frontpage.

I built an open-source Kubernetes operator that watches audit logs and generates scoped Role/ClusterRole manifests based on what ServiceAccounts actually access.

The problem: most clusters run with overly permissive RBAC because getting it right manually is tedious.

You end up with cluster-admin bindings everywhere or spend hours crafting policies by hand.

Audicia flips it — ingest audit logs (file or webhook), normalize the access patterns, and output least-privilege RBAC.

It also diffs observed vs. granted permissions to produce a compliance score.

Everything runs as a controller in your cluster via CRDs. No SaaS, no external dependencies.

GitHub: github.com/felixnotka/audicia Website: audicia.io

Happy to answer any questions about the architecture or approach.

YggTorrent Shuts Down After Hack, Leak and Stolen Crypto

Published a fitness app to connect trainers and clients

Show HN: ÆTHERYA Core – deterministic policy engine for governing LLM actions

Git-oops – undo any Git mistake with one command

Any Resolution Any Geometry: From Multi-View to Multi-Patch

Whuppity Scoorie: the Scottish spring ritual bringing a town together

Show HN: A .NET Web Framework on the Base .NET Core SDK

European Central Bank: AI may be creating instead of destroying jobs for now

Marc Benioff Praises Grok

Show HN: Glyph, a local-first Markdown notes app for macOS built with Rust

A Shared Kernel Is a Shared Trust Domain

2025 State of Rust Survey Results

Man Cereal

IANA tz (and POSIX) cannot add British Columbia's new Pacific Time (PT) timezone

Show HN: Most Based

Show HN: Read it later" links only (iOs app)

Show HN: We build a Graph of public Skills

Show HN: Elm Social Route – Geofenced chat, event, and route

Lockbox: Constrain Your Bots to Set Them Free

Startup Failure Often Starts with a Bad Idea. This Helps Prevent That

Moss is a pixel canvas where every brush is a tiny program

UK Royal Air Force flight tracker

Incrmd: Incremental AI coding by editing PROJECT.md

ClawOffice – Real Office for Your Open Claw Agents

Markly – Watermark images from Claude via MCP (free, no API key needed)

Show HN: CastLocal – Stream any local video to Chromecast from your terminal

Multi-agent Claude Code setup – 3 roles, Markdown coordination, Docker

InstantPhoto – browser photo editor, no account, no ads, no watermarks

Climbing Mechanics in Games [video]

Hiroo Onoda, the Soldier Who Kept Fighting World War II Until 1974

Show HN: Audicia – Generate least-privilege Kubernetes RBAC from audit log