NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
Show HN: Halo – open-source, tamper-evident runtime evidence for AI agents (github.com)
all2 1 hours ago [-]
I'm currently working on an agent framework that has auditability as one of its core promises. I'm glad to see others are working in this domain!

I've seen other products/apps in this space farther up the stack at the API boundary.

What frameworks does your package work with? How does it handle intercept?

brian_kuan 1 hours ago [-]
There's no interception - it runs in-process, so it works with any Python code (with or without a framework). There's a TS version too if your stack is in JS.

Would love to hear more about your agent framework!

all2 40 minutes ago [-]
I don't want to hijack your thread. My email is in my profile, I'd be glad to shoot you an in depth description of what I have so far.
brian_kuan 32 seconds ago [-]
Sending you an email now!
brian_kuan 2 hours ago [-]
PS: please try to break it - if you find that the report does not catch a deleted line, changed number, or modified record, I'd love to know!

And to start a discussion: if you sell or buy AI agent products, what do security reviews ask about them?

ambicapter 1 hours ago [-]
> may have built observability dashboards and audit logs, but those are editable and partisan

Why would these be editable?

brian_kuan 54 minutes ago [-]
Because they live in infrastructure the vendor itself controls - there's some conflict of interest there. Things like retention, rotation, deletion, what gets included/excluded, etc are all decisions the vendor makes. Same reason why compliance requires audits!

The hash chain doesn't make the log unwritable, it makes any edit detectable.

nf-x 1 hours ago [-]
Looks very slop, but it’s a good idea. The main difficulty is that no big name is hosting a witness.
brian_kuan 59 minutes ago [-]
Fair point - I am a marketer by training and built this with some help from Claude! But appreciate the love.

If you find something/have feedback, please let me know and I'll gladly fix it.

Separately - 100% agree on the witness - only someone/thing outside the vendor can prove nothing was omitted. Who do you think fills that gap - is it an audit firm (my world), a standards body, or something else?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 21:41:49 GMT+0000 (Coordinated Universal Time) with Vercel.