frontpage.

I built a small library called [`sandbox-policy-builder`](https://github.com/giselles-ai/sandbox-policy-builder) for `@vercel/sandbox`.

The problem is straightforward: when building coding agents or AI apps in Vercel Sandbox, I usually think in terms of services like `OpenAI`, `Claude`, `GitHub`, or `AI Gateway`. But the raw `networkPolicy` API is domain-oriented, so credentials brokering rules get repetitive and harder to read than the actual intent.

I wanted to write:

```ts networkPolicy: allow({ codex: { apiKey: process.env.OPENAI_API_KEY! }, openai: { apiKey: process.env.OPENAI_API_KEY! }, gemini: { apiKey: process.env.GEMINI_API_KEY! }, claude: { apiKey: process.env.ANTHROPIC_API_KEY! }, github: { apiKey: process.env.GITHUB_TOKEN! }, aiGateway: { apiKey: process.env.AI_GATEWAY_TOKEN! }, }) ```

instead of hand-maintaining raw domains and header transforms.

The library expands service names into the domain-level `NetworkPolicy` shape required by Vercel Sandbox. Right now it supports `codex`, `openai`, `gemini`, `claude`, `github`, and `aiGateway`.

Repo: https://github.com/giselles-ai/sandbox-policy-builder

Trickle Down Effects

Uber's Deal Blitz to Stop a Robotaxi Monopoly

Biomechanics of the Hand

Everyone is wrong about NotebookLM

54-Point Security Gap Across 12 Cloud Firewalls (2026)

The Effectiveness of Skills.md

Pruner – local proxy that cuts Claude Code API bills by 20–70%

CCS – Community Crowdfunding System

OpenAI is throwing everything into building an automated researcher

Show HN: ISO 20022 Payments MCP – First standards-typed financial MCP server

Show HN: Free AI Business Plan Generator

Amazon's Trainium lab, the chip that's won over Anthropic, OpenAI, even Apple

Storing Solar Energy as Ice for Air Conditioning

A short history of the Web – CERN (2019)

Trivy Supply Chain Attack Expands to Compromised Docker Images

The Entropy of the Soul: Why AI Quotas Are the Ultimate Bot-Detection Filter

eBay Kitchen Beta (home made food ordering)

Socialist Emmanuel Gregoire wins Paris mayoral race

Samsung brings AirDrop support to Galaxy S26 series in select regions

Show HN: CodexKit – Build agent-powered iOS apps (threads, tools, memory)

Show HN: NoProcrast – A browser extension modeled on HN's noprocrast feature

Zmx: Session Persistence for Terminal Processes

Hardest Hard Drive Commercial [video]

Show HN: Sandbox-policy-builder, helper for Vercel Sandbox credentials brokering

FIRST Robotics founder Dean Kamen resigns because of Epstein files

My DIY FPGA board can run Quake II

Bug Mentor – Mentoring developers with Q&A during software bug resolution

Show HN: Lula – multi-agent coding assistant with sandboxed Rust exec engine

AI ends online anonymity: the ease of unmasking pseudonymous accounts

[Product Launch] Synapse: Define your signals and we'll monitor for them

Show HN: Sandbox-policy-builder, helper for Vercel Sandbox credentials brokering

Trickle Down Effects

Uber's Deal Blitz to Stop a Robotaxi Monopoly

Biomechanics of the Hand

Everyone is wrong about NotebookLM

54-Point Security Gap Across 12 Cloud Firewalls (2026)

The Effectiveness of Skills.md

Pruner – local proxy that cuts Claude Code API bills by 20–70%

CCS – Community Crowdfunding System

OpenAI is throwing everything into building an automated researcher

Show HN: ISO 20022 Payments MCP – First standards-typed financial MCP server

Show HN: Free AI Business Plan Generator

Amazon's Trainium lab, the chip that's won over Anthropic, OpenAI, even Apple

Storing Solar Energy as Ice for Air Conditioning

A short history of the Web – CERN (2019)

Trivy Supply Chain Attack Expands to Compromised Docker Images

The Entropy of the Soul: Why AI Quotas Are the Ultimate Bot-Detection Filter

eBay Kitchen Beta (home made food ordering)

Socialist Emmanuel Gregoire wins Paris mayoral race

Samsung brings AirDrop support to Galaxy S26 series in select regions

Show HN: CodexKit – Build agent-powered iOS apps (threads, tools, memory)

Show HN: NoProcrast – A browser extension modeled on HN's noprocrast feature

Zmx: Session Persistence for Terminal Processes

Hardest Hard Drive Commercial [video]

Show HN: Sandbox-policy-builder, helper for Vercel Sandbox credentials brokering

FIRST Robotics founder Dean Kamen resigns because of Epstein files

My DIY FPGA board can run Quake II

Bug Mentor – Mentoring developers with Q&A during software bug resolution

Show HN: Lula – multi-agent coding assistant with sandboxed Rust exec engine

AI ends online anonymity: the ease of unmasking pseudonymous accounts

[Product Launch] Synapse: Define your signals and we'll monitor for them