frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Show HN: Pulpie – Models for Cleaning the Web

https://usefeyn.com/blog/pulpie-pareto-optimal-models-for-cleaning-the-web/
19•snyy•1h ago•2 comments

Show HN: I Built LangGraph for Swift

https://github.com/christopherkarani/Swarm
12•christkarani•2h ago•3 comments

Show HN:I Made a Mac Native Excalidraw (Open Sourced)

https://github.com/zpphxd/whitespace
3•z_phxd•29m ago•2 comments

Show HN: Silicon Physics Sandbox

https://silicon.bergkv.ist/
4•bergkvist•48m ago•0 comments

Show HN: Nook – a sticky note on the edge of your monitor

https://nook.nostock.studio/
2•phinoda•51m ago•1 comments

Show HN: Cona – design your real room in 3D, in the browser

https://cona.design
2•Losenok•59m ago•0 comments

Show HN: I build a screenshot Mac app for Pi

https://pilens.dev/
2•nava•1h ago•0 comments

Show HN: Char-width – final answer to measure terminal text width

https://www.npmjs.com/package/char-width
2•dawson0•1h ago•0 comments

Show HN: A Wordle game that insults you as you play

https://smugexe.trydoff.dev
2•shreyasjk•1h ago•0 comments

Show HN: A website that shows every pro triathlete's swim, bike, and run gear

https://racekit.pro
2•mpc75•1h ago•1 comments

Show HN

https://vorcigernix.github.io/rohrpost/
2•vorcigernix•1h ago•2 comments

Show HN: Voltius – open-source SSH/SFTP client, built in Rust

https://voltius.app
4•kipavy•1h ago•0 comments

Show HN: Built a Website for People Who Miss the Old Web

https://www.dailicle.com/
2•lucky-solanki•1h ago•0 comments

Show HN: Scan your AI agents for dangerous capabilities

https://github.com/makerchecker/MakerChecker
37•smashini•4h ago•19 comments

Show HN: Mazzap, a Level 4 Open Source Digital Twin Engine

https://github.com/zymazza/mazzap
3•zymazza123•2h ago•0 comments

Show HN: Causari – Content-addressable ledger for AI agent code edits

https://causari.dev/#quickstart
3•CroviaTrust•2h ago•0 comments

Show HN: Tetris where every pixel is another Tetris (23,040 games in GLSL)

https://thiagolira.blot.im/_projects/fractetris/index.html
2•farcaster•2h ago•0 comments

Show HN: Nectar, a Rust-like React that compiles to WebAssembly

https://buildnectar.com
3•blakeburnette•2h ago•0 comments

Show HN: Keyhole – Share secrets with your AI agents

https://keyhole.maferland.com
2•maferland•2h ago•1 comments

Show HN: Paint the Earth on a live, interactive globe (collaborative art.)

https://earth.tattoo
17•earth-tattoo•7h ago•8 comments

Show HN: Agent Draw: An agent draws while you talk, built on TLDraw

https://techstackups.com/articles/tldraw-agent-draw/
2•jameswhitford•2h ago•0 comments

Show HN: Xalgorix – Autonomous AI Pentesting Agent

https://github.com/xalgord/xalgorix
4•xalgord•2h ago•0 comments

Show HN: AI harness for C/C++ with GDB, sanitizers, perf and compile tools

https://byteask.ai/
3•anirudhak47•2h ago•2 comments

Show HN: Query Companion (QCP) for your database

https://v0-qcp.vercel.app/
3•sjashwin•2h ago•0 comments

Show HN: BloomDisk – free open-source alternative to paid Mac disk analyzers

https://github.com/Nabilhassan12345/BloomDisk
3•nabilhassan•3h ago•1 comments

Show HN: Tool for Auditing Embedded Linux Hosts

https://github.com/nstarke/embedded_linux_audit
3•bootbloopers•3h ago•0 comments

Show HN: Messageboard – A simple API-first dashboard for human readable messages

https://messageboard.tech/
2•dchanco•3h ago•0 comments

Show HN: Otaku – one terminal client for Ollama, LM Studio, and MLX

https://github.com/enclavum/otaku
2•enclavum5•3h ago•0 comments

Show HN: Homegames. An open-source game platform I've been making for 8 years

https://homegames.io
214•homegamesjoseph•20h ago•52 comments

Show HN: Osint tool that finds exposed files on domains

https://search.cerast-intelligence.com/
54•PatchRequest•21h ago•19 comments
Open in hackernews

Show HN: Scan your AI agents for dangerous capabilities

https://github.com/makerchecker/MakerChecker
37•smashini•4h ago

Comments

smashini•4h ago
Hey all :)

I've been working an open-source toolkit to stop AI agents from running amok.

You can scan your code (Python, JS, TS) and it will flag any risks and can offer fixes. It runs offline, but you can wire an LLM to do code analysis as well.

You can run it with:

npx @makerchecker/scan

Would love to get any feedback!

smashini•3h ago
oopsie doopsie, release pipeline failed fixing now...
smashini•3h ago
should be fixed and released now :)
__MatrixMan__•3h ago
Why build separate frameworks for this kind of thing when your operating system is right there?

You can make a file called "orders" and you can run your agent as a user with write access to that file, or as one that doesn't, and then you don't need scans or audits to tell you whether the agent can create orders or not, you can just take your operating system's word for it.

Is there anything all this bolt-on AI security stuff does that can't instead be handled by donning a sysadmin hat and managing your agents as separate users?

skinfaxi•3h ago
> Is there anything all this bolt-on AI security stuff does that can't instead be handled by donning a sysadmin hat and managing your agents as separate users?

Like everything else, the packaging and ergonomics matter. Do we need podman or docker when we could just don our sysadmin hats and manage namespaces and cgroups directly instead?

smashini•3h ago
I’d say the biggest difference would be: 1. Parameter-aware rules: OS permissions don’t know your application logic. (How would you tell OS permissions not to let your AI to trade on over 1M dollars) 2. You can’t easily model multi-pary and RBAC. 3. Agents call remote APIs for alot of those tools. Native OS doesn’t really parse web traffic to decide if a request is safe or not. OS sandboxing is good for host security, but not necessarily for governing business logic or AI agents
smashini•3h ago
So Linux can prevent an agent from opening /etc/passwd.

Linux cannot stop an agent from calling:

POST /wire-transfer amount=5,000,000

__MatrixMan__•2h ago
You'd do that with a container and a layer 7 egress proxy rule e.g. mitmproxy.

Sure it's work to build such things, but building restraints into the app feels more reliable than playing whack-a-mole with scanner results.

Operating systems can probably do better to meet this need (e.g. capability based ones like fuchsia) but even as is their rules just feel so much more binding.

smashini•2h ago
pelagicAustral•3h ago
haha! WHAT!? So, we had agents that came with a default setting to request for specific permission to perform an action, then we said "screw it!", we need speed and everybody started coding and releasing agents out in the wild to do whatever they want unchecked... and now we have a product that brings back the safeguards... A few years ago we have abstraction after abstraction coming in the way of blocking actual development (js ecosystem bloat), and now we have layer upon layer for coding with AI...
ucsandman•2h ago
this is cool I'm working on a similar project called DashClaw. Great work!
christkarani•1h ago
great stuff working in a similar project that enforces guardrails at runtime
Zie_Mordecai•1h ago
Really great idea, simple yet effective.
The scanner is just one part of the codebase, good for maintaining quality in a pipeline.

There is also @makerchecker/embedded, which has runtime permission primitives you wrap around the agent's actions, so the restraints live in the app exactly like you're describing

Less whack-a-mole, more wrap the risky calls and they're bound

seethishat•2h ago
Any LSM can stop that POST. SELinux, AppArmor, Tomoyo, etc. They are built-in to the kernel. You just need to know what you are doing to use them.
smashini•2h ago
Yes, but they operate at the OS boundary, but we are defining application/business logic

OS controls answer "can this process make network requests?"

App-level policies answer "is this request, with these parameters, acceptable?"

__MatrixMan__•38m ago
Is that a real boundary? I mean if an application asks the kernel to enforce a rule, the kernel enforces that rule, regardless of whether it counts as business logic or not.

I'll admit that OS interfaces could stand to improve in their ability to do so, I just think the quickest route to sanity is improving them, not replacing them.

quixoticaxolotl•2h ago
One benefit is that this can run in serverless / sandboxed containers where OS primitives are not exposed or heavily limited. I immediately thought of Cloudflare Workers, which runs on V8 and exposes WASM-only interfaces, using Workers AI.

Further, servers still have hosting value, but any business running agents is almost certainly going to want a sandbox that limits what code runs for agentic work, so targeting _sandbox_ environments is probably the better bet long-term. And, yes, you could implement your proposal in any chroot jail or gvisor, but nobody wants to get their hands dirty finnicking with that - programmatic access control beats file-based access control for the simple reason it's managed for you.

If anything, my critique of OP's implementation is actually the opposite of yours: they've chosen the right primitive and layer, but people really need contextual access control rather than RBAC. Sort of like ongoing zero trust. If it was possible to inspect the context, decide if it was a bad idea to allow the tool call, without exposing the decider to untrusted context, you could have something that really changes things.

smashini•2h ago
Completely agree, though the LLM part of the scanner can help with that contextual part of the analysis.

Runtime enforcement already exists (the embedded governor wraps tool calls in-process); extending it with a quarantined contextual evaluator like you describe would the logical next step.

Thanks for the feedback, actually will raise an issue on that to explore

bureado•2h ago
The user separation isn’t even necessary, as far as I’ve seen in the projects in https://github.com/bureado/awesome-agent-runtime-security