Hacker News: brianwmunz

New comment by brianwmunz in "Write less code, be more responsible"

brianwmunz — Tue, 14 Apr 2026 01:16:19 +0000

Honestly I think you can tell pretty quickly if a company or person is approaching AI from the viewpoint of accelerating development and innovation or just looking to do the same amount of work with less people. The space has been flooded by mean-spirited people who love the idea of developers becoming obsolete, which is a viewpoint that isn't working out for a lot of companies right now...many are already scrambling to rehire. Approaching the situation practically, integrating AI as a tool and accelerator is the much smarter way and if done right will pay for itself anyway.

New comment by brianwmunz in "Ask HN: Do you trust AI agents with API keys / private keys?"

brianwmunz — Mon, 13 Apr 2026 13:00:37 +0000

Most of this thread is about protecting keys on a single developer's machine, but the problem gets way harder when you're managing credentials across customer tenants... env vars and secrets managers don't solve the orchestration problem as much the storage problem. The hard part is making sure the right token gets used for the right customer's API call at the right time without any cross-tenant leakage.

New comment by brianwmunz in "Show HN: AI agents are bad at API integrations – we fixed it"

brianwmunz — Sat, 11 Apr 2026 18:43:04 +0000

PayPal benchmark is a smart way to launch this I think...showing real numbers on a recognizable API gives people something concrete to evaluate against. The 65% token reduction is probably the stat that'll matter most to teams watching API costs. One thing I'd be a little worried about is how this handles APIs that version aggressively or have breaking changes between major versions. The context packaging seems like it'd get complicated fast when you're maintaining accuracy across v1 and v2 of the same API simultaneously.

New comment by brianwmunz in "Ask HN: How do you enforce least-privilege when an API token has full access?"

brianwmunz — Sun, 15 Mar 2026 15:59:00 +0000

A good idea is to build thin proxy layers that map "coarse" upstream tokens to more fine tuned internal permissions. The proxy holds the real API token and your internal services authenticate with scoped tokens that only allow specific endpoints/operations. Works well but you're basically rebuilding OAuth scoping yourself...which is why some teams just accept the risk and focus their security effort on token rotation and monitoring instead.

New comment by brianwmunz in "My Website's API Was Flagged as Phishing–and I Still Don't Know Why"

brianwmunz — Fri, 13 Mar 2026 02:49:27 +0000

I've seen similar with AWS where an API endpoint got flagged for "suspicious traffic patterns" just because it was serving webhooks at irregular intervals. The appeal process took weeks and nobody could explain what triggered it. Firebase's tooling for this stuff feels like a black box.

New comment by brianwmunz in "Create Google API credentials in 50 easy steps (2023)"

brianwmunz — Wed, 11 Mar 2026 00:34:24 +0000

Lol...Google's credential setup really is the worst part of building anything with their APIs. The actual API calls are usually fine, but getting there feels like a bureaucracy designed by people who never had to use it themselves.

New comment by brianwmunz in "Advice for Operating a Public-Facing API (2023)"

brianwmunz — Tue, 10 Mar 2026 02:53:50 +0000

I know this is old but the OAuth advice aged well. Two years later it's still the part of every integration project that eats the most time relative to how simple it seems... Prefixed tokens especially is one of those things that seems obvious in hindsight but saves a ton in support.

New comment by brianwmunz in "MCP Won't Solve Enterprise AI Integration (We're Missing a Layer)"

brianwmunz — Tue, 10 Mar 2026 02:49:45 +0000

The missing middleware layer is real... MCP handles the wire format but you still need something managing OAuth flows, token refresh, rate limiting, schema mapping per user etc... all the operational stuff. Authentication alone is brutal when you've got dozens of different OAuth implementations each with their own issues around scopes and refresh logic which is where most integrations get bogged down

New comment by brianwmunz in "Show HN: Mcp2cli – One CLI for every API, 96-99% fewer tokens than native MCP"

brianwmunz — Tue, 10 Mar 2026 02:30:11 +0000

The token savings bit is interesting but seems incomplete without showing that tool call accuracy holds up. I like the CLI-as-interface idea...the model already knows how to use CLIs, and on-demand discovery is genuinely smarter than front-loading every schema. How are you handling cases where a tool's schema changes between discovery and invocation? is there a cache invalidation story there or does it just re-fetch?

New comment by brianwmunz in "We went from 13 to 48 tools in our trading risk API for AI agents"

brianwmunz — Mon, 09 Mar 2026 20:08:25 +0000

Very cool..did you build this as one monolithic API with 48 endpoints, or separate services?

New comment by brianwmunz in "Show HN: Mnemora – Serverless memory DB for AI agents (no LLM in your CRUD path)"

brianwmunz — Fri, 06 Mar 2026 04:36:54 +0000

The no-LLM-in-CRUD-path thing makes sense...I've seen teams hit real latency walls routing every memory operation through inference. What's your thinking around retrieval patterns? Most agent memory systems I've worked with end up needing vector similarity for semantic search but also structured queries for stuff like "all conversations from last week." Are you planning to support both or staying vector-focused?