Ideas, updates, and the thinking behind what we build.
How to Keep Your API Keys Safe When Using Cursor
Cursor indexes your workspace for AI suggestions. If your .env file is in the workspace, your secrets are in the index. Here's the fix.
Read articleClaude Code Security Best Practices — Protect Your Secrets and Your Codebase
Claude Code has full file system access. Here's how to use it safely — from .env protection to hook-based DLP scanning.
Read articleUsing MCP to Give AI Agents Safe Access to Secrets
The Model Context Protocol lets AI tools call external services. Here's how to use it for secrets without exposing raw values.
Read articleFree Alternatives to 1Password CLI for macOS Developers
1Password CLI costs $36/year. Here are free options that store secrets just as securely — including one that adds AI agent protection.
Read articleThe 5 Best macOS Secrets Managers for Developers in 2026
We tested every macOS secrets manager worth using. Here's what actually works for developer workflows — and what doesn't.
Read articleThe Best dotenv Alternatives in 2026 — And Why .env Files Need to Go
dotenv served us well. But with AI agents reading project files, plaintext secrets are a liability. Here are 6 better options.
Read articleThe Encrypted Handoff — How to Give AI Agents Secrets Without Exposing Them
Your AI agent needs your API key but shouldn't see it. Here's the pattern: detect the agent, encrypt the value, deliver via self-deleting script.
Read articleWhy We Deleted Every .env File — And What Replaced Them
47 .env files, duplicated API keys, expired tokens. We replaced them all with macOS Keychain storage. Here's the full migration.
Read articlemacOS Keychain Tutorial for Developers — Store API Keys the Right Way
Your Mac has a hardware-encrypted credential store. Here's how to use it for API keys, tokens, and secrets instead of .env files.
Read articleNoxKey — A macOS Secrets Manager With Touch ID and AI Agent Detection
Store API keys in macOS Keychain with Touch ID. NoxKey detects AI agents automatically and delivers secrets via encrypted handoff.
Read articleSmall team, sharp tools
How a two-person indie studio ships 5 products. Our stack, process, and the opinions we've earned building developer tools.
Read articleHow to Protect Your API Keys From AI Coding Agents
AI agents can read every .env file on your machine. Here are 5 concrete ways to stop them from exposing your secrets.
Read articleHow We Built Process-Tree Agent Detection
Walk the macOS process tree to detect AI agents requesting secrets, then switch to encrypted handoff. Here's the full implementation.
Read articleYes, AI Agents Can Read Your .env Files — Here's What to Do About It
Claude Code, Cursor, and Copilot have full file system access. Your .env files are plaintext. Do the math.
Read article6 Ways AI Agents Leak Your API Keys and Secrets
AI coding agents read .env files, echo credentials in debug output, and store tokens in logs. Here's how each leak happens and how to fix it.
Read articleBuilding tools we actually use
Every tool we ship started as something we needed. Why dogfooding builds better developer tools than user research alone.
Read articleThe Developer's Guide to Credential Hygiene
12.8 million secrets leaked on GitHub in 2024. Most weren't hacks — they were habits. Here are the 7 worst and how to fix them.
Read articleHow Touch ID Protects Your API Keys — A Hardware Security Boundary
Touch ID uses the Secure Enclave for per-access biometric auth on every secret. No unlock window. No master password. Silicon, not software.
Read articleNative Apps Aren't Nostalgia. They're an Advantage.
15x smaller, 8x less memory, 9x faster startup. Native macOS apps outperform Electron on every metric that matters.
Read articlemacOS Keychain for Developers: A Practical Guide
Your Mac has an encrypted, hardware-backed credential store with Touch ID. Here's how to actually use it for API keys and secrets.
Read articleStop Putting API Keys in .env Files — Use Your OS Keychain Instead
The dotenv pattern has no encryption, no auth, no access control. In 2026, with AI agents reading project files, it is a liability.
Read articleWe Left Bubble. Here's Why We Bet on AI-Native Code.
No-code got us started. AI coding let us leave. Here's what changed and why the complexity ceiling is real.
Read articleWhy we design for how people think, not what software can do
Cognitive load kills products. We use psychology — Hick's Law, visual grouping — to build interfaces that feel effortless.
Read article