HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cracadumi

no profile record

Submissions

Show HN: AgentKey – Access governance for AI agents

agentkey.dev
3 points·by cracadumi·3 bulan yang lalu·1 comments

comments

cracadumi
·2 bulan yang lalu·discuss
Not intrinsically English-bound; the first version had English metadata/anchor assumptions. I just made it language-configured and added --lang fr. It preserves Unicode/diacritics and builds the French Vatican page too.

v1.1 has both EN/FR EPUBs.
cracadumi
·2 bulan yang lalu·discuss
Yes for the plumbing, no for the text.

Codex helped write the converter, but the EPUB text is parsed from the Vatican HTML. The script doesn’t rewrite or summarize anything; it just repackages the source into EPUB with TOC, footnotes, metadata, and cover.
cracadumi
·2 bulan yang lalu·discuss
I didn't see an EPUB, so I made one from the Vatican HTML: TOC + footnotes, passes epubcheck.

https://github.com/n2ctech/magnifica-humanitas-epub/releases...
cracadumi
·3 bulan yang lalu·discuss
[dead]
cracadumi
·3 bulan yang lalu·discuss
Maker here. Short version of why this exists: I got tired of pasting API keys into .env files every time I spun up a new agent. No record of which agent had access to what, no approval workflow, no audit, no revocation story.

AgentKey flips the model. Agents start with zero access. They request tools with a reason via HTTP. A human approves once, and the credential is vended encrypted (AES-256-GCM, per-record IV) only when an agent actually fetches it — never stored by the agent itself. Every request, approval, and credential fetch is in an append-only audit log.

Two things I think are actually interesting vs existing secrets managers:

1. Agent-driven catalog. If an agent needs a tool that isn't in the catalog, it submits a suggestion with a reason. Multiple agents can back the same suggestion, so admins see aggregated demand instead of one-off tickets. That's the "wild" part that makes it feel different from Vault-style vaults.

2. License choice. BSL 1.1, auto-converting to Apache 2.0 on April 1, 2030. I wanted source-available + self-hostable without giving cloud providers a free managed service until the market shakes out. Happy to debate that choice.

Stack: Next.js 16, Drizzle + Postgres (Neon), Upstash for rate limiting, Clerk for human auth, deployed on Vercel. API keys verified with timing-safe compare. No SDK — just HTTP, so anything that can make a request works (Claude Code, Cursor, LangChain, CrewAI, custom).

Things I know are rough: no pre-seeded integration catalog (you add tools yourself, optionally via an AI-drafted setup guide from a docs URL), V1 has no RBAC inside an org, shared credential rotation is still manual. All solvable, but honest about where it is.

Free forever managed, or self-host. Would love brutal feedback — architecture, the agent-driven catalog bet, the BSL decision, threat model, anything.