Hacker News: brian_r_hall

New comment by brian_r_hall in "Ask HN: What was your "oh shit" moment with GenAI?"

brian_r_hall — Fri, 05 Jun 2026 21:30:11 +0000

I think it's really scary how agents are hallucinating/doing bad actions, then proceeding to gaslight you about how nothing went wrong.

Then you tell the agent that it deleted your whole company database, it says something like "I'm so sorry, I shouldn't have done that. Won't do that again"

As AGI looms overhead, this thought of agents going "rogue" with nothing really stopping them has caused me some panic.

New comment by brian_r_hall in "Ask HN: What is your (AI) dev tech stack / workflow?"

brian_r_hall — Fri, 05 Jun 2026 18:56:58 +0000

For teaching beginners, I’d keep it “boring” at first: VSCode or terminal + Claude Code / Codex on a normal paid plan.

The fancy multi-agent / worktree setups are useful later, but I’d start with a really small loop so they understand the basics first. Ask for one change, read the diff, run it, understand it.

If you jump straight into multi-agent stuff, n8n-style nodes, etc., a lot of beginners will just get paralysis by analysis.

Agent guardrails are mostly theater

brian_r_hall — Tue, 05 May 2026 15:27:07 +0000

Article URL: https://github.com/faramesh/faramesh-core

Comments URL: https://news.ycombinator.com/item?id=48023859

Points: 3

# Comments: 0

New comment by brian_r_hall in "Show HN: Discover Indie Version of Popular SaaS Products"

brian_r_hall — Sun, 22 Mar 2026 21:15:44 +0000

Do you have any favorite products on indiehustles?

New comment by brian_r_hall in "A rogue AI led to a serious security incident at Meta"

brian_r_hall — Fri, 20 Mar 2026 17:56:13 +0000

The frustrating part is watching all the careful thinking about reliability and failure modes get thrown out the window the second something new gets hyped. It's not even that people disagree with the principles, they just stop applying them.

New comment by brian_r_hall in "Nvidia NemoClaw"

brian_r_hall — Thu, 19 Mar 2026 14:45:33 +0000

The permission scope debate always ends up in the same place. Lock it down too much and it's useless, loosen it up and you're back to square one. And the boundary keeps moving as the agent gets more capable anyway.

What nobody's really talking about is the moment of action itself. Not whether the agent has bash access but whether this specific call should run given what it's actually trying to do right now. That's a completely different problem and nobody's really solved it.

New comment by brian_r_hall in "Show HN: Context Gateway – Compress agent context before it hits the LLM"

brian_r_hall — Thu, 19 Mar 2026 14:04:55 +0000

Context and governance end up being the same surface area approached from different ends. You're trimming what the agent sees, we've been working on what it's allowed to do once it sees it.

Curious if compression ever shifts how the agent interprets its own scope. Seems like there's a weird edge case hiding in there where you strip just enough context that the policy reasoning breaks down.

New comment by brian_r_hall in "Show HN: A context-aware permission guard for Claude Code"

brian_r_hall — Thu, 19 Mar 2026 13:40:11 +0000

The deny list problem is real but I think the harder issue is that context matters so much. Deleting a temp file and deleting a config file look the same to a classifier.

We've been approaching it from the policy side, define what the agent is allowed to do upfront and evaluate each action before it runs. Human approval for anything that falls outside the policy. Different tradeoffs but same underlying frustration.

Show HN: Faramesh – open-source runtime enforcement for AI agents

brian_r_hall — Wed, 18 Mar 2026 13:47:49 +0000

I'm Brian, co-founder of Faramesh. My co-founder Amjad and I were writing a research paper on AI agents last year, and the deeper we got into how agents actually execute in production the more obvious it became that there's no real solution for execution control. Agents can be sandboxed, they can have network policies, but nothing sits at the action layer and evaluates decisions before they run against an actual policy.

So we built Faramesh.

It intercepts tool calls before they execute, evaluates them against a declarative policy, blocks or approves, and logs everything. Works with LangChain, CrewAI, AutoGen, MCP, LangGraph. Open source, no signup. You can clone it and have it running against your agent in a few minutes.

The OpenShell announcement from NVIDIA this week is a good reference point for where Faramesh fits. OpenShell handles what the agent can reach. Faramesh handles what the agent is allowed to do once it gets there. Different layers.

Would love feedback from anyone running agents in production, especially where you've hit cases where access controls weren't enough.

github.com/faramesh-labs/faramesh -- faramesh.dev

Comments URL: https://news.ycombinator.com/item?id=47425779

Points: 1

# Comments: 0