Hello HN. I'm Maxime, founder at LimaCharlie (https://limacharlie.io), a Hyperscaler for SecOps (access building blocks you need to build security operations, like AWS does for IT).

We’ve engineered a new product on our platform that solves a timely issue acting as a guardrail between your AI and the world: Viberails (https://www.viberails.io)

This won't be new to folks here, but we identified 4 challenges teams face right now with AI tools:

  1. Auditing what the tools are doing.
  2. Controlling toolcalls (and their impact on the world).
  3. Centralized management.
  4. Easy access to the above.

To expand: Audit logs are the bread and butter for security, but this hasn't really caught up in AI tooling yet. Being able to look back and say "what actually happened" after the fact is extremely valuable during an incident and for compliance purposes.

Tool calls are how LLMs interact with the world, we should be able to exercise basic controls over them like: don't read credential files, don't send emails out, don't create SSH keys etc. Being able to not only see those calls but also block them is key for preventing incidents.

As soon as you move beyond a single contributor on one box, the issue becomes: how do I scale processes by creating an authoritative config for the team. Having one spot with all the audit, detection and control policies becomes critical. It's the same story as snowflake-servers.

Finally, there's plenty of companies that make products that partially address this, but they fall in one of two buckets:

  - They don't handle the "centralized" point above, meaning they just send to syslog and leave all the messy infra bits to you.
  - They are locked behind "book a demo", sales teams, contracts and all the wasted energy that goes with that.

We made Viberails address these problems. Here's what it is:

  - OpenSource client, written in Rust
  - Curl-to-bash install, share a URL with your team to join your Team, done. Linux, MacOS and Windows support.
  - Detects local AI tools, you choose which ones you want to install. We install hooks for each relevant platform. The hooks use the CLI tool. We support all the major tools (including OpenClaw).
  - The CLI tool sends webhooks into your Team (tenant, called Organization in LC) in LimaCharlie. The tool-related hooks are blocking to allow for control.
  - Blocking webhooks have around 50ms RTT.
  - Your tenant in LC records the interaction for audit.
  - We create an initial set of detection rules for you as examples. They do not block by default. You can create your own rules, no opaque black boxes.
  - You can view the audit, the alerts, etc. in the cloud.
  - You can setup outputs to send audits, blocking events and detections to all kinds of other platforms of your choosing. Easy mode of this is coming, right now this is done in the main LC UI and not the simplified Viberails view.
  - The detection/blocking rules support all kinds of operators and logic, lots of customizability.
  - All data is retained for 1 year unless you delete the tenant. Datacenters in USA, Canada, Europe, UK, Australia and India.
  - Only limit to community edition for this is a global throughput of 10kbps for ingestion.

Try it: https://viberails.io

Repo: https://github.com/refractionPOINT/viberails

Essentially, we wanted to make a super-simplified solution for all kinds of devs and teams so that they can get access to the basics of securing their AI tools. Thanks for reading - we’re really excited to share this with the community! Let us know if you have any questions for feedback in the comments.