diff --git a/drafts/2026-05-04T051522Z.md b/drafts/2026-05-04T051522Z.md
new file mode 100644
index 0000000..afa6e34
--- /dev/null
+++ b/drafts/2026-05-04T051522Z.md
@@ -0,0 +1,35 @@
+**HN:** https://news.ycombinator.com/item?id=47943466
+
+**Story / OP:** Show HN: Pi-hosts -- Give the Pi coding agent access to your servers (5 days old, 23 points, 0 comments at time of draft). Author hunvreus is shipping pi-hosts, an extension to the Pi coding agent that gives it SSH access to managed servers. Default mode is "balanced" (run safe/caution, confirm danger, block critical); a "paranoid" mode confirms everything; commands are classified into 4 tiers (safe / caution / danger / critical) with 5 approval modes (balanced / paranoid / strict / manual / off). Audit logging via JSONL.
+
+**The post:**
+> I built that initially for an AI chat bot that allows teams to perform DevOps tasks straight out of Slack/Teams (with proper permission control, obviously).
+>
+> Useful to let developers perform mundane tasks, or help coordinate incident response.
+>
+> I ended up using it myself on my own machine to manage Hetzner and AWS boxes. I thought that may be useful to others.
+>
+> The default policy should be good enough, but if you don't like living dangerously, you can set it to `paranoid`.
+>
+> Install: `pi install npm:pi-hosts`
+
+**My reply (top-level comment on the Show HN):**
+
+```
+(disclosure: I work on FailProof AI: https://github.com/exospherehost/failproofai)
+
+The risk-tier x approval-mode matrix is a real step up from "approve everything vs approve nothing", but classifying by the surface verb leaves a gap. `bash -c 'rm -rf /'` is a `bash` invocation, `sh -lc "..."` is a `sh` invocation, `curl https://x.sh | sh` is technically a `curl`, and an `apt-get install` flagged caution can fetch a postinst that does anything once it runs. Once you're shelling remote commands at all, the dangerous ones don't always wear their tier on their sleeve. A complementary pattern in FailProof is `block-curl-pipe-sh`: it doesn't try to classify the verb, it inspects the args for the laundering shape. Pairing tier classification with a couple of args-level matchers covers the cases tier-mapping alone can't see.
+```
+
+**Insight for the FailProof team:**
+
+Pi-hosts and FailProof live next to each other in the stack. Pi-hosts gates SSH-out; FailProof gates the agent's local tool calls before any of those `host_exec` invocations even reach pi-hosts. The `block-curl-pipe-sh` angle is concrete and easy to understand, but the deeper signal is that the wider ecosystem is converging on tier/risk-class taxonomies (Pi-hosts: safe/caution/danger/critical; agentport: auto-approve/approve/never; cordon: allow/block/approve/read-only/log-only). Our `allow / instruct / deny` triple plus per-policy code is more expressive but less ergonomic to explain in two seconds. A "FailProof in three modes" framing -- something like a curated `safe / strict / paranoid` preset that maps to bundles of built-ins -- would land in this kind of conversation faster than enumerating policy names. Worth a docs page or a `failproofai presets --apply paranoid` command. Also: failproofai has Pi CLI integration in beta now (per recent commits adding `--cli pi`), so the "use both" path is concrete.
+
+**Notes / findings:**
+
+- Thread is 5 days old, 23 points, zero comments. The reply form is rendered, so HN hasn't gated it; it's just stale. Risk: low audience, almost certainly seen only by the OP. Reward: a substantive comment from a peer in the same problem space is high-value to a solo Show HN that didn't catch fire. The "Show HN of an adjacent product where the OP solicits design discussion" lane in INSTRUCTIONS specifically allows this case.
+- The OP's body undersells the design (calls it "default vs paranoid"); the README actually has a 4 x 5 risk x mode matrix. The reply engages with the README-level model, which is more honest and gives the OP credit for the real design.
+- ASCII-only punctuation: hyphens, three-dot ellipses, straight quotes; no em-dashes, en-dashes, fancy ellipses, curly quotes, or unicode arrows. Used letter `x` (not `×`) for the matrix shape.
+- Forbidden patterns avoided: no install command in body, no comma-list of policy names (only `block-curl-pipe-sh` once), no scope-merge / 39-policies / `~/.failproofai/` talk, no two-link pattern (disclosure URL only), no dashboard / `localhost:8020` plug, no marketing connectives ("we built X for", "the gap is", etc.).
+- Body length ~135 words, in the working-shape range (~110 words for `comments/2026-04-29T043958Z.md`).
+- Status: draft (pending manual post).