Hey HN,
Most of us want to run autonomous agents like OpenClaw locally, right on our daily-driver machines. We want them to actually interact with our files, our IDEs, and our real local workflows.
But doing that right now is a security nightmare. A hallucinating (or hijacked) agent with raw system access is basically local remote code execution waiting to wipe a directory or leak an SSH key.
The current workarounds are terrible:
The Hardware Air-Gap: Buying a dedicated Mac Mini or a secondary cheap laptop just to run agents safely.
The Cloud: Spinning up a VPS, which adds annoying latency, costs money, and completely kills the "local-first" advantage.
Containers: Shoving the agent in a Docker container. It’s clunky, and it completely lobotomizes the agent because it can no longer see or interact with your actual host OS where your real work lives.
I got fed up and built Raypher.
Raypher is a bare-metal security architecture specifically designed for AI agents. It lets you run agents directly on your host machine while keeping them on a cryptographically tight leash.
How the Alpha works under the hood:
Zero-Touch Interception: You don't have to rewrite your Python/Node agent scripts. Raypher currently uses transparent system proxy injection (netsh portproxy on Windows) to catch all agent traffic automatically.
Hardware Identity: We bind the agent's session cryptographically to your physical TPM 2.0 chip.
The Policy Engine: Every request is evaluated against strict budget, domain, and time-restriction policies. If it tries to phone home to a weird domain, it gets blocked. It also runs local DLP to automatically redact API keys or any sensitive information that you can custom to be redacted before they hit the stream.
We will distribute it as a single script that sets up the interception and launches a local Command Center dashboard so you can watch your agents get secured in real-time.
(Transparency note: The heavy kernel-level eBPF/WFP hooks are currently in development, but this proxy MVP proves the hardware-bound Policy Engine actually works).
join the waitlist/architecture is at raypherlabs.tech to be the first to be notified when we launch
Hey all, I built babyshark, a terminal UI for PCAPs aimed at people who find Wireshark powerful but overwhelming.
The goal is “PCAPs for humans”: Overview dashboard answers what’s happening + what to click next
Domains view (hostnames first) → select a domain → jump straight to relevant flows (works even when DNS is encrypted/cached by using observed IPs from flows)
Weird stuff view surfaces common failure/latency signals (retransmits/out-of-order hints, resets, handshake issues, DNS failures when visible)
From there you can drill down: Flows → Packets → Explain (plain-English hints) / follow stream
Commands: Offline: babyshark --pcap capture.pcap
Live (requires tshark): babyshark --list-ifaces then babyshark --live en0
Repo + v0.1.0 release: https://github.com/vignesh07/babyshark
Would love feedback on UX + what “weird detectors” you’d want next.
by a_protsyuk ·
I have 2,600+ notes in Apple Notes and can barely find anything.
My kid just dumps everything into Telegram saved messages. Running a small research - curious what systems people actually use (not aspire to use).
Do you have a setup that works or is everything scattered across 5 apps like mine?
Hey HN,
I got tired of the friction in building and sharing wishlists. Most platforms (like Amazon) are either walled gardens or require arbitrary account creation for the people actually trying to buy the gift, which leads to huge drop-off and everyone just reverting to texting each other.
I built wish.dog to be the fastest possible execution of a wishlist utility. The goal was: "From intention to a shareable list in under 30 seconds."
The Challenges:
The hardest part was engineering the "claiming" system for guests without requiring authentication. I had to compromise by asking for email, but mostly I rely on local storage and session fingerprints. I focused heavily on mobile performance since 90% of list-sharing happens via WhatsApp or similar.
It's completely free. I'd love feedback on the performance, the gifter experience, and the overall UI snappiness. Happy to answer any questions about the stack or the build!
ArchivioMD + ArchivioID — Markdown file management, cryptographic post signing, and Git-anchored integrity for WordPress
In February 2023, a developer named James Tomasino wrote about signing blog posts with GPG keys and ended with one line:
"If you're using WordPress, you'll need to find some other path forward."
That sat unanswered for two years. I built the path forward — and the foundation it runs on. Two GPL plugins.
ArchivioMD solves a problem every WordPress site on managed hosting hits eventually: you need files at the site root security.md, privacy.md, disclosure.md, robots.txt and you have no FTP access to put them there.
The plugin manages 30+ predefined Markdown documents from the WordPress admin, writes them to wherever the server will accept them (.well-known/meta-docs/ site root uploads fallback), and serves them via WordPress rewrite rules so they appear at the correct URL regardless of physical location. Every document gets a UUID, a checksum, and an append-only changelog. No more one-off file placements nobody can audit or reproduce.
On top of that: cryptographic hash verification for posts (SHA-256 through BLAKE3, HMAC mode, hash_equals() throughout), external Git anchoring that pushes JSON integrity records to GitHub or GitLab via a persistent queue with exponential backoff, HTML rendering of Markdown files, compliance tooling, and sitemap management. ArchivioID is the OpenPGP signing extension. Authors sign posts locally with their own GPG key — private key never touches the server.
A badge appears on published posts. Any reader can verify with standard GPG tools, no WordPress required. Server-side verification handles Ed25519 via libsodium, RSA and ECDSA via phpseclib v3. Browser signing via OpenPGP.js for editors who aren't comfortable with a terminal. Full audit log with CSV export. The proof outlives the platform.
ArchivioMD (WordPress.org): https://wordpress.org/plugins/archiviomd
ArchivioMD (GitHub): https://github.com/MountainViewProvisions/archiviomd
ArchivioID (GitHub): https://github.com/MountainViewProvisions/ArchivioID/release... PHP 7.4+, WordPress 6.0+, phpseclib v3, OpenPGP-PHP, OpenPGP.js, libsodium, GPL-2.0.
by quinAI ·
I've built the MVP for a fintech app but i have not pushed it into agentic territory yet. How do you think about doing this with existing tools (recs?) against the accumulation of tech debt a technical partner will eventually have to unwind?
by andrewstuart ·
Hi HN,
I built Habitless because I found that most trackers focus on building new routines, but the psychological challenge of quitting an addiction (like nicotine, alcohol, or even social media) requires a different approach.
I wanted a high-precision dashboard that treats recovery like a mission. I just released an update that adds iCloud sync and milestone notifications.
Key features:
Precision Streak Counter: Tracks your progress down to the second.
Financial Savings: A real-time tracker showing exactly how much money you’ve reclaimed.
Privacy: No third-party tracking. All data is backed up via iCloud/CloudKit.
Milestone System: Psychological badges to gamify the recovery process.
I’d love to hear your thoughts on the UI or the iCloud implementation.
App Store: https://apps.apple.com/us/app/habitless-quit-addiction/id675...
by felixkariuki_m ·
Break bad habits and track your recovery.
Break the cycle. Reclaim your freedom. Habitless is the science-backed tracker built specifically for the discipline of quitting. Whether it’s smoking, alcohol, vaping, or social media, Habitless provides the visual proof and psychological tools you need to stop addictions for good and stay sober. WHY HABITLESS? Most apps track new routines. Habitless tracks your freedom. By combining high-precision streak counting with real-time financial savings, we turn your recovery into a rewarding journey you can actually see.
KEY FEATURES • Precision Streak Counter: Track your sobriety down to the second. See exactly how long you’ve been habit-free with our emerald-on-black interface. • Financial Savings Tracker: See the real-world impact. Input your daily spend on cigarettes or drinks and watch your total savings grow in real-time. • Milestone Journey & Badges: Unlock 20+ psychological badges as you progress from "24 Hours Clean" to "Long-term Freedom." • Smart Notifications: Stay motivated with alerts the moment you hit a new milestone or savings goal. • iCloud Sync & Backup: Your progress is safe. All streaks and savings are automatically backed up and synced across your Apple devices. • Relapse Insights: Log triggers like Stress or Boredom to identify patterns and strengthen your defense for your next streak. WHAT YOU CAN QUIT: • Substances: Quit smoking, stop vaping, stay sober from alcohol, or track weed-free days. • Health: Cut out sugar, quit junk food, stop caffeine, or end binge eating. • Digital: Break social media addiction, stop mindless scrolling, or quit gaming. • Finances: Stop impulse shopping, gambling, or expensive daily habits. TOTAL PRIVACY & DESIGN Your journey is personal. Habitless features a minimalist, private interface with no ads. We prioritize your focus on recovery. Disclaimer: Habitless is a tracking tool and not a substitute for professional medical advice or addiction treatment. Always consult a healthcare provider for medical concerns.