HackerTrans
TopNewTrendsCommentsPastAskShowJobs

liad

no profile record

Submissions

96.8% of MCP tool descriptions don't warn the agent about destructive behaviour

policylayer.com
4 points·by liad·hace 2 meses·0 comments

[untitled]

1 points·by liad·hace 4 meses·0 comments

[untitled]

1 points·by liad·hace 4 meses·0 comments

[untitled]

1 points·by liad·hace 4 meses·0 comments

[untitled]

1 points·by liad·hace 4 meses·0 comments

[untitled]

1 points·by liad·hace 4 meses·0 comments

[untitled]

1 points·by liad·hace 5 meses·0 comments

Show HN: PolicyLayer – Non-custodial spending limits for AI agents

policylayer.com
1 points·by liad·hace 5 meses·0 comments

[untitled]

1 points·by liad·hace 6 meses·0 comments

Show HN: Agent Spending Controls – Enforce spending limits without custody

github.com
2 points·by liad·hace 9 meses·1 comments

A Framework for Building an Agentic Business

linkedin.com
1 points·by liad·hace 10 meses·0 comments

comments

liad
·hace 4 meses·discuss
We're working on spend controls for AI agents using MPP. The protocol handles how agents pay, but there's no standard way to enforce budgets before payment happens.

How people here are handling this. When your agent hits a $35 API call, or gets stuck in a retry loop on a $0.50/req service, what stops it from draining the wallet?

Are wallet-level caps enough? Are you writing custom budget checks in your agent code? Or just not worrying about it yet?

We built an open source MCP proxy (github.com/policylayer/intercept) that enforces policy on tool calls. Thinking about extending it to read the -32042 payment challenge, check the amount against a budget, and allow/deny/hold for approval before the wallet pays.

Would love to hear if this is a real pain or a theoretical one.
liad
·hace 4 meses·discuss
Wraps any MCP server and checks every tool call before it runs. (Open Source)
liad
·hace 5 meses·discuss
would policylayer.com be helpful to you?
liad
·hace 5 meses·discuss
Nice kit. One gap in x402 flows: no standard way to express "this agent can spend up to $X/day on these API categories." Payment primitive works, but the authorization/policy layer is ad hoc. Working on this at PolicyLayer — programmable spend policies for agent wallets.
liad
·hace 6 meses·discuss
A real-time Kanban board for monitoring Claude Code tasks. See what Claude is working on, track dependencies between tasks, and add notes that Claude can read.
liad
·hace 9 meses·discuss
AI agents need to make autonomous payments, but if you give them direct wallet access, they can drain your funds. Custodial solutions create liability and trust issues. Building custom controls takes weeks.

## The Solution

A two-gate enforcement model:

1. *Gate 1 (Validate)*: Agent requests payment → Policy engine checks limits → Issues single-use authorization token 2. *Gate 2 (Verify)*: Before signing → Verify token + check for tampering → Only then sign transaction

Your keys never leave your infrastructure. Policy enforcement happens before signing.

Currently demonstrated with Tether WDK on Ethereum, but the wrapper pattern works with any wallet SDK.
liad
·hace 10 meses·discuss
[dead]