Slightly safer vibecoding by adopting old hacker habits

I have seen a lot of public discussion around supply-chain attacks on the Python ecosystem, prompt injection risks when using coding agents, and general worries about the security implications of "vibe coding" for the development machine.

In some of these discussions I find myself puzzled as to what problem is being solved - and it took me a while to realize that my failure to understand lies in the development setup that I tend to use.

In this blog post I'll quickly explain my development setup.

The setup is pretty simple:

• The actual development happens on a rented server (or a VM on that server).
• In order to do development, I SSH into that server with key-forwarding for my github keys enabled.
• I perform my development on the server by attaching to a screen or tmux session.
• I used to just use vim with various extensions, but with the advent of coding agents I also use claude code etc. nowadays.
• I avoid keeping secrets inside the development VM or on the development server.
• I let the agent churn away on problems for extended periods of time while I am detached from the tmux/screen.

There is still a significant risk of the github key forwarding being abused to compromise the upstream main repository.

The way around this is a bit cumbersome, but not much different from what many open-source projects already do: You keep a main repository, and you fork a development repository from it. Then you do all your development on the dev repository, and when you're done in your development branch, you issue a cross-repository pull request.

Obviously, a human needs to go through that PR with a fine comb - but this is something you want to do for insider risk etc. anyhow, so your risk profile changes only marginally.

In a setup like this, the main secret that you'll lose in a supply chain attack are your Claude credentials. And you don't need to worry about prompt injection into your coding agent too much, and can just focus on writing code.