Off topic, but I sincerely ask: am I the only one that is disturbed by the use of the term "Mac OS X" to refer to modern versions of the OS that is currently called "macOS"? (and not MacOS either)
Looks like the submitter used the wrong term - the actual link uses "macOS".
But to answer the question: Yes! I opened thinking it was going to be some awesome Leopard or Lion app.
I miss the name, mostly because the OS was interesting and fun in those days and boring and dreary and buggy and low contrast and poor UX and squircles and flat colours if it even has colours now.
A while loop, some prompts basically amounting to "this is how you format a system call" and "make no mistakes", there's also a regex + executor for detecting and executing system calls.
Would love to be able to use this with my Claude Max Plan subscription ($100/month)... not going to pay with an API Key which burns through tokens way faster. Might try it for the local Apple Intelligence and accessibility to drive local apps tho.
> Our Founder! of this project is battling cancer. Your Stars and Forks are appreciated.
I'm sorry to hear this, but I'm also surprised that this is the first thing I learnt about this project, and that it is written in the third person. It detracts from the project.
I don't have a problem with mentioning cancer, but they should've mentioned which cancer to raise awareness and help others. The ribbon icon is gold which means pediatric/childhood cancer?
Asking for stars and forks is where it gets weird. I understand a crowdfunding program but how is this going to help?
Makes it even weirder that this is a completely anonymous, we don't know who works on it, and actually the project pretends to be authored by "AI". look at commit history and contributors
I don't want to be cynical here, my dad was diagnosed with cancer too but this just feels like some LLM was given a prompt to maximize stars and forks and this is how that went. I am very sorry to say this.
Although not disclosed on this page, the author's name is mentioned on their other projects[0].
> Our founder, Todd Bruss, is currently battling Cancer. Through it all, he continues to pour his heart into InkPen. Your support and encouragement mean the world.
The author has posted about their project on LinkedIn as well[1].
Open-source maintainers don't owe anyone perfectly-manicured marketing copy on their landing pages. Honestly, the fact that is the first thing you learn humanises the username behind the keyboard
> the fact that is the first thing you learn humanises the username behind the keyboard
The username is macOS26. The name is "Agent!". As in "Agentic AI for your entire Mac Desktop". All commits are made by this entity.
Until someone here told me there is a real guy behind it I sincerely gotta say, it looks like there's no human behind the keyboard and actually there's no keyboard at all.
Combined with cancer message on top it made me think some LLM "agent" is trying different tricks because it was prompted to achieve maximum stars and forks. I feel shitty for saying this but how not to be cynical because literally that's what we degraded to thanks to "ai".
> Combined with cancer message on top it made me think some LLM "agent" is trying different tricks because it was prompted to achieve maximum stars and forks. I feel shitty for saying this but how not to be cynical because literally that's what we degraded to thanks to "ai".
AI might increase the volume of shitty things on the internet, but it's not like GitHub accounts weren't anonymous before AI, and it's not like people weren't using scammy tactics to boost their star count before AI.
If the fear of AI turn us into worse people in our interactions, that's kind of on us, not AI
The XPC architecture is the right call for privilege separation … it’s what makes sandboxing trustworthy on macOS rather than just advisory. I’m really curious how it handles the trust boundary between LLM responses and the XPC service layer. The most obvious attack surface is prompt injection via a document the agent reads, which then instructs it to do something in Safari or Messages that the user wouldn’t normally sanction. XPC gives you OS-enforced process isolation but doesn’t help you if the privileged process is faithfully executing a poisoned instruction.
What’s the current model for distinguishing user intent from “content the agent read”? Is it purely the system prompt guidance, or is there something structural?
> Securely runs root-level commands via a dedicated macOS Launch Daemon
lovely.
Off topic, but I sincerely ask: am I the only one that is disturbed by the use of the term "Mac OS X" to refer to modern versions of the OS that is currently called "macOS"? (and not MacOS either)
I mean, the name was changed ten years ago...
Looks like the submitter used the wrong term - the actual link uses "macOS".
But to answer the question: Yes! I opened thinking it was going to be some awesome Leopard or Lion app.
I miss the name, mostly because the OS was interesting and fun in those days and boring and dreary and buggy and low contrast and poor UX and squircles and flat colours if it even has colours now.
It wasn’t even “Mac OS X” ten years ago, but “OS X”. “Mac OS X” was 15 years ago.
So…
What is a harness? People have been talking about it and couldn’t glean what it is
A while loop, some prompts basically amounting to "this is how you format a system call" and "make no mistakes", there's also a regex + executor for detecting and executing system calls.
you forgot the memory model. Which is an absolutely essential and hard to design part of the agent.
and occasionally, UI prompts with QA.
Is this "macos26" official Apple github account?
Nope, looks like someone's angling for some sweet domain parking money.
Or a lawsuit, given macOS is a trademark.
Would love to be able to use this with my Claude Max Plan subscription ($100/month)... not going to pay with an API Key which burns through tokens way faster. Might try it for the local Apple Intelligence and accessibility to drive local apps tho.
talk to claude.
Anthropic don't allow that unfortunately
Emoji in the macOS menu bar, that's new.
I've been using it for years with https://github.com/boxed/DevBar
> Our Founder! of this project is battling cancer. Your Stars and Forks are appreciated.
I'm sorry to hear this, but I'm also surprised that this is the first thing I learnt about this project, and that it is written in the third person. It detracts from the project.
What a crazy comment. The first clause of your first sentence was more than enough.
Imagine seeing a cancer announcement and thinking, 'This is bad for the branding.' Your lack of empathy is what’s actually detracting here.
I don't have a problem with mentioning cancer, but they should've mentioned which cancer to raise awareness and help others. The ribbon icon is gold which means pediatric/childhood cancer?
Asking for stars and forks is where it gets weird. I understand a crowdfunding program but how is this going to help?
Makes it even weirder that this is a completely anonymous, we don't know who works on it, and actually the project pretends to be authored by "AI". look at commit history and contributors
I don't want to be cynical here, my dad was diagnosed with cancer too but this just feels like some LLM was given a prompt to maximize stars and forks and this is how that went. I am very sorry to say this.
Although not disclosed on this page, the author's name is mentioned on their other projects[0].
> Our founder, Todd Bruss, is currently battling Cancer. Through it all, he continues to pour his heart into InkPen. Your support and encouragement mean the world.
The author has posted about their project on LinkedIn as well[1].
[0] https://inkpen.io/ [1] https://www.linkedin.com/in/principal-software-engineer-swif...
OK, I take it back. What can I say, even knowing he is working on this LLM stuff that's becoming the curse of humanity I still wish him beat cancer.
Open-source maintainers don't owe anyone perfectly-manicured marketing copy on their landing pages. Honestly, the fact that is the first thing you learn humanises the username behind the keyboard
> the fact that is the first thing you learn humanises the username behind the keyboard
The username is macOS26. The name is "Agent!". As in "Agentic AI for your entire Mac Desktop". All commits are made by this entity.
Until someone here told me there is a real guy behind it I sincerely gotta say, it looks like there's no human behind the keyboard and actually there's no keyboard at all.
Combined with cancer message on top it made me think some LLM "agent" is trying different tricks because it was prompted to achieve maximum stars and forks. I feel shitty for saying this but how not to be cynical because literally that's what we degraded to thanks to "ai".
> Combined with cancer message on top it made me think some LLM "agent" is trying different tricks because it was prompted to achieve maximum stars and forks. I feel shitty for saying this but how not to be cynical because literally that's what we degraded to thanks to "ai".
AI might increase the volume of shitty things on the internet, but it's not like GitHub accounts weren't anonymous before AI, and it's not like people weren't using scammy tactics to boost their star count before AI.
If the fear of AI turn us into worse people in our interactions, that's kind of on us, not AI
The XPC architecture is the right call for privilege separation … it’s what makes sandboxing trustworthy on macOS rather than just advisory. I’m really curious how it handles the trust boundary between LLM responses and the XPC service layer. The most obvious attack surface is prompt injection via a document the agent reads, which then instructs it to do something in Safari or Messages that the user wouldn’t normally sanction. XPC gives you OS-enforced process isolation but doesn’t help you if the privileged process is faithfully executing a poisoned instruction.
What’s the current model for distinguishing user intent from “content the agent read”? Is it purely the system prompt guidance, or is there something structural?
Thanks for posting.