frontpage.

I’ve been building Nucleus because most “agent security” is still policy-only: a config file that says “don’t do bad things,” while the agent can still do them.

Nucleus is an OSS experiment that pairs a small, compositional permission model with runtime enforcement: *side effects are only reachable through an enforcing tool proxy*, inside a Firecracker microVM. The envelope is *non-escalating*: it can only tighten or terminate, never silently relax.

What works today:

* MCP tool proxy with *read / write / run* (enforced inside the microVM) * default-deny egress + DNS allowlist + iptables drift detection (fail-closed) on Linux * time + budget caps enforced * hash-chained audit log + HMAC approval tokens (scoped, expiring) for gated ops

What’s missing (being upfront):

* web/search tools exist in the model but aren’t wired to MCP yet * remote append-only audit storage + attestation are still roadmap * early/rough; targeting “safe to run against sensitive codebases,” not “replace your local terminal”

Most of the code was written with Anthropic tools; I’ve been leaning on tests/fuzzing/proptests to keep it honest.

Would love feedback on: (1) dangerous capability combinations beyond the lethal trifecta, (2) what enforcement gaps you’d want closed first, (3) how you’d evaluate this vs gateway-only approaches.

Show HN: Wikipedia as a doomscrollable social media feed

Show HN: Apate API mocking/prototyping server and Rust unit test library

Show HN: NanoClaw – “Clawdbot” in 500 lines of TS with Apple container isolation

Show HN: File Markers – Track file status directly in VS Code's Explorer

Show HN: A different approach to intonation training

Show HN: Stelvio – Ship Python to AWS

Show HN: Nucleus – enforced permission envelopes for AI agents (Firecracker)

Show HN: Make AI motion videos with text

Show HN: Bullmq-dash – Terminal UI dashboard for BullMQ (zero setup)

Show HN: Agents should learn skills on demand. I built Skyll to make it real

Show HN: ÆTHRA – Writing Music as Code

Show HN: Sklad – Secure, offline-first snippet manager (Rust, Tauri v2)

Show HN: OpenClaw Cloud – run OpenClaw safely in the cloud, no local install

Show HN: Sandbox Agent SDK – unified API for automating coding agents

Show HN: Prism AI – A research agent that generates 2D/3D visualizations

Show HN: Minimal – Open-Source Community driven Hardened Container Images

Show HN: Voiden – an offline, Git-native API tool built around Markdown

Show HN: My Open Source Deep Research tools beats Google and I can Prove it

Show HN: Moltbook – A social network for moltbots (clawdbots) to hang out

Show HN: I trained a 9M speech model to fix my Mandarin tones

Show HN: Zuckerman – minimalist personal AI agent that self-edits its own code

Show HN: Phage Explorer

Show HN: You Are an Agent

Show HN: Jetcaller – Make international calls directly from the browser

Show HN: Claw-daw – offline, deterministic terminal-first DAW

Show HN: Amla Sandbox – WASM bash shell sandbox for AI agents

Show HN: ContractShield – AI contract analyser for freelancers

Show HN: Kolibri, a DIY music club in Sweden

Show HN: OpenJuris – AI legal research with citations from primary sources

Show HN: An extensible pub/sub messaging server for edge applications

Show HN: Nucleus – enforced permission envelopes for AI agents (Firecracker)

Show HN: Wikipedia as a doomscrollable social media feed

Show HN: Apate API mocking/prototyping server and Rust unit test library

Show HN: NanoClaw – “Clawdbot” in 500 lines of TS with Apple container isolation

Show HN: File Markers – Track file status directly in VS Code's Explorer

Show HN: A different approach to intonation training

Show HN: Stelvio – Ship Python to AWS

Show HN: Nucleus – enforced permission envelopes for AI agents (Firecracker)

Show HN: Make AI motion videos with text

Show HN: Bullmq-dash – Terminal UI dashboard for BullMQ (zero setup)

Show HN: Agents should learn skills on demand. I built Skyll to make it real

Show HN: ÆTHRA – Writing Music as Code

Show HN: Sklad – Secure, offline-first snippet manager (Rust, Tauri v2)

Show HN: OpenClaw Cloud – run OpenClaw safely in the cloud, no local install

Show HN: Sandbox Agent SDK – unified API for automating coding agents

Show HN: Prism AI – A research agent that generates 2D/3D visualizations

Show HN: Minimal – Open-Source Community driven Hardened Container Images

Show HN: Voiden – an offline, Git-native API tool built around Markdown

Show HN: My Open Source Deep Research tools beats Google and I can Prove it

Show HN: Moltbook – A social network for moltbots (clawdbots) to hang out

Show HN: I trained a 9M speech model to fix my Mandarin tones

Show HN: Zuckerman – minimalist personal AI agent that self-edits its own code

Show HN: Phage Explorer

Show HN: You Are an Agent

Show HN: Jetcaller – Make international calls directly from the browser

Show HN: Claw-daw – offline, deterministic terminal-first DAW

Show HN: Amla Sandbox – WASM bash shell sandbox for AI agents

Show HN: ContractShield – AI contract analyser for freelancers

Show HN: Kolibri, a DIY music club in Sweden

Show HN: OpenJuris – AI legal research with citations from primary sources

Show HN: An extensible pub/sub messaging server for edge applications