Tagged #audit-log
2 {count, plural, one {post} other {posts}}.
-
· Paul Lukic
Per-Session Audit Logs: Scoping the Blast Radius of an AI Coding Agent
A single rolling audit log of every shell command your AI coding agent ran is good. A per-session log is better. Here's why scope matters, what changed in Coograph this week, and how to roll the same pattern into your own setup.
-
· Paul Lukic
The TanStack npm Compromise: Why Every AI Coding Agent Needs an Audit Log
On 11 May 2026, 84 malicious versions of 42 @tanstack/* packages hit npm and started stealing AWS, GCP, Kubernetes, Vault, GitHub, and SSH credentials. If your AI coding agent ran npm install during that window, you may never know. Here's why agent command logging is now non-negotiable.