Hacker News: tomjwxfhttps://news.ycombinator.com/user?id=tomjwxfHacker News RSShttps://hnrss.org/hnrss v2.1.1Fri, 24 Apr 2026 21:15:45 +0000<![CDATA[New comment by tomjwxf in "Show HN: Cq – Stack Overflow for AI coding agents"]]>my core thesis is that AGI is here, it just needs accountability and efficient frameworks to navigate our arbitrary world

]]>Sat, 28 Mar 2026 00:43:54 +0000https://news.ycombinator.com/item?id=47550311tomjwxfhttps://news.ycombinator.com/item?id=47550311https://news.ycombinator.com/item?id=47550311<![CDATA[New comment by tomjwxf in "MCP Security 2026: 30 CVEs in 60 Days"]]>The gateway approach (OAuth + RBAC) solves the perimeter problem — who can connect. protect-mcp solves a different layer — what can they do once connected, and how do you prove it.

It wraps any MCP server as a stdio proxy. Per-tool policies (block, rate-limit, require human approval). Every decision gets an Ed25519-signed receipt that's verifiable offline — no callbacks, no accounts.

The two layers stack: your gateway authenticates the caller, protect-mcp constrains which tools they can call and signs the evidence.

npx protect-mcp -- node your-server.js

MIT licensed. The receipts protocol has an IETF Internet-Draft: https://datatracker.ietf.org/doc/draft-farley-acta-signed-re...

npm: https://npmjs.com/package/protect-mcp

]]>Fri, 27 Mar 2026 06:08:54 +0000https://news.ycombinator.com/item?id=47539539tomjwxfhttps://news.ycombinator.com/item?id=47539539https://news.ycombinator.com/item?id=47539539<![CDATA[New comment by tomjwxf in "Show HN: Automate your workflow in plain English"]]>The staged autonomy pattern ("trust is earnable") maps directly to what we built with protect-mcp — shadow mode first (log everything, block nothing), then enforce when you've seen enough data to trust the policies.

For the prompt injection concern: protect-mcp wraps MCP tool calls with per-tool policies. Even if the agent gets injected, it can't call tools outside the policy. Every decision is optionally Ed25519-signed and verifiable offline.

npmjs.com/package/protect-mcp

]]>Wed, 25 Mar 2026 23:37:29 +0000https://news.ycombinator.com/item?id=47524799tomjwxfhttps://news.ycombinator.com/item?id=47524799https://news.ycombinator.com/item?id=47524799<![CDATA[New comment by tomjwxf in "Show HN: Cq – Stack Overflow for AI coding agents"]]>This is exactly right. We implemented delegation receipts — Agent A grants scoped authority to Agent B, producing a signed receipt. B's subsequent actions reference A's delegation receipt. An auditor can trace the full chain from human principal to agent action.

The fiduciary analogy is spot on. Every receipt in the chain is independently verifiable: npx @veritasacta/verify --self-test

]]>Wed, 25 Mar 2026 23:36:34 +0000https://news.ycombinator.com/item?id=47524788tomjwxfhttps://news.ycombinator.com/item?id=47524788https://news.ycombinator.com/item?id=47524788<![CDATA[Signed receipts for MCP tool calls – prove what your agent did]]>Article URL: https://www.npmjs.com/package/protect-mcp

Comments URL: https://news.ycombinator.com/item?id=47516528

Points: 2

# Comments: 0

]]>Wed, 25 Mar 2026 12:37:57 +0000https://www.npmjs.com/package/protect-mcptomjwxfhttps://news.ycombinator.com/item?id=47516528https://news.ycombinator.com/item?id=47516528