15:I[981,["658","static/chunks/658-a698693f56d0116a.js","183","static/chunks/183-6beeeb801c274aaa.js","474","static/chunks/app/%5Btype%5D/layout-631c4730b83c8223.js"],"Posts"] 16:T445,I’m seeing more teams ship agentic systems that can call real tools (DB writes, deploys, email, billing, internal APIs). Most of the safety patterns I hear are prompt rules + basic validation + “human-in-the-loop for risky stuff.”

My question: in a real production environment, what’s your enforcement point that the agent cannot bypass? Like, what actually guarantees the tool call isn’t executed unless it passes policy?

Some specific things I’m curious about:

Are you enforcing permissions inside each tool wrapper, at a gateway/proxy, or via centralized policy service?

How do you handle identity + authorization when agents act on behalf of users?

Do you log decisions separately from execution logs (so you can answer “why was this allowed?” later)?

How do you roll out enforcement safely (audit-only/shadow mode -> enforcement)?

What failure modes hurt most like policy bugs, agent hallucinations, prompt injection, or tool misuse?

Would love to hear how people are doing this in practice (platform/security/infra teams especially)17:T7ae,Hacker News! Hive of the world's most cunning start-up minds! Lend me your ears and delicious brains.

I've been running a SaaS app for the last 5 years or so. But customer growth has been slow. Last year was a good year - the best yet, but I'm not getting any younger, and these fancy yacht parties aren't going to throw themselves:

Sign-ups:

2023: 102 new companies joined the free plan, 12 converted to paid plan

2024: 125 new companies joined the free plan, 6 converted to paid plan

2025: 129 new companies joined the free plan, 19 converted to paid plan

So 129 companies installed the app on the free plan last year, 19 of them became paying customers. Maybe that sounds like a lot? But the year before only 6 and the year befo

Need Feedback for Idea

"People are going to stop and ask you, 'How can I help?' Let them."

NASA about to send people to the moon – in a spacecraft not everyone thinks safe

Have We Been Wrong About Language for 70 Years? New Study Challenges Theory

Health insurance execs shift blame for costly, confusing health care system

Get Shit Done

Fuggerei

Ask HN: How are you enforcing permissions for AI agent tool calls in production?

Caroline Ellison Former Alameda CEO Released from Prison After 440 Days

The Epic Survey of Mason and Dixon

Everybody's at each other's throats': James Cameron left the US permanently

Agency Recruiters can sell retained searches

Turn any developer into a low performer

Agents.md as a Dark Signal

December in Servo

Ditching Flickr for Immich, Protecting My Kids

A new direction for students in an AI world: Prosper, prepare, protect

AI can 10x developers in creating tech debt

Why a God Can't Play a Link to the Past [video]

Show HN: A simple algorithm for shifting solid-color image backgrounds (WASM)

Customer growth is slow. Who do I talk to?

The End of Discovery?

Show HN: Flux, A Python-like language in Rust to solve ML orchestration overhead

Python's `json.tool` Utility

AI agent generates rebuttals for papers

Claude Code TeamateTool (binary analysis)

Shelley: A Coding Agent

Visualizing K-Way Merge: An Interactive Guide to Database Sorting

Ask HN: Why is the Lua web / related ecosystem so stagnant?

AMI Labs: Real World. Real Intelligence

Ask HN: Are you running production workloads in Pytorch eager mode?