Related: The RCE that AMD won't fix - https://news.ycombinator.com/item?id=46906947 - Feb 2026 (173 comments)
Hacker News
Latest
Who Runs the Ransomware Group 'The Gentlemen?'
2026-06-11 @ 19:23:52Points: 26Comments: 1
Building agents without harness engineering
2026-06-11 @ 17:28:52Points: 17Comments: 2
Software Is Made Between Commits
2026-06-11 @ 16:28:24Points: 146Comments: 98
Solar generates more energy in US than coal for first time
2026-06-11 @ 16:10:05Points: 338Comments: 146
Waymo Premier
2026-06-11 @ 16:10:02Points: 116Comments: 264
The RCE that AMD wouldn't fix
2026-06-11 @ 16:03:40Points: 168Comments: 64
Claude Fable 5: mid-tier results on coding tasks
2026-06-11 @ 16:03:21Points: 109Comments: 31
Petition to Withdraw Canada's Bill C-22
2026-06-11 @ 15:37:23Points: 255Comments: 90
FPS.cob: A first person shooter in COBOL
2026-06-11 @ 15:13:57Points: 80Comments: 49
MiMo Code is now released and open-source
2026-06-11 @ 14:27:19Points: 355Comments: 195
Nextcloud Hub 26 Spring: Built together, designed for the future
2026-06-11 @ 14:17:47Points: 111Comments: 83
MapComplete: Maps about various topics which you can contribute to
2026-06-11 @ 14:04:05Points: 173Comments: 39
Show HN: Homebrew 6.0.0
2026-06-11 @ 13:24:29Points: 680Comments: 162
Happy to discuss any questions here!
Open Reproduction of DeepSeek-R1
2026-06-11 @ 13:14:31Points: 171Comments: 16
Lines of code got a better publicist
2026-06-11 @ 12:26:42Points: 320Comments: 212
Anthropic apologizes for invisible Claude Fable guardrails
2026-06-11 @ 12:05:02Points: 219Comments: 249
Pokémon Go Scans Trained the Navigation Tech for Military Drones
2026-06-11 @ 06:42:06Points: 658Comments: 297
Fully autonomous drones have killed human soldiers for the first time
2026-06-10 @ 13:46:14Points: 151Comments: 118
Emacs appearances in pop culture
2026-06-10 @ 10:37:45Points: 177Comments: 29
Programming a GBA Game on an iPhone
2026-06-09 @ 22:12:20Points: 32Comments: 4
Show HN: Claw Patrol, a security firewall for agents
2026-06-09 @ 16:06:50Points: 68Comments: 22
In order to do this, the agent needs access to real production systems - postgres, kubernetes, gcp, clickhouse, github, etc. But this is dangerous to say the least - we want destructive actions to be reviewed by other LLMs, approved by humans, and logged appropriately.
Claw Patrol terminates TCP connections over WireGuard or Tailscale, then parses application protocols (eg http, postgres, ssh) to apply rules that allow you to deny/allow requests.
There are a few projects that sit as a proxy in front of agents to do secret injection or apply various guardrails, but none met our needs (LLM gateways, MCP proxies, sandboxes), particularly the need to handle low-level protocols, or handle complex real world situations like tunneling postgres through k8s.
Written in Go, configured in HCL, MIT licensed. Happy to answer any questions.