Hey HN. I'm a solo dev who could never figure out what to actually do with my analytics data. I'd open Mixpanel, look at charts, and close the tab. The data was there but I didn't have the expertise to turn it into decisions.
So I built Lurnna. You add a 3.5kb script tag (vanilla TypeScript, zero dependencies, no cookies). It auto-captures page views, clicks, sessions, and JS errors. Every morning at 6 AM it analyzes the last 24 hours and sends you 3-5 plain-English insights with specific actions.
The insight engine works in four stages:
1. SDK captures events and batches them every 5s (uses sendBeacon on unload)
2. Events go into Supabase PostgreSQL with monthly partitioning
3. Daily cron aggregates into structured summaries
4. Summary gets sent to Claude Sonnet with a system prompt tuned for growth analysis. Returns categorized insights (retention, acquisition, engagement, anomalies) each with a specific action item
The SDK respects Do Not Track, uses sessionStorage instead of cookies, and never stores IPs. 3.5kb gzipped.
Stack: Next.js 14, Supabase, Claude API, Resend for email delivery, Vercel for hosting.
Still in private beta. Looking for devs with live web apps who want to test it. The main thing I need to validate is whether the AI insights are actually useful or just noise.
Happy to answer questions about the architecture or the prompt engineering approach.
I wrote a technical whitepaper exploring runtime governance for autonomous AI agents.
The paper focuses on execution level control rather than intent alignment, with a goal of clarifying how authority can be enforced in long running autonomous systems.
This is not a product launch. I am looking for technical and security feedback.
The browser sandbox is incredible for isolated code execution, but I've found it tricky for "local agent" workflows where you actually want the LLM to use the host CLI or filesystem, just safely.
I built a process supervisor (Vallignus) for that specific "OS-level" use case. It wraps the agent to enforce egress filtering and loop detection so it can use local tools without running wild.
The "token and time sink" point is huge. I've found that even when agents can install deps, they often get stuck in reasoning loops trying to fix a "build toolchain issue" that is actually just a hallucinated package name.
I built a local runtime supervisor (Vallignus) specifically to catch these non-converging loops. It wraps the agent process to enforce egress filtering (blocking those random pip installs) and hard execution limits so they don't burn $10 retrying a fail state.
Hi HN, I built this because I kept running into the same problem: AI agents need to log into websites, and everyone (including me) just hardcodes cookies. It's insecure and breaks constantly.
AgentAuth is a Python SDK that:
- Stores sessions in an encrypted vault (not in your code)
- Gives each agent a cryptographic identity (Ed25519 keys)
- Scopes access (agent X can only access linkedin.com)
- Logs all access for auditing
I also built a Chrome extension that exports cookies with one click.
The goal is to become the identity layer for AI agents — like how OAuth standardized user auth, but for agents.
Would love feedback, especially from anyone building agents or dealing with browser automation.
So I built Lurnna. You add a 3.5kb script tag (vanilla TypeScript, zero dependencies, no cookies). It auto-captures page views, clicks, sessions, and JS errors. Every morning at 6 AM it analyzes the last 24 hours and sends you 3-5 plain-English insights with specific actions.
The insight engine works in four stages:
1. SDK captures events and batches them every 5s (uses sendBeacon on unload) 2. Events go into Supabase PostgreSQL with monthly partitioning 3. Daily cron aggregates into structured summaries 4. Summary gets sent to Claude Sonnet with a system prompt tuned for growth analysis. Returns categorized insights (retention, acquisition, engagement, anomalies) each with a specific action item
The SDK respects Do Not Track, uses sessionStorage instead of cookies, and never stores IPs. 3.5kb gzipped.
Stack: Next.js 14, Supabase, Claude API, Resend for email delivery, Vercel for hosting.
Still in private beta. Looking for devs with live web apps who want to test it. The main thing I need to validate is whether the AI insights are actually useful or just noise.
Happy to answer questions about the architecture or the prompt engineering approach.