🔍 Main Branch: The One Where We Slow Down and Read the Fine Print

Hiya friends,

Read the title and you already know.

Speed without understanding is just how you end up with a codebase nobody can maintain and a privacy setting nobody thought to check.

Speaking of which.

🚢 What Shipped

GitHub updated its Privacy Statement and Terms of Service. Read the changelog. This dropped March 25. You have until April 24 to act.

Starting then, GitHub will use interaction data from Copilot Free, Pro, and Pro+ to train AI models. Your prompts, suggestions, code context. Copilot Business and Enterprise are not affected.

Opt out at github.com/settings/copilot under Privacy. If you already opted out of product improvement data collection, you’re covered. If you’re on Free, Pro, or Pro+, check now. Don’t assume.

Your private repo source code is still off limits. This is about what you type while using Copilot, not what’s sitting in your repo.

Secret scanning got 28 new detectors in March. Read the changelog. 28 new secret types from 15 providers, including Vercel, Snowflake, Supabase, and Lark. Vercel API keys, Supabase secret keys, and Snowflake connection strings now have push protection on by default. GitHub blocks the commit before the secret lands.

Also new: validity checks for npm, Airtable, DeepSeek, Pinecone, and Sentry tokens. Now you can see if a detected secret is still active, not just that it showed up.

If secret scanning has been on your to-do list, this is the week to check it off.

🎧 What I’m Reading

Thoughts on slowing the fuck down — Mario Zechner. Mario’s case isn’t that agents are bad. It’s that when you step out of the loop, you lose the ability to see what’s breaking before it’s too late. The bit about “compounding booboos” has been in my head all week.

Worth your time if: you’ve shipped something agentic and haven’t looked at it closely in a while.

🔧 What I’m Using

OpenClaw gets called “just cron jobs” a lot. It isn’t. But it does need your real browser sometimes, and that’s where I got uncomfortable. So I built Claw Relay to fix that. Token auth, permission scoping, site allowlists, full logging. My agents browse with my real sessions, only what I allow. Open source: github.com/AndreaGriffiths11/claw-relay

✨ This Week

My oldest dog tore his CCL. This truly sucks. We got Charlie by complete accident and he has been here for all of it. Our oldest kid was non-verbal for a long time — he learned to say Charlie’s name before almost anything else. Charlie moved to SF with us when I switched careers. When I had cancer he became a therapy dog, never leaving my side. He’s almost 100 in human years and I can’t carry him. I can’t control that. So I coded. He was nearby doing what he does, just being the best boy.

Go pet your dog.

With gratitude,

I’ll see you next week, Andrea

📌 P.S.: This is Charlie in 2017, the year he made the GitHub pet calendar.