frontpage.

Show HN: A runtime authorization layer for AI agents

3•rkka•1h ago

Hi HN,

Over the past few months, we’ve been experimenting with something that kept bothering us about AI agents in production.

Most agent systems today are “fail-open”: • The model proposes an action • The tool executes • Logs are written • Monitoring happens after the fact

This works fine for demos and low-risk workflows.

It feels different when agents: • trigger payments • deploy code • modify production data • access local files • interact with real infrastructure

We started asking a simple question:

What if execution itself was policy-bound?

⸻

What we built

We built a runtime authorization layer that sits between:

LLM → Proposed Action → Policy Engine → Allow / Deny / Compute / Escalate → Execution → Trace + Replay

Instead of parsing messages or relying on post-hoc logs, we: • evaluate the proposed tool invocation • bind it to a policy (OPA-based) • gate execution before it runs • emit reproducible artifacts

Each decision produces: • policy digest • input/output hash • trace ID • optional ledger entry • replay support

⸻

What this is NOT • Not another agent framework • Not a monitoring dashboard • Not prompt-level guardrails • Not pattern extraction

It operates at the action surface.

If the agent attempts to call a tool, the call is evaluated before runtime.

⸻

Example (simplified)

If the agent tries:

fs.write_file(”/prod/config.yaml”)

Policy may: • DENY • ESCALATE (human required) • COMPUTE (force safe path) • ALLOW with constraints

The key idea:

Authorization becomes structural, not contractual.

⸻

Why we built it

There’s a growing gap between:

Model capability and System accountability

As agents move from answering to acting, the stack shifts.

We’re curious whether others are running into the same problem.

⸻

Looking for feedback

We’re currently: • running this locally via a desktop client • integrating with MCP tool surfaces • experimenting with observe-only and enforce modes

Would love thoughts from folks: • deploying agents in production • thinking about policy / governance • building infra around AI execution

Especially interested in criticism.

Happy to share architecture details.

GitHub Is Having Issues

Iran War Cost Tracker

Show HN: The OpenClaw Market Map, Q1 2026

Show HN: TopVideoHub – Discover trending videos across 9 Asia-Pacific regions

CMS halts enrollment in Elevance/Anthem, citing years of misconduct

GitHub Is Degraded

Reconfigurable single-walled carbon nanotube ferroelectric FET transistors

Tell HN: GitHub Having Issues

When Everyone Has an Agent

AgentOps and operationalizing AI agents for the enterprise

Prediction and Entropy of Printed English – Claude Shannon (1950) [pdf]

Intel's make-or-break 18A process node debuts for data center with 288-core Xeon

Silent Backwards Compatibility Breaking Changes in PyTorch

Hacked traffic cameras & US Intel: How plot to kill Iran's leader came together

Claude Code escapes its own denylist and sandbox

I Built a Spy Satellite Simulator in a Browser. Here's What I Learned

LotusQ Cross platform voice dictation with free local Whisper(Mac/Windows/Linux)

The gap between ICP documents and buyer understanding in B2B sales

Academics Need to Wake Up on AI

Qwen Tech Lead Steps Down

Fire the CEO, Introducing the AxO's

Mpv Is the MVP of Video and Image Viewing

Deprecate confusing APIs like "os.path.commonprefix()"

Ask HN: Using AI at work is stupidity, or a good tool if used properly?

How HN: DocAPI – HTTP 402 as designed: agents register, pay USDC, run forever

Why exe.dev VMs are persistent

Gram 1.0 Released

OpenAI releases GPT-5.3 Instant update to make ChatGPT less 'cringe'

Beatport and Beatsource to Unite into One Premium DJ Platform

Identity Formation and the Politics of Belonging: Bengali Migrants in Kerala [pdf]