HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Jonathanfishner

156 karmajoined 7 yıl önce
building dev tools, chartdb.io and now clawe.ai

Submissions

MCP gateway can't see most of what your agent does

onecli.sh
1 points·by Jonathanfishner·dün·1 comments

Google Unveils AppFunctions to Connect AI Agents and Android Apps

infoq.com
2 points·by Jonathanfishner·4 ay önce·0 comments

Show HN: Clawe – open-source Trello for agent teams

github.com
62 points·by Jonathanfishner·5 ay önce·41 comments

Show HN: ChartDB Cloud – Visualize and Share Database Diagrams

app.chartdb.io
101 points·by Jonathanfishner·11 ay önce·13 comments

comments

Jonathanfishner
·3 ay önce·discuss
[dead]
Jonathanfishner
·3 ay önce·discuss
[dead]
Jonathanfishner
·4 ay önce·discuss
Creator of OneCLI here.

On (1), the agent runs in its own container where OneCLI doesn't exist. It can't spin up OneCLI or access its process because it's completely isolated from it. The agent only ever sees placeholder tokens, the real secrets live in a separate container it has no way to reach.

On (2), we actually address this with OneCLI Rules, deterministic constraints enforced at the proxy level before a request ever hits the API. So the agent doesn't need to "behave", it just can't do what the rules don't allow. Would love to hear more about your signed tokens approach.
Jonathanfishner
·4 ay önce·discuss
that's exactly the idea. appreciate you framing it so clearly
Jonathanfishner
·4 ay önce·discuss
Re IronClaw is probably the most hardened open-source implementation I've seen for this, but a sufficiently clever prompt injection against the built-in tools (especially shell) could still reach secrets.

Re TLS: OneCLI itself runs in a separate container, acting as an HTTPS proxy. The SDK auto-configures agent containers with proxy env vars + a local CA cert. When the agent hits an intercepted domain, OneCLI terminates TLS, swaps placeholder tokens for real creds, and forwards upstream. Containers never touch actual keys.

More here: https://www.onecli.sh/docs/sdks/node#how-it-works

Re 1Password adapters: not yet, but on the roadmap.
Jonathanfishner
·4 ay önce·discuss
It's not the same. The core overlap is that agents shouldn't be holding raw credentials, that part isn't new, agreed. But the problem space goes further when you're building for agents specifically:

- Requiring human approval before sensitive actions go through (as @guyb3 mentioned in the post)

- Managing short-lived JWT tokens (refresh/access) with tight TTLs.

- Scoping permissions per-session rather than per-service

Auth-proxying solves the "don't give the box your API key" part. But the approval layer and token lifecycle management are what make this agent-specific, not just "SSO proxy repackaged."
Jonathanfishner
·5 ay önce·discuss
i have 34 more minutes to edit this post, give me something good and i'll change it
Jonathanfishner
·12 ay önce·discuss
We’re building ChartDB - an open-source tool to visualize and edit your database schema.

Supports Postgres, MySQL, SQLite, MSSQL, ClickHouse. Includes AI export to generate DDL in any SQL dialect.

17.5k+ GitHub stars, Feedback welcome!

https://github.com/chartdb/chartdb https://www.chartdb.io