The latest articles on Forem by Stephen Lee (@euphorie). https://forem.com/euphorie https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3812611%2F702150c9-6f65-44b8-96da-379a8f81bb43.png https://forem.com/euphorie en Stephen Lee Fri, 03 Apr 2026 05:02:06 +0000 https://forem.com/euphorie/i-stopped-building-ai-tools-and-started-doing-the-tasks-manually-instead-5de4 https://forem.com/euphorie/i-stopped-building-ai-tools-and-started-doing-the-tasks-manually-instead-5de4 <p>I've been building AI products for a while now. Every time I thought I knew what to automate, I was wrong.</p> <p>So I tried something different. Instead of building another tool, I put up a simple page: describe a repetitive task, pay $5, I do it and email you the result.</p> <p>The tech stack is intentionally boring. Django backend, Stripe checkout, SQLite, static HTML frontend. No React. No AI. No accounts. The whole thing is under 500 lines of code.</p> <p>Why? Because the product isn't the software. The product is the dataset of tasks people submit. Every submission gets categorized: input type, output type, difficulty, whether AI failed at it, whether it's recurring.</p> <p>After enough submissions, patterns emerge. Those patterns become the first automated tools. The manual execution phase is just product discovery with real revenue.</p> <p>The site is euphorie.com if you want to see how minimal it is.</p> <p>Has anyone else tried using manual execution as a product discovery method? Curious what other approaches people have used to figure out what to build.</p> ai automation productivity startup Stephen Lee Sun, 08 Mar 2026 08:03:30 +0000 https://forem.com/euphorie/how-i-built-a-trust-scoring-hook-for-claude-code-1465 https://forem.com/euphorie/how-i-built-a-trust-scoring-hook-for-claude-code-1465 <p>I've been using Claude Code for a while and realized I had zero visibility into what the agent was doing across sessions. Which tools it called, whether it touched files it shouldn't have, how many calls it made per task.</p> <p>So I built a hook that scores every session.</p> <h2> What it does </h2> <p>The hook listens to three Claude Code events:</p> <ul> <li> <strong>PostToolUse</strong> — records every tool call, checks it against an allowlist, flags protected path access</li> <li> <strong>PreToolUse</strong> — blocks tool calls that touch sensitive files like <code>.env</code> or SSH keys</li> <li> <strong>Stop</strong> — computes the final trust score and logs it</li> </ul> <p>At the end of each session you get:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[authe.me] Trust Score: 92 (reliability=100 | scope=75 | cost=100) [authe.me] tools=14 violations=1 failed=0 </code></pre> </div> <h2> The scoring </h2> <p>Three dimensions, weighted into an overall score:</p> <ul> <li> <strong>Reliability (40%)</strong> — what percentage of tool calls succeeded</li> <li> <strong>Scope (35%)</strong> — did the agent stay within your allowed tools and paths. Each violation drops the score by 25 points</li> <li> <strong>Cost (25%)</strong> — how many tool calls were made. Under 20 is fine, over 100 starts flagging</li> </ul> <h2> Hash chaining </h2> <p>Every tool call event gets hashed with the previous hash, creating a chain. If someone tampers with the log, the chain breaks. Same concept as blockchain audit trails but much simpler.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">compute_hash</span><span class="p">(</span><span class="n">prev_hash</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="n">payload</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">prev_hash</span><span class="si">}</span><span class="s">:</span><span class="si">{</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">sort_keys</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span> <span class="k">return</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">sha256</span><span class="p">(</span><span class="n">payload</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()[:</span><span class="mi">16</span><span class="p">]</span> </code></pre> </div> <h2> Protected path blocking </h2> <p>The PreToolUse hook checks if Claude is about to read or edit a sensitive file. If it matches, the hook returns a deny decision with a reason that Claude receives as feedback:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">result</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">hookSpecificOutput</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">hookEventName</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">PreToolUse</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">permissionDecision</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">deny</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">permissionDecisionReason</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">authe.me policy: .env is a protected path.</span><span class="sh">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Claude sees the denial reason and adjusts its plan.</p> <h2> Install </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> ~/.claude/hooks ~/.authe curl <span class="nt">-fsSL</span> https://raw.githubusercontent.com/autheme/claude-code-hook/main/authe-hook.py <span class="nt">-o</span> ~/.claude/hooks/authe-hook.py <span class="nb">chmod</span> +x ~/.claude/hooks/authe-hook.py </code></pre> </div> <p>Then add the hook config to <code>~/.claude/settings.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"hooks"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"PostToolUse"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"matcher"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"hooks"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"command"</span><span class="p">,</span><span class="w"> </span><span class="nl">"command"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AUTHE_HOOK_EVENT=PostToolUse python3 ~/.claude/hooks/authe-hook.py"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Stop"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"matcher"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"hooks"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"command"</span><span class="p">,</span><span class="w"> </span><span class="nl">"command"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AUTHE_HOOK_EVENT=Stop python3 ~/.claude/hooks/authe-hook.py"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Single file, zero dependencies, pure Python.</p> <h2> What's next </h2> <p>Working on remote reporting so you can aggregate scores across sessions and agents. Also building an OpenClaw plugin that does the same thing for that ecosystem.</p> <p>Repo: <a href="https://github.com/autheme/claude-code-hook" rel="noopener noreferrer">github.com/autheme/claude-code-hook</a></p> <p>Built with Claude. Would love feedback from anyone running Claude Code in production.</p> claudecode ai python security