Running automation pipelines with LangGraph agents that control real hardware (Raspberry Pi Pico W over USB HID) makes sandboxing non-negotiable. A rogue agent on a terminal is annoying, and sending the wrong HID commands to a device can brick it.
So here’s what I did: the agent only spits out a JSON action plan and never executes anything directly. A separate validator checks the plan against a whitelist of allowed USB commands before anything gets sent forward. In short, treat the agent like an untrusted external contributor—that’s exactly what it is.
The SSH/VM approach from the article works well for pure coding. But with hardware-in-the-loop setups, you need that extra barrier between "the agent wants to do X" and "X actually happens."
Résumé/CV: github.com/Open-Medusa (most repos are private)
Email: 0schii@proton.me
I build full-stack AI agent systems, generative video pipelines, and hardware/software integrations from scratch. Here’s what I’ve shipped lately:
Medusa: Local-first AI agent orchestrator. You’re the CEO, your AI agents handle the work, and they run Claude Code, Codex CLI, Gemini CLI, OpenCode, OpenClaw, and Copilot as a virtual team. Medusa reviews inboxes, creates tasks, and juggles workloads on its own. Build your own YAML workflows with a visual node editor, spin up git worktrees per agent, and manage everything from a pixel-art office UI (Pixi.js 8). It connects with Telegram, Discord, Slack, and WhatsApp. Includes seven workflow packs—one is a full-blown ComfyUI video production pipeline. Stack: React 19, Vite 7, Express 5, SQLite, TypeScript, full CI/CD.
Reely: AI-powered video reel generator with four modes: human-in-the-loop, fully autonomous, image-to-video, and AI editing. LangGraph handles workflow logic, ComfyUI does the heavy lifting. Features: smart scene similarity detection (LLM checks outfits and backgrounds), dynamic frame counts that match the original, dual prompt system (one for images, one for video), ControlNet for depth/pose edits. Stack: FastAPI, LangGraph, React/Vite, PySceneDetect, vLLM (Qwen2.5-VL).
VStress: Open-source VS Code extension that hooks live biometric data into your dev tools. Tracks stress with webcam rPPG, wearables, or AI agents. Check it out: github.com/Open-Medusa/VStress
Other projects: Remote-controlling iPhones through Raspberry Pi Pico W (using USB HID + vision-language model automation); building real-time video pipelines that inject physiological data into AI avatars (HeyGen, Tavus, LiveKit); 2+ years of deep ComfyUI/A1111 work (LoRA and checkpoint training, custom nodes, production workflows); building German TTS pipelines (Chatterbox, F5-TTS, Qwen3-TTS); WebGL with Three.js (animated 3D face mesh, 468 MediaPipe vertices).
I’m most useful when there’s a real system to build - not slides, not specs, but working software that touches hardware, APIs, and AI models. I work fast, async, and I own what I ship.
I found your comment here from another comment of you elsewhere.
HackerNews is not a place for you to puke your AI slop into. Stop doing that. It's against the site rules.
I get trying to find a (better) job and doin this on HN in a threat like this one is fine, but please contribute something of value otherwise instead of just spamming LLM slop.
Glad you shared this. I ran into something similar when I tried using a Pico W as a USB HID device, hardware was up to the task, but the firmware just wouldn’t let me get where I wanted..
Using Arduino and serial is a smart way to go here. Still, it’s worth remembering: the Pico W has built-in WiFi, so you don’t have to lean on serial if you don’t want to. You could have your temp-reading app send control signals over HTTP instead. No need to tie up the USB port, and the connection isn’t killed if someone yanks the cable.
And yes, big agreement on the watchdog or failsafe. Any fan controller that doesn’t ramp up to 100% if it loses connection is just waiting for trouble. Fire risk is real.
So here’s what I did: the agent only spits out a JSON action plan and never executes anything directly. A separate validator checks the plan against a whitelist of allowed USB commands before anything gets sent forward. In short, treat the agent like an untrusted external contributor—that’s exactly what it is.
The SSH/VM approach from the article works well for pure coding. But with hardware-in-the-loop setups, you need that extra barrier between "the agent wants to do X" and "X actually happens."
reply