The 6 AM Problem
Every morning, my workflow looked the same: check GitHub notifications, triage security alerts from my bug bounty pipeline, scan RSS feeds for AI news, summarize yesterday's Slack messages, and compile a daily briefing. It took 90 minutes. Every. Single. Day.
I'm a developer. I automate things. So I built an AI agent to do it for me.
The Stack
I wanted something lightweight — no Kubernetes clusters, no $500/month API bills. The stack:
- Python 3.12 — async where it matters, simple where it doesn't
- Hermes — the open-source agent framework from Nous Research (runs locally on a Raspberry Pi 5)
- OpenAI-compatible LLM — I use DeepSeek V3 via OpenRouter ($0.89/million tokens)
- Cron — because systemd timers are overkill for a morning script
Architecture: The Pipeline
The agent runs at 6:00 AM and executes 5 skills in sequence:
[GitHub Poller] → [Security Scanner] → [RSS Reader] → [Slack Digest] → [Briefing Writer]
↓ ↓ ↓ ↓ ↓
PRs + Issues CVEs + Reports Curated articles Channel summaries Markdown report
Each skill is a self-contained Python module with a run() entry point. The agent orchestrates them, handles retries, and stitches outputs together.
Skill 1: GitHub Poller
async def run(config):
async with aiohttp.ClientSession() as session:
notifications = await fetch_github_notifications(session, config.github_token)
prs = await fetch_review_requests(session, config.github_token)
return {"notifications": notifications, "prs": prs}
Simple. It hits the GitHub API, grabs everything I'd normally scroll through manually, and categorizes by priority.
Skill 2: Security Scanner
This one checks my HackerOne inbox, filters new CVEs matching my tech stack, and cross-references with my bug bounty targets. I built it using the Bug Bounty Automation Kit workflow — it's a $15 time-saver that taught me the recon-to-report pipeline I never had time to learn properly.
Skill 3 & 4: RSS + Slack
RSS feeds go through a relevance filter (LLM-powered, naturally). Slack messages get summarized with a "what did I miss?" prompt. The prompt engineering here was the hardest part — getting the LLM to extract actionable items, not just summarize everything equally.
Skill 5: The Briefing Writer
The final skill takes all outputs and generates a single Markdown file dropped on my desktop:
# Morning Briefing — June 20, 2026
## 🔴 Critical
- [PR #342] Auth middleware refactor — needs review by EOD
- [CVE-2026-12345] log4j variant in your dependency tree
## 🟡 Important
- 3 new HackerOne reports on target: example.com
- Slack: Team decided on PostgreSQL migration timeline
## 🔵 FYI
- Anthropic released Claude 4 paper
- LangChain deprecated (again) — migration guide linked
The Hard Parts
1. Prompt Engineering Is a Dark Art
Getting the LLM to output consistent, parseable JSON from unstructured Slack messages took 14 iterations. My breakthrough: ask it to output a reasoning chain first, then the structured data. (This is now built into the AI Agent Toolkit I'll link below — it would have saved me a weekend.)
2. Rate Limiting Hell
GitHub, HackerOne, Slack, RSS feeds — they all have different rate limits. I built a token-bucket rate limiter that queues requests and spreads them across the 5-minute window. Not glamorous, but it prevents 429 errors.
3. The "Hallucination Problem"
Early versions of the Slack summarizer would invent messages. "Team lead said we're switching to Rust" — no, they absolutely did not. I fixed this by anchoring every claim to a specific message timestamp and including a confidence score. Below 0.7? It goes in an "uncertain" section.
Results
After 3 months of running this daily:
| Metric | Before | After |
|---|---|---|
| Morning routine time | 90 min | 12 min (review only) |
| Missed GitHub reviews | 3-4/week | 0 |
| Late security patches | 2/month | 0 |
| Total time saved/week | — | ~10 hours |
You Can Build This Too
If you want to skip the 14 prompt iterations and the rate-limiter debugging, I packaged the core patterns into an AI Agent Toolkit — it's $9 and includes:
- 12 battle-tested agent skill templates (GitHub, Slack, RSS, HackerOne, and more)
- The token-bucket rate limiter (with async support)
- Prompt templates with chain-of-thought anchoring (the hallucination fix)
- A CLI runner that works with any OpenAI-compatible endpoint
If you're into bug bounty automation specifically, the Bug Bounty Automation Kit ($15) covers the full recon-to-report workflow I used for Skill 2.
Both are open-source on GitHub: github.com/ulnit/agent-store
What's Next
I'm adding a voice interface so I can ask follow-up questions during my coffee — "Show me the diff for that critical PR" — without touching a keyboard. The agent framework handles this natively, so it's mostly a TTS/STT integration problem.
Automation isn't about replacing your judgment. It's about removing the 80% of your morning that's just reading and sorting so you can spend your energy on the 20% that actually needs a human brain.
Happy building! 🚀
Top comments (0)