| ▲ | Claude Code Router(github.com) |
| 158 points by y1n0 5 days ago | 58 comments |
| |
|
| ▲ | cadamsdotcom 5 days ago | parent | next [-] |
| All these new tools are so exciting, but running untrusted code which auto-updates itself is blocking me from trying these tools. I wish for a vetting tool. Have an LLM examine the code then write a spec of what it reads and writes, & you can examine that before running it. If something in the list is suspect.. you’ll know before you’re hosed not after :) |
| |
| ▲ | nothrabannosir 4 days ago | parent | next [-] | | Throwing more llm at a prompt escaper is like throwing more regexp at a html parser. If the first llm wasn’t enough, the second won’t be either. You’re in the wrong layer. | | |
| ▲ | scroogey 4 days ago | parent | next [-] | | Here's an alternative perspective: https://x.com/rauchg/status/1949197451900158444 Not a professional developer (though Guillermo certainly is) so take this with a huge grain of salt, but I like the idea of an AI "trained" on security vulnerabilities as a second, third and fourth set of eyes! | | |
| ▲ | aprilthird2021 4 days ago | parent | next [-] | | You p much just linked to an ad for a vibe coding platform. If you don't know what you're doing, you are going to make more security mistakes. Throwing LLMs into it doesn't increase your "know what you're doing" meter. | |
| ▲ | ffsm8 4 days ago | parent | prev [-] | | I'm not sure how to take that seriously with the current reality where almost all security findings by LLM tools are false positives While I suspect that's gonna work good enough on synthetic examples for naive and uninformed people to get tricked into trusting it... At the very least, current LLMs are unable to provide enough stability for this to be useful. It might become viable with future models, but there is little value in discussing this approach currently.
At least until someone actually made a PoC thats at least somewhat working as designed, without having a 50-100% false positive quota. You can have some false positives, but it has to be low enough for people to still listen to it, which currently isn't the case. |
| |
| ▲ | mathgeek 3 days ago | parent | prev [-] | | While I agree with the idea of vetting things, I too get a chuckle when folks jump straight from "we can't trust this unknown code" to "let's trust AI to vet it for us". Done it myself. |
| |
| ▲ | troupo 4 days ago | parent | prev | next [-] | | > All these new tools are so exciting, Most of these tools are not that exciting. These are similar-looking TUIs around third-paty models/LLM calls. What is the difference between this, and https://opencode.ai? Or any of the half a dozen tools that appeared on HN in the past few weeks? | |
| ▲ | lionkor 5 days ago | parent | prev | next [-] | | that's cool and all, before you get malicious code that includes prompt injections and code that never runs but looks super legit. LLMs are NOT THOROUGH. Not even remotely. I don't understand how anyone can use LLMs and not see this instantly. I have yet to see an LLM get a better failure rate than around 50% in the real world with real world expectations. Especially with code review, LLMs catch some things, miss a lot of things, and get a lot of things completely and utterly wrong. It takes someone wholly incompetent at code review to look at an LLM review and go "perfect!". Edit: Feel free to write a comment if you disagree | | |
| ▲ | esafak 4 days ago | parent | next [-] | | They work better in small, well-commented code bases in popular languages. The further you stray from that the less successful they are. That's on top of the quality of your prompt, of course. | |
| ▲ | jclardy 3 days ago | parent | prev | next [-] | | > I don't understand how anyone can use LLMs and not see this instantly Because people in general are not thorough. I've been playing around with Claude Code and before that, Cursor. And both are great tools when targeted correctly. But I've also tried "Vibe" coding with them and it is obvious where people get fooled - it will build a really nice looking shell of a product that appears to be working, but then you step into using it past the surface layer and issues start to show. Most people don't look past the surface layer, and instead keep digging in having the agent build on the crappy foundation, until some time later it all falls apart (And since a lot of these people aren't developers, they have also never heard of source control.) | |
| ▲ | resonious 5 days ago | parent | prev | next [-] | | If you know that LLMs are not thorough going into it, then you can get your failure rates way lower than 50%. Of course if you just paste a product spec into an LLM, it will do a bad job. If you build an intuition for what kinds of asks an LLM (agent, really) can do well, you can choose to only give it those tasks, and that's where the huge speedups come from. Don't know what to do about prompt injection, really. But "untrusted code" in the broader sense has always been a risk. If I download and use a library, the author already has free reign of my computer - they don't even need to think about messing with my LLM assistant. | |
| ▲ | stpedgwdgfhgdd 4 days ago | parent | prev [-] | | My suggestion is to try CC, use a language like Go, and read their blogs how they use it internally. They are transparent what works and what does not work. |
| |
| ▲ | Eggpants 4 days ago | parent | prev | next [-] | | You can always chroot the directory you're using to isolate the tools from the rest of your system. That is unless your using a toy operating system of course. ;) | |
| ▲ | adastra22 4 days ago | parent | prev [-] | | Put it in a docker instance with a mounted git worktree? | | |
| ▲ | dimava 4 days ago | parent [-] | | Aka VSCode DevContainer? Could work I think (be wary of sending .env to the web though) | | |
| ▲ | adastra22 4 days ago | parent [-] | | One way of doing it, yes. Why would your dev repo have any credentials in .env? |
|
|
|
|
| ▲ | crocowhile 5 days ago | parent | prev | next [-] |
| This is what got me started with claude-code. I gave it a try using openrouter API and got a bill of $40 for 2-3 hours of work. At that point, subscription to the Anthropic plan became a no-brainer |
| |
| ▲ | esafak 4 days ago | parent [-] | | Which model did you use in Openrouter, Claude? | | |
| ▲ | crocowhile 4 days ago | parent [-] | | I tried quite a few of them, including the cheap / free models but the only one that was really working was claude. The others were hanging whenever the model needed a confirmation for action. Mind you, this was some time ago. |
|
|
|
| ▲ | blitzar 4 days ago | parent | prev | next [-] |
| What is the secret sauce of Claude Code that makes it, somewhat irrespective of the backend LLM, better than the competition? Is it just better prompting? Better tooling? |
| |
| ▲ | CuriouslyC 4 days ago | parent | next [-] | | The agentic instructions just seem to be better. It does stuff by default (such as working up a plan of action) that other agents need to be prompted for, and it seems to get stuck less in failure sinks. The actual Claude model is decent, but claude code is probably the best agentic tool out there right now. | |
| ▲ | eawgewag 4 days ago | parent | prev | next [-] | | tbh, claude code is the only product that feels like its made by people who have actually used AI tooling on legacy codebases for pretty much every other tool i've used, you walk away from it with the overwhelming feeling that whoever made this has never actually worked at a company in a software engineering team before i realize this isn't an answer with satisfactory evidence-based language. but I do believe that there's a core `product-focus` difference between claude with other tools | |
| ▲ | ethan_smith 4 days ago | parent | prev [-] | | Claude's edge comes from its superior context handling (up to 200K tokens), better tool use capabilities, and constitutional AI training that reduces hallucinations in code generation. | | |
| ▲ | FergusArgyll 4 days ago | parent [-] | | 200 k is the lowest among any frontier llm | | |
| ▲ | NullifyNAN 3 days ago | parent [-] | | Yeah but most fall apart at lower context than advertised. They do great at simple stuff like needle in a haystack tests but totally flop when you actually try and use that context for something productive. |
|
|
|
|
| ▲ | EnPissant 5 days ago | parent | prev | next [-] |
| Claude Code with a plan is so much cheaper than any API. |
| |
| ▲ | esafak 4 days ago | parent [-] | | Do you feel this is true of both the Pro and Max plans? | | |
| ▲ | tobyjsullivan 4 days ago | parent [-] | | It depends on your usage patterns, presumably. In my case, I ended up accruing $100/day w/ Claude Code (on github workflows) so Max x20 was an easy decision. Pro seems targeted at a very different use case. Personally, I’ve never used the chat enough to break even. But someone who uses it several times per day might. ETA: I get that the benefits transfer between the two, just with different limits. I still think it’s pretty clear which kind of usage each plan is intended for. |
|
|
|
| ▲ | sc077y 2 days ago | parent | prev | next [-] |
| I tried installing and setting up the project today, it was miserable. I finally got it to work only to find out that the mistral models' tool calling does not work at all for claude code. Also, there is no mention anywhere of what models actually support anthropic level tool calling. If anyone knows if there are some open weight models (deepseek or others) I can host on my infra to get this to work out of the box that would be amazing. |
|
| ▲ | sylware 4 days ago | parent | prev | next [-] |
| It is a bit off-topic here, but anybody tried to use such LLMs for code porting: from c++ (and similar) to plain C99+? |
| |
|
| ▲ | nxobject 4 days ago | parent | prev | next [-] |
| Unfortunately, I haven’t been able to use this with many of the recent open weight code/instruct models - CC tool use doesn’t work with Qwen3 and Kimi K2 for me. |
|
| ▲ | margarina72 5 days ago | parent | prev | next [-] |
| Feels very similar to Aider[1] 1: https://aider.chat/ |
| |
| ▲ | linsomniac 4 days ago | parent | next [-] | | Anyone care to compare the current Aider with Claude Code? I tried Aider 6+ months ago and liked it but haven't tried it more recently because Claude Code is working so well for me. But I keep feeling like I should try Aider again. | | |
| ▲ | ripley12 4 days ago | parent [-] | | Aider is good at one-shotting Git commits, but requires a human in the loop for a lot of iteration. Claude Code is better at iterating on problems that take multiple tries to get right (which is most problems IMO). I was really impressed by Aider until I started using CC. |
| |
| ▲ | esafak 4 days ago | parent | prev | next [-] | | I recently tried Aider and it seemed a bit behind. It's not getting as much development as the others either: https://github.com/Aider-AI/aider/pulse/monthly Compare with https://github.com/sst/opencode/pulse/monthly | |
| ▲ | KronisLV 5 days ago | parent | prev | next [-] | | There’s also RooCode which is pretty nice: https://marketplace.visualstudio.com/items?itemName=RooVeter... (fork of Cline, that one’s also good) Ofc some might prefer the pure CLI experience, but mentioning that because it also supports a lot of providers. | |
| ▲ | andretti1977 4 days ago | parent | prev [-] | | I moved from Aider to ClaudeCode for the simple reason i usually use IntelliJ Idea and even if poorer than RooCode on VSCode, integration between IntelliJ and ClaudeCode is reasonably solid.
That said today i started using CCR since the possibility to use different models is extremely interesting (and the reason why i initially used Aider) |
|
|
| ▲ | firemelt 5 days ago | parent | prev | next [-] |
| btw do you have javascript's stack background? |
|
| ▲ | hansmayer 4 days ago | parent | prev [-] |
| No please folks. Personally I have always been excited about the AI as a scientific discipline and practical field, and still am. But lets please stop trying to make a dead-end application of an otherwise interesting technology work. Its like those people who were still trying to build electronics with vaccuum tubes after transistors were invented. We need a transistor moment in the AI, not more vaccuum tubes. |
| |
| ▲ | anuramat 4 days ago | parent | next [-] | | If language is a dead-end application of language models, I don't know what isn't; the tooling is architecture agnostic anyway > after transistors were invented But we don't have "transistors" yet, what's your point exactly? | | |
| ▲ | hansmayer 3 days ago | parent [-] | | Given the vast space of AI research results since the 1950s, I would not say that we dont have transistors yet. Just that we are not applying them. | | |
| ▲ | anuramat 3 days ago | parent [-] | | So, researchers are insanely lazy/secretly against AI/controlled by the Big Data? | | |
| ▲ | hansmayer 2 days ago | parent [-] | | I never said anything remotely similar to that, you must be projecting. |
|
|
| |
| ▲ | itsthecourier 4 days ago | parent | prev [-] | | what are you talking about? how is this a deadend? it improves over existing tools | | |
| ▲ | hansmayer 4 days ago | parent [-] | | I am not disputing that it improves the tools. But looking at the entire picture, the whole concept of using LLMs as a general purpose utility is a dead-end. Just the basic arithmetics of it does not add up. If you told your manager you had spent 20,000 dollars on a project, generating a pre-tax revenue of 100 dollars, i.e. creating net loss of 19,900 USD, you'd be fired right away. But somehow the GenAI industry has a similar investment-to-revenue ratio on a much larger scale and still the wishful thinking is in it's fifth year? I get it that people want to get in on the ride but just that having to add so much on top of it, constantly new plugins, tools, concepts, whatever all so that we can avoid seeing this for what it is - building TVs with vaccuum tubes, when what we desparately need are transistors, not improved vaccuum tubes. Just as we did not need faster horses in the era of Ford T-Model. | | |
| ▲ | NullifyNAN 3 days ago | parent | next [-] | | DeepSeek has shown that it makes 500% profit and it sells tokens for far lower than any big AI company. https://www.reuters.com/technology/chinas-deepseek-claims-th... These companies are unprofitable because of balance sheet shenanigans. See “Hollywood Accounting”. There is absolutely no way they are not turning massive profit. They are serving relatively similar models to open source at 5-50x the price. GLM 2.5 is $0.60 in, $2.20 out and it’s basically equivalent to Claude Opus. Opus is $15 in and $75 out. No way they’re operating at a massive loss. | | |
| ▲ | hansmayer 3 days ago | parent [-] | | I have no idea about DeepSeek. But the US-based GenAI leaders are in fact, operating under massive loss. |
| |
| ▲ | 93po 4 days ago | parent | prev [-] | | OpenAI would be profitable if they stopped all investment and research and just sold their existing products. So this argument doesn't really match reality. | | |
| ▲ | hansmayer 4 days ago | parent | next [-] | | Sure, feel free to break down the numbers. | | |
| ▲ | 93po 3 days ago | parent [-] | | In 2024 they had a $5 billion loss. About $3b of that was training. $1.5b was employees. I'm sure there's at least another $0.5b of costs associated to building out rather than just serving inference. In reality it's probably several times that. So if you cut employees to just maintaining what they have, fire all researchers etc, stop expansion, and stop training, you'd be profitable. Which is dumb and they wouldn't do that, but my point isn't that it's realistic, but rather that they could sell what they have at a profit if they wanted to. | | |
| ▲ | hansmayer 3 days ago | parent [-] | | So they could be profitable, but the conditions to achieve the profitability are dumb and unrealistic. Your own words. Somehow you claim to have still made your point, because a company firing all its employees and stopping all product development could be profitable, right? Because thats what companies do routinely, they just maximise profits by firing everyone once the product is mature enough and can practically take care of itself. I wonder why all the e-commerce companies just dont apply this one simple trick? Is that the argument that you are making? Now for the calculations - are you sure the losses are only 5B? Well, if we just account for the Microsoft donated Azure credits, they run a lot of their workloads on, its probably a lot, lot more than that. Unaccounted for in the OpenAI books perhaps, but still a huge material investment, that does not make any returns to anyone, hence a (by definition) loss. | | |
| ▲ | 93po 3 days ago | parent [-] | | I'm not sure what your original point was. Either it's that serving AI as a business model is impossible to run at a profit, which I easily demonstrated is not the case. If it's just serving the model, then yes, it works, and there's tons of businesses doing just that and operating at a profit. Or is that's the expense of evening running a GPU to serve a model is not worth the value that the model running on the GPU is capable of making, which is demonstrably not true, given that people are paying anywhere from dozens to hundreds of dollars a month, and there is an eventual payback period for both the cost of the hardware and electricity there. | | |
| ▲ | hansmayer 2 days ago | parent [-] | | I think it was on you to make a point here, not me. What is it that you demonstrated? I only saw a lot of creative imagination and "could be-would be" scenarios. |
|
|
|
| |
| ▲ | Eggpants 4 days ago | parent | prev [-] | | Citation needed. |
|
|
|
|
