Digest #219: Fable 5's 1,810-line PR in 30 minutes, GitHub's rebuild revolt, Postgres' only scalable delete and AI-narrated crypto malware
From an AI model opening an 1,810-line pull request on its own in half an hour, to Cursor, GitLab and Zed all agreeing GitHub is broken while disagreeing on the fix.
Fable 5 opened a 1,810-line pull request on Tabularis this week. Thirty-seven new tests, all passing, in about half an hour. The line count isn’t the interesting part. It’s that it didn’t just build the feature it was asked for. It refactored the shared connection logic first, as the maintainers said they would have done themselves.
A few days later, Cloudflare pointed a different kind of agent at its own code. A harness that hunts for vulnerabilities, then hands every finding to a second, different model to argue it down. It surfaced 13,841 real bugs across 145 repositories. One model finds, another model doubts, and only what survives reaches a human.
While two teams were teaching AI to build and audit code, someone else was teaching it to sell malware. A Rust clipboard hijacker shipped with roughly 15,500 wallet addresses baked in, fronted by AI-generated YouTube narrators reading polished tutorials to an audience of coordinated fake comments.
Notice the pattern. The same kind of autonomous agent is now writing production code, auditing it, and, in the wrong hands, packaging the attack. The more capable they get, the more of the unglamorous work they can actually own. That’s the bet behind Mendral: an autonomous AI DevOps engineer that takes the jobs your team shouldn’t be doing by hand, like supply chain security, and just handles them.
In the tutorials: how a single prompt injection turned Claude Code’s own GitHub Action into a way to read your API keys, the gameday that proved Datadog’s Postgres failover wasn’t actually safe, and why one NULL can make a NOT IN query quietly return nothing at all.
On video: Postgres branching that clones a database in under a second and scales to zero, plus why slow learning still wins in the AI era.
Then six devtools worth a look, including a Kubernetes desktop client that installs nothing in your cluster, a bastion that fronts SSH, Postgres, and Kubernetes with no client software, and an MCP server that indexes the entire Linux kernel in three minutes.
Platform engineering on autopilot
Mendral is an autonomous AI DevOps engineer that handles the work your engineers shouldn’t be doing manually anymore: supply chain security, flaky CI, slow builds, and anything else specific to your stack - Try it out!
Newsworthy stories
Hackers use AI-generated YouTube narrators to promote Crypto malware
Fable 5 opened a 1,810-line, 37-test PR on Tabularis in 30 minutes
Infrastructure as Code needs software engineering, not more config tooling
How Cloudflare’s multi-agent harness found 13,841 bugs across 145 repos
Tutorials of the week
Videos of the week
Projects of the week
Klustr is a native Go/React Kubernetes desktop client that drives Helm, Argo CD, Flux, and cert-manager from your kubeconfig with no in-cluster components.
Local Cloud Browser is a native macOS GUI for 28 AWS-compatible services, using Keychain credentials and read-only by default.
WinPodX runs Windows apps as native Linux windows via FreeRDP RemoteApp, built in Python and Qt6.
Zvec is Alibaba’s in-process C++ vector database that searches billions of vectors in milliseconds with hybrid retrieval.
codebase-memory-mcp is an MCP server that builds code knowledge graphs, enabling AI agents to skip re-reading files and index the 28M-line Linux kernel in 3 minutes.
Warpgate is a transparent Rust bastion and PAM for SSH, HTTPS, Kubernetes, MySQL, and Postgres with no client-side software.
Meme of the week
If you have feedback to share or are interested in sponsoring this newsletter, feel free to reach out via LinkedIn or simply reply to this email.