frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

IronClaw: a Rust-based clawd that runs tools in isolated WASM sandboxes

https://github.com/nearai/ironclaw
56•dawg91•3h ago

Comments

friendofmine•3h ago
Huh what's the benefit
dawg91•2h ago
It's a hardened, security-first implementation. WASM runtime specifically is for isolating tool sandboxes
verdverm•1h ago
WASM has issues with certain languages, why WASM and not OCI?
ForHackernews•55m ago
Docker is not a security boundary?
dawg91•1h ago
Fun fact: it's being developed by one of the authors of "Attention is all you need"
ramoz•47m ago
worth mentioning an additional credential/or-not, the creator of "the platform powering the agentic future" (blockchain) https://www.near.org/
edtechdev•16m ago
which explains why this tool requires a NEAR AI account to use
whalesalad•1h ago
vibe coded eh https://github.com/nearai/ironclaw?tab=readme-ov-file#archit...
dawg91•40m ago
I think the guys who are developing this (Illia Polosoukhin of "Attention is all you need") and others knows enough to leverage their skills with AI vs. producing slop
lenwood•1h ago
Awesome to see a project deal with prompt injection. Using a WASM is clever. How does this ensure that tools adhere to capability-based permissions without breaking the sandbox?
frolvlad•1h ago
Instead of expecting the tools to adhere, they are enforced. For example, to make an HTTP call with a secret key, the tool must use the proxy service that will enforce that the secret key is only used for the specific domain, if that is allowed, then the proxy service will make the call, thus the secret never leaks outside of the service.

However, this design is still under development as it creates quite a bit of challenges.

jonny_eh•1h ago
> Using a WASM is clever

Every time a project is shared that uses WASM.

MarkMarine•1h ago
Clearly this developer knows the trick of developing with ai: adding “… and make it secure” to all your prompts. /s
wyck•25m ago
You mean llia Polosukhin, who is recognized as an AI founder and co‑authored the landmark 2017 paper “Attention Is All You Need" while at Google Research? /s ?
verdverm•1h ago
I suspect OCI wins the sandbox space in the enterprise and everything else will be for hobbyists and companies like vercel that have a very narrow view of how software should be run
canadiantim•1h ago
Reminds me of the LocalGPT that was posted recently too (but which hasnt been updated in 7 months), so nice to see a newer rust-based implementation!
ra0x3•49m ago
What runtimes are supported? I don't think I saw that part mentioned in the README
ramoz•44m ago
Sandboxes will be left in 2026. We don't need to reinvent isolated environments; not even the main issue with OpenClaw - literally go deploy it in a VM on any cloud and you've achieved all same benefits.

We need to know if the email being sent by an agent is supposed to be sent and if an agent is actually supposed to be making that transaction on my behalf. etc

observationist•39m ago
Instrumental convergence and the law of unintended consequences are going to be huge in 2026. I am excited.
ramoz•37m ago
same! sharing this link for my own philosphy around it, ignore the tool. https://cupcake.eqtylab.io/security-disclaimer/
frolvlad•38m ago
Well, the challenge is to know if the action supposed to be executed BEFORE it is requested to be executed. If the email with my secrets is sent, it is too late to deal with the consequences.

Sandboxes could provide that level of observability, HOWEVER, it is a hard lift. Yet, I don't have better ideas either. Do you?

ramoz•34m ago
if you extend the definition of sandbox, then yea.

Solutions no, for now continued cat/mouse with things like "good agents" in the mix (i.e. ai as a judge - of course just as exploitable through prompt injection), and deterministic policy where you can (e.g. OPA/rego).

We should continue to enable better integrations with runtime - why i created the original feature request for hooks in claude code.

liuliu•20m ago
The solution is to make the model stronger so the malicious intents can be better distinguished (and no, it is not a guarantee, like many things in life). Sandbox is a basic, but as long as you give the model your credential, there isn't much guardrails can be done other than making the model stronger (separate guard model is the wrong path IMHO).
cheriot•5m ago
Sandboxes are needed, but are only one piece of the puzzle. I think it's worth categorizing the trust issue into

1. An LLM given untrusted input produces untrusted output and should only be able to generate something for human review or that's verifiably safe.

2. Even an LLM without malicious input will occasionally do something insane and needs guardrails.

There's a gnarly orchestration problem I don't see anyone working on yet.

skybrian•19m ago
Interesting approach. It requires a Near AI account. Supposedly that's a more private way to do inference, but at the same time they do offer Claude Opus 4.6 (among others), so I wonder what privacy guarantees they can actually offer and whether it depends on Anthropic?

GPT-5.2 derives a new result in theoretical physics

https://openai.com/index/new-result-theoretical-physics/
82•davidbarker•31m ago•24 comments

Apple, fix my keyboard before the timer ends or I'm leaving iPhone

https://ios-countdown.win/
841•ozzyphantom•5h ago•424 comments

Monosketch

https://monosketch.io/
553•penguin_booze•7h ago•111 comments

Sandwich Bill of Materials

https://nesbitt.io/2026/02/08/sandwich-bill-of-materials.html
101•zdw•4d ago•10 comments

Why I'm not worried about AI job loss

https://davidoks.blog/p/why-im-not-worried-about-ai-job-loss
20•ezekg•38m ago•9 comments

CBP Signs Clearview AI Deal to Use Face Recognition for 'Tactical Targeting'

https://www.wired.com/story/cbp-signs-clearview-ai-deal-to-use-face-recognition-for-tactical-targ...
169•cdrnsf•2h ago•86 comments

Open Source Is Not About You (2018)

https://gist.github.com/richhickey/1563cddea1002958f96e7ba9519972d9
158•doubleg•5h ago•110 comments

Zed editor switching graphics lib from blade to wgpu

https://github.com/zed-industries/zed/pull/46758
251•jpeeler•5h ago•213 comments

IronClaw: a Rust-based clawd that runs tools in isolated WASM sandboxes

https://github.com/nearai/ironclaw
57•dawg91•3h ago•26 comments

Green’s Dictionary of Slang - Five hundred years of the vulgar tongue

https://greensdictofslang.com/
66•mxfh•5d ago•11 comments

Faster Than Dijkstra?

https://systemsapproach.org/2026/02/09/faster-than-dijkstra/
66•drbruced•3d ago•44 comments

Resizing windows on macOS Tahoe – the saga continues

https://noheger.at/blog/2026/02/12/resizing-windows-on-macos-tahoe-the-saga-continues/
792•erickhill•19h ago•422 comments

Syd: Writing an application kernel in Rust [video]

https://fosdem.org/2026/schedule/event/3AHJPR-rust-syd-application-kernel/
13•hayali•4d ago•0 comments

Show HN: Skill that lets Claude Code/Codex spin up VMs and GPUs

https://cloudrouter.dev/
9•austinwang115•49m ago•1 comments

gRPC: From service definition to wire format

https://kreya.app/blog/grpc-deep-dive/
9•latonz•4d ago•0 comments

MMAcevedo aka Lena by qntm

https://qntm.org/mmacevedo
266•stickynotememo•14h ago•145 comments

Show HN: Moltis – AI assistant with memory, tools, and self-extending skills

https://www.moltis.org
3•fabienpenso•1d ago•0 comments

GPT‑5.3‑Codex‑Spark

https://openai.com/index/introducing-gpt-5-3-codex-spark/
856•meetpateltech•1d ago•369 comments

Gauntlet AI (YC S17) train you to master building with AI, give you $200k+ job

http://qualify.gauntletAI.com
1•austenallred•7h ago

An open replacement for the IBM 3174 Establishment Controller

https://github.com/lowobservable/oec
21•bri3d•6d ago•5 comments

Gemini 3 Deep Think

https://blog.google/innovation-and-ai/models-and-research/gemini-models/gemini-3-deep-think/
1007•tosh•1d ago•663 comments

I spent two days gigging at RentAHuman and didn't make a single cent

https://www.wired.com/story/i-tried-rentahuman-ai-agents-hired-me-to-hype-their-ai-startups/
75•speckx•3h ago•48 comments

Tell HN: Ralph Giles has died (Xiph.org| Rust@Mozilla | Ghostscript)

453•ffworld•20h ago•25 comments

Advanced Aerial Robotics Made Simple

https://www.drehmflight.com
79•jacquesm•5d ago•9 comments

An AI agent published a hit piece on me

https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/
2183•scottshambaugh•1d ago•901 comments

Implementing Auto Tiling with Just 5 Tiles

https://www.kyledunbar.dev/2026/02/05/Implementing-auto-tiling-with-just-5-tiles.html
60•todsacerdoti•5d ago•10 comments

Age of Empires: 25 years of pathfinding problems with C++ [video]

https://www.youtube.com/watch?v=lEBQveBCtKY
17•CharlesW•55m ago•2 comments

Cache Monet

https://cachemonet.com
116•keepamovin•5d ago•35 comments

MinIO repository is no longer maintained

https://github.com/minio/minio/commit/7aac2a2c5b7c882e68c1ce017d8256be2feea27f
418•psvmcc•12h ago•296 comments

We interfaced single-threaded C++ with multi-threaded Rust

https://antithesis.com/blog/2026/rust_cpp/
93•lukastyrychtr•6d ago•8 comments