HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ericlevine

no profile record

Submissions

OAuth Is Broken for AI Agents

levine.tech
4 points·by ericlevine·4 tháng trước·0 comments

Porting barcode scanning library ZXing to Go with Claude Code

levine.tech
1 points·by ericlevine·5 tháng trước·0 comments

comments

ericlevine
·2 tháng trước·discuss
This really hits the nail on the head. The current permissions models are totally broken IMO. You're either approving everything, restricting access and neutering your agent, or full YOLOing and, well, good luck. The right primitives are not in place yet, and there's no clearly correct answers.

I think the right primitive is "task-based authorization", where you review a high-level task and let an LLM judge decide whether the subsequent tool calls fall into the scope of that task. It's not perfect, but it distills dozens of approvals down to one and gives you risk-based signals of whether you should pay close attention or not.
ericlevine
·4 tháng trước·discuss
This is fantastic. There are a ton of use cases where you'd want to be able to build an integration that hooks back to your running agent session. OpenClaw has this today, but it's pretty janky. Hopefully this is coming to Claude Cowork as well.

My use case is that I have a separate system that provides human approvals for what my agent can do. Right now, I've had to resort to long-polling to give a halfway decent user experience. But webhooks are clearly the right solution. Curious to see how it ends up being exposed outside of these initial integrations.
ericlevine
·4 tháng trước·discuss
Totally fair feedback, and it’s true, many of these are synthetic evals with a few that were still synthetically produced but guided. At this point, because it’s all self-hosted, I only have my own data set. The places where it fails (for me) today are due to feature gaps rather than LLM mistakes. This is a new project that has not been widely announced, so my user base today is small but growing. If you give it a whirl and find it making mistakes, please send them my way! :)
ericlevine
·4 tháng trước·discuss
Absolutely. You can see the evals here:

https://github.com/clawvisor/clawvisor/blob/main/internal/in...

And the results here: https://github.com/clawvisor/clawvisor/blob/main/internal/in...
ericlevine
·4 tháng trước·discuss
> Connecting your email is still a risk.

> If you’ve built something agents want, please let us know. Comments welcome!

I'll bite! I've built a self-hosted open source tool that's intended to solve this problem specifically. It allows you to approve an agent purpose rather than specific scopes. An LLM then makes sure that all requests fit that purpose, and only inject the credentials if they're in line with the approved purpose. I (and my early users) have found substantially reduces the likelihood of agent drift or injection attacks.

https://github.com/clawvisor/clawvisor
ericlevine
·4 tháng trước·discuss
Completely agree. As soon as I had OpenClaw working, I realized actually giving it access to anything was a complete nonstarter after all of the stories about going off the rails due to context limitations [1]. I've been building a self-hosted open sourced tool to try to address this by using an LLM to police the activity of the agent. Having the inmates run the asylum (by having an LLM police the other LLM) seemed like an odd idea, but I've been surprised how effective it's been. You can check it out here if you're curious: https://github.com/clawvisor/clawvisor clawvisor.com

[1] https://www.tomshardware.com/tech-industry/artificial-intell...