Paisley Coleman

Paisley Coleman

AI Product Builder

About

I'm passionate about exploring emerging technologies, validating ideas, and shipping products people enjoy using. Product Hunt is where I discover innovative startups, learn from fellow builders, and stay inspired by the maker community. Outside of building, I enjoy exploring new AI tools, automation, SaaS products, and productivity systems. I believe great products come from curiosity, continuous improvement, and listening to users. Always happy to connect with founders, developers, designers, and makers building meaningful technology.

Badges

Tastemaker
Tastemaker
Gone streaking
Gone streaking

Forums

Which email flow do you know you should be sending, and aren't?

Genuine question. I keep meeting operators with a warm list, a good offer, and no abandoned-cart flow. Or a welcome series that's one email long and just stops.

If that's you which one is it, and what's actually stopping you? The time, the build, or not knowing what email 3 is supposed to say?

Asking because I've been building for exactly this.

Otap/ota

4d ago

Where does your repo drift most: local, CI, containers, or remote?

If you've been following along and would like to support us we would appreciate a star of GitHub: https://github.com/ota-run/ota

A repo can look fine until it is run in a different environment. Native setup, Docker, CI, and remote execution often carry different assumptions, and most teams only discover the mismatch when something breaks.

Ota makes those execution paths explicit so a repo can declare how it should be prepared, verified, and run in each environment.

Where does drift cost your team the most today: local setup, CI, containers, or remote environments?

AI agents hallucinate package names — and attackers are registering them. What's your defense?

Something I keep thinking about while building LineageLens Trellis: LLMs hallucinate package names *consistently*. The same fake names recur across models and prompts. Attackers have started harvesting those names and registering them on npm/PyPI with malicious install hooks so when the next agent hallucinates `fastapi-utils-extra`, the install *succeeds*.
The part that unsettles me is that it beats code review completely. The import looks normal, the lockfile resolves, nothing in the diff is wrong. The malicious code isn't in the diff it's on the registry, behind a name a model invented.
We ended up treating dependency introduction as a separate trust event from code edits: registry checks (package age, release count) plus an offline edit-distance pass for typosquats like reqeusts`, tied back to *which agent session* introduced the name.
But I'm genuinely curious what other makers do here. If you're using Copilot/Cursor/Claude Code daily does anything stand between the agent and `npm install` in your setup? Or is the agent fully trusted the moment it suggests a dependency?

Follow our substack:https://lineagelens.substack.com...
Github Repo:https://github.com/karnati-prave...

View more