This week’s supply chain news is rough: 32 malicious @redhat-cloud-services npm packages stealing credentials via a preinstall hook, and Mitiga finding spyware and 1,230+ leaked API keys hidden inside AI agent instruction files. On the building side, AWS shipped Lambda MicroVMs for running untrusted and AI-generated code in isolation, Postgres 19 hit beta, and one engineer doubled their test suite by dropping per-test SQL migrations.

Feature deployed. Did it actually work?

A change can pass CI and review and still break checkout the moment it deploys. Cleric follows every agent-written change into production, checks that it did what you meant, and gives you a verdict: it worked, fix this, or roll back - See it work on a real change.

Newsworthy stories

• How to become ridiculously good at Kubernetes

• Malware in AI instruction files, plus 1,230+ leaking API keys

• How to render giant code diffs in the browser

• What’s coming in the Postgres 19 beta

• Cutting SQL migrations from tests doubled the suite speed

• Lambda MicroVMs: what you need to know

• Inside the Red Hat npm “Miasma” credential-stealing campaign

Tutorials of the week

• Running isolated sandboxes with Lambda MicroVMs

• Running AI agents safely inside Kubernetes

• Automating PostgreSQL backups to S3 with Airflow

• Building an incident management workflow

• PostgreSQL 18 performance wins on Aurora and RDS

• The feedback loops behind Kubernetes

• Cloning an ECS environment without rewriting Terraform

• Governing AI assets at scale with MCP Gateway and Registry

Videos of the week

Projects of the week

• no-mistakes is a Go local Git proxy that runs an AI review, test, and lint pipeline in an isolated worktree before pushing, then opens a clean PR.

• Hunk is a terminal diff viewer built for reviewing agent-authored changesets, with inline AI annotations.

• BoxBox is a self-hosted file manager for homelabs that supports chunked and resumable uploads.

  

• dbtrail is a point-in-time recovery tool for MySQL that runs time-travel queries and can undo cascade deletes without locks or restores.

• oh-my-reddit is a terminal Reddit client on Bubble Tea, with live-streaming comments and automatic browser session reuse.

• Orca is an agent orchestrator that runs Claude Code, Codex, and 40+ other CLI agents in parallel within git worktrees from a single desktop app.

Meme of the week