Bernato Blog
Posts on multi-machine AI agent orchestration, sandboxing, signed provenance, and the homelab process-orchestration ladder. Newest first.
- Best Tools for Verifying AI-Generated Code Changes in 2026Manual review, CI, static analysis, LLM review bots, and cryptographic provenance each catch a different kind of failure. None of them alone is enough. Here is the honest breakdown.Jul 11, 2026
- The Case for a Local-First Agent Fleet (and When Cloud Orchestration Wins Anyway)Local-first wins on cost, privacy, and latency for most individual developers. Here is exactly where that stops being true, with a calculator to find your own crossover point.Jul 6, 2026
- Dial-Out WebSockets Explained: How Bernato Reaches Your Agents Without Opening a PortNo port forward, no UPnP gamble. The daemon dials out to a broker and holds the socket open, so your home machine never has to accept inbound connections.Jun 25, 2026
- Signed Provenance for AI Coding Agents: How to Prove a Diff Wasn't Hallucinated"It compiles" proves nothing. Signed provenance hashes and signs every step from prompt to diff, so anyone downstream can verify the code came from the run it claims to.Jun 14, 2026
- Approval Fatigue Is Real: Designing Permission Prompts Agents and Humans Both TrustIf every agent action pops an approval, people start rubber-stamping. Here is what actually changes that: narrow scope, batching, and a prompt that says exactly what's being asked.Jun 3, 2026
- How Many Claude Code Agents Can One Machine Actually Run?The real bottleneck usually isn't CPU. Use the calculator to estimate a safe concurrent-agent count for your own RAM and cores.May 23, 2026
- Devcontainers vs Bernato Sandboxes for Running Untrusted AI CodeDevcontainers isolate with a full container filesystem. Bernato uses native OS sandboxing with capability tokens. Here is when each one actually wins.May 12, 2026
- PM2 vs systemd vs Bernato for AI Agent FleetsPM2 and systemd keep a process alive. Neither knows what a capability token is or gives you a live terminal you can approve from your phone. Here is the real comparison.May 1, 2026
- Kill Switches for AI Agents: Design Patterns That Actually Stop a Runaway ProcessSIGTERM is a request, not a command. Here is how to design a kill switch with a grace period, a hard fallback, and a master switch that works when the dashboard doesn't.Apr 20, 2026
- Capability-Based Permissions: A Safer Model Than Full Disk Access, Yes or NoBinary permission prompts train people to click yes. Capability tokens let you grant an agent exactly what it needs, nothing more, and log every grant.Apr 9, 2026
- Is ngrok Safe for Your Home Server? An Honest Risk Assessmentngrok is convenient but routes your traffic through a third-party relay. Here's the actual threat model, what ngrok sees, and when self-hosted alternatives are worth the switch.Mar 30, 2026
- Run Claude Code on Every Machine You OwnA laptop, a GPU rig, a homelab box, an old Mac mini under the TV. Here's how to run Claude Code on all of them and supervise everything from one dashboard, or your phone.Mar 26, 2026
- Sandboxing Claude Code on macOS: Stop Yolo Mode Without Losing Power--dangerously-skip-permissions is fine until it isn't. Here's how to wrap Claude Code in macOS Seatbelt with capability tokens.Jan 17, 2026
- Keep a Claude Code Session Alive After Closing the TerminalClaude Code's Remote Control documentation says 'your terminal must remain open.' Here's how to make that not be true, using a daemon that owns the agent, not your shell.Dec 11, 2025
- Git Worktrees + Bernato: Parallel Claude Code Sessions With Full SupervisionGit worktrees solve 'agents fighting over node_modules.' Bernato solves 'where is each agent running.' Combine them and you have N independent CC sessions, all visible from one screen.Nov 4, 2025
- The Audit Log Every AI Agent NeedsIf something weird happens, can you say what the agent did? A local append-only activity log is the difference between investigation and guesswork.Oct 16, 2025
- Tailscale vs Cloudflare Tunnel vs Bore: What I Use For My Daemon's TunnelBest ngrok alternative that keeps data on your own hardware. Honest review of three reverse-tunneling stacks: when each is right.Oct 6, 2025
- When Kubernetes Is Overkill: A Process Orchestrator for HomelabBest process manager for homelab servers in 2026. K3s alternative for homelab enthusiasts who don't need pod scheduling.Aug 4, 2025
- What Is Zero-Trust Process Orchestration?A short, opinionated definition. A control plane for spawning, supervising, and killing processes across machines you own, where every action is authenticated and every decision is logged.Jul 26, 2025
- Best Process Manager for Homelab in 2026: PM2, Supervisor, systemd, Bernato ComparedSix process managers ranked by what they're actually good at, with the decision matrix that says which one for your homelab.Jul 8, 2025
- LAN-Direct Routing for Local DashboardsWhen you're on the same Wi-Fi as your daemon, the dashboard talks to 127.0.0.1 directly and falls back to a tunnel only when needed.Jun 26, 2025
- Restart-on-Crash for Long-Running AI AgentsAI agents crash. Models 500. Network blips. Here's a small ceiling-and-backoff design that stops infinite respawns without giving up on transient errors.Apr 18, 2025
- Pair a Machine in 30 Seconds Without SSH Keys (Capability Tokens)SSH key pairing is two-factor. Capability tokens collapse the manual step into a one-time token issued by the tray.Apr 16, 2025