frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

OpenClaw and Agent Execution Firewall

https://github.com/sundarsub/sentra
1•sentra•1h ago

Comments

sentra•1h ago

  I built Sentra, an execution firewall that lets you safely run OpenClaw (AI agent with WhatsApp integration) on Oracle Cloud Free Tier for $0/month.

  The problem: AI agents that execute code are powerful but dangerous. Give an LLM shell access and it might run rm -rf /.

  The solution: A security layer with:

  • Seccomp-BPF – Kernel-level syscall filtering blocks fork, exec, ptrace before they execute

  • Policy engine – Regex-based command allowlist/denylist with argument inspection

  • Python sandbox – Namespace isolation with cgroup resource limits

  • Rate limiting – Prevents automated attack patterns

  Example:
  [sentra:enforce]$ rm -rf /
  [X] DENIED: Recursive deletion blocked

  [sentra:enforce]$ sudo su
  [X] DENIED: Privilege escalation blocked

  [sentra:enforce]$ ls -la
  total 48
  drwxr-xr-x  5 opc opc 4096 ...
   ALLOWED

  The stack (all free):

  • Oracle Cloud Free Tier – 4 ARM CPUs, 24GB RAM, 200GB storage

  • OpenClaw – Node.js AI agent framework with WhatsApp Web

  • Sentra – Rust execution firewall (this project)

  • Any LLM via OpenRouter (Gemini, GPT-4, Claude, Llama)

  One-line install:
  curl -sSL https://raw.githubusercontent.com/sundarsub/sentra/main/scripts/install-oracle-cloud.sh | sudo bash

  Links:

  • GitHub: https://github.com/sundarsub/sentra

  • Oracle Cloud Guide: https://github.com/sundarsub/sentra/blob/main/docs/ORACLE_CLOUD_DEPLOYMENT.md

  Open source (Apache-2.0). sentrahelp@gmail.com

I Still <3 the Internet

https://www.deezlinks.com/p/i-still-3-the-internet
1•herbertl•19s ago•0 comments

Where can I buy AI-generated antibiotics?

1•john1203•51s ago•0 comments

From one dictator dad to another: Monica's lost childhood in North Korea

https://www.smh.com.au/national/from-one-dictator-dad-to-another-monica-s-lost-childhood-in-north...
1•famouswaffles•1m ago•0 comments

Australia for Software Engineers: Relocation Guide

https://relocateme.substack.com/p/moving-to-australia-for-work
1•andrewstetsenko•2m ago•0 comments

Federal data breach may be the biggest hack in US history

https://morningoverview.com/massive-federal-data-breach-may-be-the-biggest-hack-in-us-history/
1•SunshineTheCat•3m ago•0 comments

Ask HN: Who has seen productivity increases from AI

1•Kapura•4m ago•0 comments

Does Gemini 3 retain conversational context less reliably than Gemini 2.5?

1•mldev_exe•6m ago•0 comments

For Sale: Hunter S. Thompson's 1973 Chevy Caprice Convertible a.k.a. 'Red Shark'

https://www.christies.com/en/lot/lot-6573423
1•bookofjoe•6m ago•0 comments

Lupin: A WGPU [Rust] Path Tracing Library

https://github.com/LeonardoTemperanza/LupinPathTracer
1•LeoTemperanza•7m ago•1 comments

AgentLoadout: Set your agents up for success

https://www.npmjs.com/package/agent-loadout
2•persuader•7m ago•0 comments

Are AI agents not smart enough to generate their own AGENTS/SKILLS/X.md?

1•john1203•8m ago•1 comments

Researchers Retrieve the Deepest-Ever Rock Core from Beneath Antarctica's Ice

https://www.smithsonianmag.com/smart-news/researchers-retrieve-the-deepest-ever-rock-core-from-be...
1•Brajeshwar•8m ago•0 comments

Apple Plans to Manufacture Mac Mini in Houston

https://www.wsj.com/tech/apple-plans-to-manufacture-mac-mini-in-houston-c9b4c23c
1•Brajeshwar•8m ago•0 comments

Never Blow Up Your Bridges

https://brainbaking.com/post/2026/02/never-blow-up-your-bridges/
1•Brajeshwar•8m ago•0 comments

Git for Data Applied: Comparing Git-Like Tools That Separate Metadata from Data

https://motherduck.com/blog/git-for-data-part-2/
1•articsputnik•8m ago•0 comments

Show HN: Glass Box: writing editor that exports a verifiable PDF of your process

https://firl.nl/glass-box
2•normanbell•8m ago•0 comments

Section 230 Preempts Lawsuit over Unwanted Gmail Spam–Dor vs. Google

https://blog.ericgoldman.org/archives/2026/02/section-230-preempts-lawsuit-over-unwanted-gmail-sp...
2•hn_acker•9m ago•0 comments

I built a scanner to find common vulnerabilities in AI-generated apps

https://securemyvibes.com
1•baptisteallain•9m ago•1 comments

DOJ withheld Epstein files related to allegations Trump sexually abused a minor

https://www.npr.org/2026/02/24/nx-s1-5723968/epstein-files-trump-accusation-maxwell
4•pickleglitch•10m ago•0 comments

Bithumb $44B Bitcoin blunder puts South Korea regulators on alert

https://www.coindesk.com/policy/2026/02/09/usd44b-bitcoin-blunder-puts-south-korea-regulators-on-...
1•PaulHoule•10m ago•0 comments

ArcGIS Maps SDK for JavaScript – Version 5.0 Release

https://community.esri.com/t5/arcgis-javascript-maps-sdk-blog/arcgis-maps-sdk-for-javascript-vers...
1•Noash•10m ago•0 comments

Moody's alert cites gap in data centre accounting for Big Tech companies

https://www.ft.com/content/3ff9a481-8be3-4dd4-9a00-ea809f3485fd
1•petethomas•10m ago•0 comments

We Solved Execution. Now What?

https://anirudharamesh.github.io/blog/we-solved-execution-now-what/
3•anibot•11m ago•1 comments

Anthropic's new AI tool can write COBOL, sending IBM's stock tumbling

https://www.tomshardware.com/tech-industry/big-tech/ibm-stock-takes-a-13-percent-whiplash-after-a...
2•cdrnsf•11m ago•1 comments

Show HN: Stupid simple e-ink RSS reader

https://github.com/edleeman17/E-Ink-RSS-Reader
1•ed1727•11m ago•0 comments

Dev jobs up 10% YoY while other jobs down 5.8%. What do you see on the ground?

1•mrborgen•11m ago•0 comments

The DIY OpenClaw Assistant You'll Want to Carry

https://www.hackster.io/news/the-diy-openclaw-assistant-you-ll-actually-want-to-carry-97888b183ac1
1•toomuchtodo•11m ago•0 comments

The Secret History of Knocking on Wood: Most of human nature is not written down

https://resobscura.substack.com/p/neolithic-habits-machine-age-tools
1•benbreen•12m ago•0 comments

Show HN: Tiny-parquet – JavaScript lib to read/write Parquet in 326KB of WASM

https://github.com/nktrchk/tiny-parquet
2•Nikitaita•14m ago•0 comments

Is it just me or is reviewing PRs getting exponentially harder?

https://www.bitarch.dev/blog/the-hidden-cost-of-ai-assisted-coding
1•birdculture•14m ago•0 comments