Hacker News: ollybrinkman

New comment by ollybrinkman in "Tell HN: I'm 60 years old. Claude Code has re-ignited a passion"

ollybrinkman — Sat, 07 Mar 2026 14:03:06 +0000

The "experience as the real asset" point resonates deeply. I've been building agent orchestration systems and the difference between junior and senior use of AI tools is stark.

Juniors prompt "build me X" and get frustrated when it goes sideways. Seniors architect the constraints first - acceptance criteria, test harness, API boundaries - then let the AI fill in mechanical work.

The real shift: AI makes the cost of prototyping near-zero, which paradoxically makes taste and judgment MORE valuable. When you can spin up 5 approaches in a weekend, knowing which one to actually ship becomes the bottleneck.

The folks who defined their value as "typing code" will struggle. The folks who defined their value as "knowing what to build and how to verify it works" are thriving.

New comment by ollybrinkman in "LLMs work best when the user defines their acceptance criteria first"

ollybrinkman — Sat, 07 Mar 2026 14:02:23 +0000

This maps directly to the shift happening in API design for agent-to-agent communication.

Traditional API contracts assume a human reads docs and writes code once. But when agents are calling agents, the "contract" needs to be machine-verifiable in real-time.

The pattern I've seen work: explicit acceptance criteria in API responses themselves. Not just status codes, but structured metadata: "This response meets JSON Schema v2.1, latency was 180ms, data freshness is 3 seconds."

Lets the calling agent programmatically verify "did I get what I paid for?" without human intervention. The measurement problem becomes the automation problem.

Similar to how distributed systems moved from "hope it works" to explicit SLOs and circuit breakers. Agents need that, but at the individual request level.

New comment by ollybrinkman in "[dead]"

ollybrinkman — Wed, 04 Mar 2026 15:25:57 +0000

We just tested our x402 payment infrastructure with real micropayments on Base L2.

Replace API keys with pay-per-call. Agents send USDC on Base, gateway validates payment, proxies to backend, returns data.

Tested $2.27 USDC across 50+ API calls. Everything worked.

Tech: Node.js + Fly.io + Base L2 + x402

All 4 backend APIs deployed in ~10 min. Agent integration: <5 min.

Building the payment layer for the agent economy.

GitHub: https://github.com/obcraft/Apiosk

New comment by ollybrinkman in "Perplexity Computer – The Age of AI Agents Is Here"

ollybrinkman — Fri, 27 Feb 2026 11:49:02 +0000

The age of AI agents needs infrastructure to match. Right now, most agents are bottlenecked by API access — every integration requires a human to set up accounts, manage API keys, and handle billing.

We're working on this at the infrastructure layer: pay-per-request APIs where agents authenticate with payments instead of keys. 16 APIs live today, all accessible with just a wallet address.

New comment by ollybrinkman in "Show HN: We built a public CTF to stress-test AI agent guardrails"

ollybrinkman — Fri, 27 Feb 2026 11:48:59 +0000

Interesting approach to security testing. One angle we've been exploring: what if the authentication layer itself was the guardrail?

With x402, every API call requires a signed payment. No API keys to steal, no credentials to leak. The economic cost of each call is itself a rate limiter and audit trail.

Not a replacement for proper guardrails, but it eliminates the credential-based attack surface entirely.

New comment by ollybrinkman in "Show HN: Caddy plugin that charges AI crawlers real USDC to access your site"

ollybrinkman — Fri, 27 Feb 2026 11:48:55 +0000

This is a great approach. We built something complementary — Apiosk is an API gateway where AI agents pay per request using USDC on Base via x402.

The idea is the same: use HTTP 402 as real payment infrastructure, not just a status code that never got used.

We have 16 live APIs (weather, prices, news, PDF generation, etc.) that agents can call without any API keys — just a wallet.

https://apiosk.com

New comment by ollybrinkman in "Show HN: AgentBudget – Real-time dollar budgets for AI agents"

ollybrinkman — Thu, 26 Feb 2026 10:16:32 +0000

Interesting to see budget enforcement paired with x402. We've been building in the same space — Apiosk (https://apiosk.com) approaches it from the server side: a gateway that enforces per-request x402 payments so API providers can monetize without accounts or keys.

Your budget SDK + Apiosk would be a natural combo — the agent has a spending ceiling (AgentBudget) and the APIs it calls use x402 for micropayments (Apiosk handles gateway/verification). Have you thought about hooks for x402-aware budget tracking where the ledger automatically records on-chain settlements?

New comment by ollybrinkman in "Keep Android Open"

ollybrinkman — Sat, 21 Feb 2026 19:34:30 +0000

Openness at the OS level matters less if the platform layer above it is closed. Even on Android you're dependent on Google Play Services for payments, push notifications, and maps — all closed. The real battle is at the API and payments layer. The web had a brief moment of openness there, but we ended up with Stripe, Twilio, etc. as de facto monopolies. The next round will be interesting with AI agents that can programmatically switch providers based on price.

New comment by ollybrinkman in "I verified my LinkedIn identity. Here's what I handed over"

ollybrinkman — Sat, 21 Feb 2026 19:34:13 +0000

The deeper issue here is that centralized identity verification creates honeypots. You hand over real identity data to verify yourself, and now that data lives in LinkedIn's systems indefinitely. The alternative direction is zero-knowledge proofs for identity — prove you're a real person without revealing which person. Projects like World ID are going this direction. The irony is that for AI agents, none of this matters: they don't have identities to verify, which is actually a feature.

New comment by ollybrinkman in "Claws are now a new layer on top of LLM agents"

ollybrinkman — Sat, 21 Feb 2026 19:33:57 +0000

The challenge with layering on top of LLM agents is payment — agents need to call external tools and services, but most APIs still require accounts and API keys that agents can't manage. The x402 standard (HTTP 402 + EIP-712 USDC signatures) solves this cleanly: agent holds a wallet, signs a micropayment per call, no account needed. Worth considering as a primitive for agent-to-agent commerce in these architectures.

New comment by ollybrinkman in "The Problem with AI Agents Isn't Identity, It's Authorization"

ollybrinkman — Wed, 18 Feb 2026 20:30:36 +0000

The MCP ecosystem crystallizes this problem perfectly. When you connect an agent to an MCP server, you're not granting scopes — you're granting capabilities. Most MCP server implementations don't differentiate between 'list' and 'delete' at the authorization layer; they're a single connection with all tools available.

This is a design collision: OAuth was built around the assumption that a human reviews scopes once and an app uses them predictably. Agents break both assumptions — they operate continuously and make decisions non-deterministically.

The approach I've found most promising: treat each tool invocation as a separate authorization event with its own budget constraints and resource limits, rather than relying on a session-level grant. It's more overhead, but it changes the threat model substantially — 'this agent can make 100 read-only API calls per hour' is a much safer primitive than 'this agent has read access.'

Show HN: Apiosk – Self-service API marketplace with per-request USDC payments

ollybrinkman — Sun, 15 Feb 2026 17:57:28 +0000

Article URL: https://apiosk.com

Comments URL: https://news.ycombinator.com/item?id=47025795

Points: 1

# Comments: 0

Show HN: Apiosk – Pay-per-request API gateway with USDC (no API keys)

ollybrinkman — Sat, 14 Feb 2026 01:27:46 +0000

Article URL: https://apiosk.com

Comments URL: https://news.ycombinator.com/item?id=47010410

Points: 1

# Comments: 0

New comment by ollybrinkman in "Replacing API keys with payments (HTTP 402 / x402)"

ollybrinkman — Mon, 02 Feb 2026 08:52:34 +0000

Hi HN — I’m building a payment-native API gateway for AI agents and developers.

API keys and subscriptions don’t work well for autonomous software: they require accounts, secrets, and prior trust before a single request can be made.

This gateway flips that model. Instead of authenticating, clients pay per request using HTTP 402 + x402. No API keys, no accounts, no Stripe integration for providers.

How it works: • The gateway proxies any existing API • Paid endpoints return 402 Payment Required • The client (or agent) attaches a USDC payment • The request is replayed and forwarded upstream

Current features: • OpenAI-compatible proxy mode • Provider dashboard for endpoints + pricing • Curl + SDK examples for agents • Runs as a single Rust binary or Docker

I’m looking for: • API providers who want to monetize endpoints without building billing/auth • Agent / LLM developers who want APIs that charge per tool call instead of monthly plans

Happy to answer technical questions — especially around latency, trust model, and failure modes.

Replacing API keys with payments (HTTP 402 / x402)

ollybrinkman — Mon, 02 Feb 2026 08:52:34 +0000

Article URL: https://apiosk.com

Comments URL: https://news.ycombinator.com/item?id=46853847

Points: 2

# Comments: 1