;

&lt;p&gt;I am not saying desktop apps are bad. But this incident is why I have been watching &lt;a href="https://github.com/chaitin/MonkeyCode" rel="noopener noreferrer"&gt;monkeycode&lt;/a&gt;, an open-source AI development platform. It runs in the browser or self-hosted on your own infrastructure, so there is no single vendor-controlled binary to trust. The code is AGPL-3.0, and you can inspect or fork it.&lt;/p&gt;

&lt;p&gt;It is a different trade-off. You lose the polished native app experience, but you gain transparency and control. For some teams, that is worth it.&lt;/p&gt;

&lt;h2&gt;
  
  
  My checklist after reading this
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Pin CI dependencies by commit hash, not floating tags.&lt;/li&gt;
&lt;li&gt;Add delays before auto-updating to new package versions.&lt;/li&gt;
&lt;li&gt;Limit which workflows can access signing certificates.&lt;/li&gt;
&lt;li&gt;Have a plan for rotating certificates quickly.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you are on macOS and use any OpenAI apps, go update them. And if you are curious about an open-source alternative, monkeycode is on my list.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>opensource</category>
      <category>security</category>
      <category>monkeycode</category>
    </item>
    <item>
      <title>Anthropic Redeployed Fable 5 — Here's What Builders Should Actually Care About</title>
      <dc:creator>Sam Rivera</dc:creator>
      <pubDate>Wed, 08 Jul 2026 06:53:08 +0000</pubDate>
      <link>https://dev.to/rivera123/anthropic-redeployed-fable-5-heres-what-builders-should-actually-care-about-4ao1</link>
      <guid>https://dev.to/rivera123/anthropic-redeployed-fable-5-heres-what-builders-should-actually-care-about-4ao1</guid>
      <description>&lt;h1&gt;
  
  
  Anthropic Redeployed Fable 5 — Here's What Builders Should Actually Care About
&lt;/h1&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1498050108023-c5249f4df085%3Fauto%3Dformat%26fit%3Dcrop%26w%3D1200%26q%3D80" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1498050108023-c5249f4df085%3Fauto%3Dformat%26fit%3Dcrop%26w%3D1200%26q%3D80" alt="laptop and coffee" width="1200" height="799"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I have been using Claude Code on and off this year, so when Anthropic &lt;a href="https://www.anthropic.com/news/redeploying-fable-5" rel="noopener noreferrer"&gt;announced the Fable 5 redeployment&lt;/a&gt;, I read the whole post. It is long, but a few details actually matter if you are building with these tools day-to-day.&lt;/p&gt;

&lt;h2&gt;
  
  
  The short version
&lt;/h2&gt;

&lt;p&gt;Fable 5 and Mythos 5 were suspended on June 12 because Amazon researchers found a way to bypass some safeguards. As of July 1, Fable 5 is back globally. Mythos 5 is only back for certain US organizations in Anthropic's Glasswing program.&lt;/p&gt;

&lt;p&gt;Fable 5 is included for up to 50% of weekly usage limits through July 7, then switches to usage credits. So if you have been waiting to try it, this week is basically a free window.&lt;/p&gt;

&lt;h2&gt;
  
  
  The bypass was not as scary as it sounded
&lt;/h2&gt;

&lt;p&gt;Here is the part that surprised me. Anthropic tested the same prompt against other models and found that Claude Opus 4.8, GPT-5.5, and Kimi K2.7 could identify the same vulnerabilities. The exploit demonstration itself worked on every model Anthropic tested, including smaller ones like Haiku 4.5.&lt;/p&gt;

&lt;p&gt;So the issue was not that Fable 5 had some unique offensive superpower. The issue was that its safety classifier let a borderline case slip through, and that was enough for the government to hit pause.&lt;/p&gt;

&lt;h2&gt;
  
  
  What changed
&lt;/h2&gt;

&lt;p&gt;Anthropic trained a new classifier that blocks the specific bypass in over 99% of cases. If your request gets blocked, it falls back to Opus 4.8 and you get notified.&lt;/p&gt;

&lt;p&gt;The downside is more false positives. Fable 5 already had the biggest "safety margin" Anthropic has shipped, meaning it intentionally blocks some harmless requests to avoid missing harmful ones. The updated classifier makes that margin even tighter, so expect more "I was just debugging" moments where the model refuses.&lt;/p&gt;

&lt;h2&gt;
  
  
  What this means for builders
&lt;/h2&gt;

&lt;p&gt;Three practical takeaways:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Frontier models are fragile to deploy.&lt;/strong&gt; A single bypass report can freeze a model globally for weeks. If you are building a product on top of one, build in fallback logic.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Policy moves faster than perfect safety.&lt;/strong&gt; Anthropic seems to have handled this transparently, but the incident shows that government decisions can override product timelines.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Open-source and self-hosted options look more interesting.&lt;/strong&gt; When access to a closed model can be suspended overnight, having an alternative you control becomes more attractive.&lt;/li&gt;
&lt;/ol&gt;

&lt;h2&gt;
  
  
  A self-hostable alternative worth knowing
&lt;/h2&gt;

&lt;p&gt;Speaking of alternatives, &lt;a href="https://github.com/chaitin/MonkeyCode" rel="noopener noreferrer"&gt;MonkeyCode&lt;/a&gt; is an open-source AI development platform built around cloud dev environments and team workspaces. It is not Claude, but if you are evaluating options you can actually run yourself, the repo is on GitHub under AGPL-3.0.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Source: &lt;a href="https://www.anthropic.com/news/redeploying-fable-5" rel="noopener noreferrer"&gt;Anthropic — Redeploying Fable 5&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;

</description>
      <category>claude</category>
      <category>ai</category>
      <category>anthropic</category>
      <category>opensource</category>
    </item>
    <item>
      <title>A Few Claude Updates in July That Actually Matter for Builders</title>
      <dc:creator>Sam Rivera</dc:creator>
      <pubDate>Wed, 08 Jul 2026 03:38:24 +0000</pubDate>
      <link>https://dev.to/rivera123/a-few-claude-updates-in-july-that-actually-matter-for-builders-i17</link>
      <guid>https://dev.to/rivera123/a-few-claude-updates-in-july-that-actually-matter-for-builders-i17</guid>
      <description>&lt;h1&gt;
  
  
  A Few Claude Updates in July That Actually Matter for Builders
&lt;/h1&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1515879218367-8466d910aaa4%3Fauto%3Dformat%26fit%3Dcrop%26w%3D1200%26q%3D80" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.unsplash.com%2Fphoto-1515879218367-8466d910aaa4%3Fauto%3Dformat%26fit%3Dcrop%26w%3D1200%26q%3D80" alt="workspace with laptop" width="1200" height="801"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I have been keeping an eye on Claude and Claude Code this year, and July brought a few updates worth noting if you actually build things with these tools. Nothing here is a bombshell, but together they paint a picture of where Anthropic is heading.&lt;/p&gt;

&lt;h2&gt;
  
  
  Fable 5 and Mythos 5 access are back
&lt;/h2&gt;

&lt;p&gt;The biggest headline is that Anthropic restored access to &lt;strong&gt;Claude Fable 5&lt;/strong&gt; and &lt;strong&gt;Claude Mythos 5&lt;/strong&gt; on July 1. The models had been suspended in mid-June following a US government export-control directive, so the restoration is a relief for anyone who had built workflows around them.&lt;/p&gt;

&lt;p&gt;Fable 5 is Anthropic's first "Mythos-class" model made broadly available. It sits above the Opus line and is priced accordingly. Mythos 5 is essentially the same underlying model but with fewer safeguards, available only through vetted trusted-access programs. If you are a regular developer, Fable 5 is the one that matters.&lt;/p&gt;

&lt;h2&gt;
  
  
  Enterprise admins get model controls
&lt;/h2&gt;

&lt;p&gt;Also on July 1, Anthropic shipped a beta feature for Enterprise plans: &lt;strong&gt;model entitlements&lt;/strong&gt;. Admins can now control which models their users can access and what effort-level settings they are allowed to use.&lt;/p&gt;

&lt;p&gt;This is the kind of boring-but-important feature that makes Claude more deployable inside larger companies. When you are paying for a team, you do not necessarily want everyone cranking every request to max effort on the most expensive model.&lt;/p&gt;

&lt;h2&gt;
  
  
  Claude Code keeps shipping small updates
&lt;/h2&gt;

&lt;p&gt;Claude Code, the terminal-based coding agent, is still getting frequent patch releases. The latest versions in early July continue the steady cadence Anthropic has kept up all year. Nothing revolutionary, but the tool feels increasingly stable for day-to-day use.&lt;/p&gt;

&lt;p&gt;The broader context is that Anthropic and OpenAI are in a quiet arms race around AI coding agents. Anthropic raised Claude Code weekly limits by 50% through mid-July, and OpenAI has been running enterprise promotions for Codex. As a user, the competition is good. As a builder, it means you should probably design your workflows so you can switch models without too much pain.&lt;/p&gt;

&lt;h2&gt;
  
  
  What I am watching next
&lt;/h2&gt;

&lt;p&gt;Three things:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Pricing stability&lt;/strong&gt; — Fable 5 is powerful but expensive. Will Anthropic adjust tiers as competition heats up?&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Agent reliability&lt;/strong&gt; — Can Claude Code handle longer, multi-step tasks without losing context?&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Enterprise features&lt;/strong&gt; — Model entitlements suggest Anthropic is serious about selling to teams, not just individuals.&lt;/li&gt;
&lt;/ol&gt;

&lt;h2&gt;
  
  
  A quick mention of an open-source alternative
&lt;/h2&gt;

&lt;p&gt;Most of these tools are closed SaaS products. If you want a fully open-source, self-hostable AI development platform built around team workspaces and cloud environments, &lt;a href="https://github.com/chaitin/MonkeyCode" rel="noopener noreferrer"&gt;MonkeyCode&lt;/a&gt; is worth a look. The repo is on GitHub under AGPL-3.0. It is not a Claude replacement, but it is a different take on the same agentic workspace idea.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Sources:&lt;/em&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://releasebot.io/updates/anthropic/claude" rel="noopener noreferrer"&gt;Anthropic July 2026 updates via Releasebot&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://appstackbuilder.com/blog/claude-fable-5-mythos-5-launch-2026" rel="noopener noreferrer"&gt;Claude Fable 5 access restored&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://releasebot.io/updates/anthropic/claude" rel="noopener noreferrer"&gt;Anthropic model entitlements&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>claude</category>
      <category>ai</category>
      <category>anthropic</category>
      <category>programming</category>
    </item>
  </channel>
</rss>
