frontpage.

- The problem: Compliance teams ask: “Which agent accessed what, and when?” Existing proxies treat all agent traffic the same—no per-agent identity, no enforceable time bounds, weak audit trails.

- What it does - Agent → Envoy (mTLS per-agent cert) → OPA (policy check) → Target - Each agent gets a short-lived cert, rotated automatically - Policies constrain domain + time window; outside-window requests are denied and logged (<5ms median in demo) - Audit logs are hash-chained; here’s how to verify the chain: https://github.com/j-raghavan/ChronoGuard#verify-audit-chain

- Why not SPIFFE/Boundary/etc.? They handle identity; ChronoGuard adds enforced time windows + tamper-evident audit (“agent X can only hit api.example.com 9–5 UTC”).

- Try it (pick one) - Live demo (2 min): https://j-raghavan.github.io/ChronoGuard/ — see 9–5 allowed, after-hours denied, with audit trail - One-click Codespaces: https://codespaces.new/j-raghavan/ChronoGuard — brings up Envoy+OPA; follow the 3-step README - Repo: https://github.com/j-raghavan/ChronoGuard

- Scope - Covers: per-agent identity (mTLS issuance/rotation), time-bounded access control, tamper-evident audit - Not yet: model jailbreak defense, data loss prevention—this is access control + audit

- Looking for contributors Envoy filters/hot-reload certs, OPA policy packs, language SDKs (LangChain/AutoGen), audit verification tooling. Good first issues: https://github.com/j-raghavan/ChronoGuard/labels/good%20firs...

- Best starting point: the live demo. Feedback or PRs welcome.

Interop 2025: A Year of Convergence

JobArena – Human Intuition vs. Artificial Intelligence

Concept Artists Say Generative AI References Only Make Their Jobs Harder

Show HN: PaySentry – Open-source control plane for AI agent payments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

Pax Historia – User and AI powered gaming platform

Show HN: I built a RAG engine to search Singaporean laws

Scams, Fraud, and Fake Apps: How to Protect Your Money in a Mobile-First Economy

Porting Doom to My WebAssembly VM

Cognitive Style and Visual Attention in Multimodal Museum Exhibitions

Full-Blown Cross-Assembler in a Bash Script

Logic Puzzles: Why the Liar Is the Helpful One

Optical Combs Help Radio Telescopes Work Together

Show HN: Myanon – fast, deterministic MySQL dump anonymizer

The Tao of Programming

Forcing Rust: How Big Tech Lobbied the Government into a Language Mandate

PanelBench: We evaluated Cursor's Visual Editor on 89 test cases. 43 fail

Can You Draw Every Flag in PowerPoint? (Part 2) [video]

Show HN: MCP-baepsae – MCP server for iOS Simulator automation

Make Trust Irrelevant: A Gamer's Take on Agentic AI Safety

Show HN: Sem – Semantic diffs and patches for Git

Hello world does not compile

Show HN: ZigZag – A Bubble Tea-Inspired TUI Framework for Zig

Metaphor+Metonymy: "To love that well which thou must leave ere long"(Sonnet73)

Show HN: Django N+1 Queries Checker

Emacs-tramp-RPC: High-performance TRAMP back end using JSON-RPC instead of shell

Protocol Validation with Affine MPST in Rust

Female Asian Elephant Calf Born at the Smithsonian National Zoo

Show HN: Zest – A hands-on simulator for Staff+ system design scenarios