Tuesday, July 7, 2026

Show HN: CLRK, an open-source agent runtime with gVisor and MitM guardrails https://ift.tt/svxomWr

Show HN: CLRK, an open-source agent runtime with gVisor and MitM guardrails TL;DR: we built a framework-agnostic agent runtime that uses gVisor for isolation and runs on k8s. It’s open-source under AGPLv3 Recently we’ve been working on a customer support “AI assistant” - essentially an interactive knowledge base/L1 support but with an option to touch resources that belong to a customer it’s talking to. We found existing tools to be lacking in these aspects: 1. Fully intercepted i/o. We wanted to trace out LLM calls as well as any other networking calls attempted by the harness so that guardrails and audit trails apply to all current and future systems uniformly. Nobody’s agent can accidentally make raw database calls or send PII data to an overseas LLM provider. 2. Coherent API and framework agnostic. There’re a lot of frameworks out there that do similar things in slightly different way and most we found had telemetry, guardrails and other tooling tightly bound into the framework. We wanted something with an infrastructure-first approach because we think it’s a more flexible way to compose such systems. 3. k8s compatible runtime. We run part of our stack on k8s and know it well so we wanted to take advantage of this if we could. We searched for an existing solution, but especially with Daytona going closed sourced recently, there were no options we could find that were open-source and met our needs, so we built one. A more in-depth design writeup can be found here: https://ift.tt/uWxbMQn Questions, FRs, hot takes or funny insults are welcome! https://ift.tt/rAjmNfg July 7, 2026 at 11:45PM

Show HN: Halo – open-source, tamper-evident runtime evidence for AI agents https://ift.tt/L9JGeMA

Show HN: Halo – open-source, tamper-evident runtime evidence for AI agents Hi HN, I'm Brian, I spent the last few years at Vanta (YC W18), helping startups and enterprises become compliant and I recently started exploring what that might look like in a post-agentic world. The problem Halo solves is: when a company buys an AI agent from a vendor and gives it access to their data, they have no way to check what the agent did with that data. Vendors may have built observability dashboards and audit logs, but those are editable and partisan. SOC 2 and ISO 27001 audit a company's controls, but controls are less predictive when the software is agentic. TLDR: give an agent the same prompt 50 times, and you get 50 slightly different actions/answers - so the only thing worth auditing in a post-agentic world is what happened at runtime. Halo is an open-source project that produces agent runtime evidence. It's a small recorder that records every action an agent takes (eg. tool calls, model calls, data access, etc), and becomes a record in an append-only log. It's hash-chained, so anyone can re-verify. Run the following command to see a fictional example: uvx --from halo-record halo demo --serve Then, delete a line from one of the .jsonl files and reload, and the report will catch that it's been tampered with. To wire up your own agent, run this line of Python: agent = trace(run_my_agent, profile="my-agent", log="audit.jsonl") Then use this to generate a real report and give it to your customers: halo report audit.jsonl -o report.html Disclaimer: this proves integrity, not completeness (as a self-held chain proves nothing was edited but does NOT prove that nothing was omitted). Catching this requires a witness outside the vendor and is what I'm working on next. Halo is Apache-2.0, contains zero runtime dependencies, and is about 4,300 lines of Python with 125 tests (if you prefer TypeScript, here's that repo: https://ift.tt/IbjQTE7 ). Give it a try, and please let me know if you have any feedback! https://ift.tt/7t9W4wb July 7, 2026 at 06:07PM

Monday, July 6, 2026

Show HN: Dike is a compliance gateway for AI products in the EU https://ift.tt/iU1Pkg3

Show HN: Dike is a compliance gateway for AI products in the EU https://d1k3.com July 7, 2026 at 12:46AM

Show HN: orzma – a terminal emulator that renders webviews inside the terminal https://ift.tt/2EozUg8

Show HN: orzma – a terminal emulator that renders webviews inside the terminal I made this because I thought it would be useful to be able to use a webview in the terminal. I also provide an SDK called ratatui_orzma. For example, I think it could be used to render rich UI components such as charts with a webview as part of a TUI application, port web tools to ratatui, or embed games built with Wasm inside the terminal. https://ift.tt/8AvNoka July 6, 2026 at 11:20PM

Sunday, July 5, 2026

Show HN: Social and context-aware AI platform to do math https://ift.tt/KxE4rlM

Show HN: Social and context-aware AI platform to do math Hi HN, This is ProofTree, and in TLDR: it is a platform where you can chat with an AI to do math, the way you already do, with context-awareness and knows how you personally do math, connected to the fora of other live human mathematicians. So, when you are talking to an AI about a proof at 3 am, and you need a human expert looking at it, or a discussion around it, like you do on StackExchange, this is it! You need an approved email account to use it, so please write here if you would live to try it out. https://ift.tt/me5lb7v July 6, 2026 at 12:06AM

Show HN: Osint tool that finds exposed files on domains https://ift.tt/i8AguaF

Show HN: Osint tool that finds exposed files on domains hey guys, wanted to show one of my side projects i just made public. the idea is basically another osint tool for pentesters and bug bounty hunters. it watches certificate transparency logs and checks newly-seen domains for exposed stuff like .env files, open .git dirs, config files, db dumps and so on, and puts whatever it finds into a searchable db. you just search a domain (or part of one) and see what's exposed. it's read-only and free. one thing i've been thinking about adding is a way to register for certain keywords and get notified when something new shows up for that search. would love to hear if you have other ideas for useful features, and also ideas for how to reduce abuse of the data, since that's the part i'm least sure about. https://ift.tt/J0SZCn2 https://ift.tt/J0SZCn2 July 6, 2026 at 12:24AM

Show HN: Meon – declarative flat-parsing engine (SoA, no AST) https://ift.tt/cMNjsg8

Show HN: Meon – declarative flat-parsing engine (SoA, no AST) https://ift.tt/ANGIb6K July 5, 2026 at 09:43PM