Hacker News: goodra7174https://news.ycombinator.com/user?id=goodra7174Hacker News RSShttps://hnrss.org/hnrss v2.1.1Mon, 27 Apr 2026 11:55:37 +0000<![CDATA[New comment by goodra7174 in "Show HN: Implit – Catch fake AI-generated dependencies"]]>How does it know its ai generated ? How does it validate that ?

]]>Sun, 26 Apr 2026 12:27:08 +0000https://news.ycombinator.com/item?id=47909779goodra7174https://news.ycombinator.com/item?id=47909779https://news.ycombinator.com/item?id=47909779<![CDATA[New comment by goodra7174 in "Show HN: Run coding agents in microVM sandboxes instead of your host machine"]]>The tmpfs overlay approach is smart — writes never touch the host. We've been solving a related but different problem: running AI agent workloads (not just coding agents) in production Kubernetes clusters where the agents can't make outbound calls at all. Air-gapped environments where the LLM inference runs on-cluster via Ollama or vLLM.

The isolation model is different — instead of protecting the developer's machine, we're protecting the enterprise's network from the agent. NetworkPolicies + FQDN egress control per agent namespace.

Question: how do you handle persistent state across sessions? If the agent needs to remember what it learned from a previous run, does the tmpfs model break that?

]]>Sat, 25 Apr 2026 10:00:32 +0000https://news.ycombinator.com/item?id=47900155goodra7174https://news.ycombinator.com/item?id=47900155https://news.ycombinator.com/item?id=47900155<![CDATA[New comment by goodra7174 in "Show HN: Agent Vault – Open-source credential proxy and vault for agents"]]>The HTTPS_PROXY approach is clever — interface-agnostic credential brokering without modifying the agent itself.

We ran into the same problem from the infrastructure side. When you're running agent workloads on Kubernetes, the blast radius of a leaked credential scales with whatever the pod's ServiceAccount can reach. We ended up combining Cilium FQDN egress policies (agents can only call approved endpoints) with per-workload tool allowlists enforced at the CRD level. The network-level lockdown means even if the agent is prompt-injected, it physically cannot exfiltrate to an unauthorized domain.

Curious: have you tested AV with agents that make tool calls through MCP servers? The proxy would need to handle the MCP server's outbound requests too, not just the agent's direct calls.

]]>Sat, 25 Apr 2026 10:00:01 +0000https://news.ycombinator.com/item?id=47900150goodra7174https://news.ycombinator.com/item?id=47900150https://news.ycombinator.com/item?id=47900150<![CDATA[New comment by goodra7174 in "Show HN: Agent MCP Studio – build multi-agent MCP systems in a browser tab"]]>Great curious to try it out. Have you posted on Linkedkin as well ?

]]>Sat, 25 Apr 2026 09:25:37 +0000https://news.ycombinator.com/item?id=47900007goodra7174https://news.ycombinator.com/item?id=47900007https://news.ycombinator.com/item?id=47900007<![CDATA[New comment by goodra7174 in "Show HN: A Karpathy-style LLM wiki your agents maintain (Markdown and Git)"]]>I was looking for something similar to try out. Cool!

]]>Sat, 25 Apr 2026 09:14:34 +0000https://news.ycombinator.com/item?id=47899960goodra7174https://news.ycombinator.com/item?id=47899960https://news.ycombinator.com/item?id=47899960