AI agents pull Git locally, GitLab automates rate limits
Former GitHub CEO Thomas Dohmke’s startup Entire previewed a distributed Git network that mirrors repos across regions, letting AI coding agents fetch code locally and avoid central rate limits. In internal tests the system handled 570k clones and 2 million pushes per hour, promising lower latency and higher reliability for the AI‑driven dev pipeline.
A three‑person pod used GitLab Duo Agent platform to rewrite and consolidate GitLab’s dual rate‑limiting codebases into a single labkit‑ruby implementation. The AI‑driven loop generated specs, code, and tests, delivering 30+ merge requests with no downtime, while exposing workflow gaps that humans must still guard.
Block's Builderbot, built on open‑source Goose, orchestrates AI agents via Slack to handle tickets, write code, open PRs, run CI, and merge. It runs >200k operations daily and merges ~1,500 PRs weekly, about 15% of production changes, cutting developer load and speeding Square POS updates.
etcd 3.7.0 introduces RangeStream, letting clients stream massive key ranges in chunks and slashing latency and memory use. It also retires the legacy v2 store, adds keys‑only range optimization and upgrades core dependencies, delivering noticeable CPU savings for Kubernetes control planes.
Cube Sandbox, an open‑source service built on RustVMM and KVM, boots hardware‑isolated sandboxes for AI agents in under 60 ms using less than 5 MB of RAM. It works with the E2B SDK, supports single‑node and multi‑node clusters, and adds snapshot, auto‑pause and policy‑based egress controls.
Airbnb rebuilt its Sitar‑agent sidecar in Java, using Amazon S3 to push config snapshots to every pod. The design lets tens of thousands of services receive configuration changes multiple times per minute without redeploys, improving reliability and speed at massive scale.
PgDog lets you add Postgres connection pooling without breaking session state, SET commands, or LISTEN/NOTIFY. Its built‑in SQL parser tracks per‑client settings so you avoid the leaky abstractions that force code changes in existing apps. Scale safely while keeping full database feature support.
Postgres now bundles features, unlogged tables, materialized views, pgvector, TimescaleDB, and more, enough to cover caching, queues, search, document storage, vector and time‑series workloads. Dropping extra databases slashes operational overhead, costs, and debugging complexity, letting teams focus on product rather than plumbing.
Coinbase’s internal AI gateway runs 1,200 agents that automatically route requests to the cheapest model that can do the job. By defaulting to open‑weight models, routing by task type, and boosting cache hits from 5% to 60%, the firm halved its AI bill while token usage kept rising.
GitHub Security Lab bundles six free settings, SECURITY.md, private vulnerability reporting, secret scanning, Dependabot, code scanning, and branch protection, into a single guided flow that can be enabled in under half an hour. Activating them slashes obvious attack vectors and signals a serious security posture to contributors.
North Korean actors have broadened the PolinRider supply‑chain campaign to npm, Packagist, Go modules and a Chrome extension, injecting 162 malicious releases across 108 packages. The attackers hide obfuscated JavaScript loaders in legitimate repositories, stealing developer credentials and pushing blockchain‑based payloads. Teams must treat affected environments as compromised, rotate secrets, and audit repo histories.
Noma Labs uncovered a prompt‑injection flaw in GitHub’s new Agentic Workflows that lets anyone post a crafted issue in a public repo and have the AI agent read and echo private code from other repos in the same organization. The attack requires no credentials, exposing critical source code and highlighting the need for tighter AI guardrails.
Vercel bought open‑source auth startup Better Auth to build Agent Auth, a protocol that gives AI agents their own login, scoped permissions and revocable access. This lets teams treat agents as separate principals instead of sharing a human’s credentials, tightening security and control in increasingly automated DevSecOps pipelines.
JetBrains announced Central, a vendor‑agnostic platform that layers policy enforcement, audit trails, and cost controls over agents like Claude Code, Codex and Gemini CLI. It lets developers keep their preferred tools while giving orgs unified visibility and compliance, turning AI‑assisted coding into a managed DevSecOps capability.
Subscribe free