HN Reader

GPT-5 (openai.com)

2053 points by rd 9d ago 2478 comments

Fight Chat Control (fightchatcontrol.eu)

1455 points by tokai 6d ago 493 comments

GitHub is no longer independent at Microsoft after CEO resignation (theverge.com)

1448 points by Handy-Man 5d ago 1115 comments

I tried every todo app and ended up with a .txt file (al3rez.com)

1367 points by al3rez 5d ago 784 comments

Claude Sonnet 4 now supports 1M tokens of context (anthropic.com)

1310 points by adocomplete 4d ago 690 comments

Ultrathin business card runs a fluid simulation (github.com)

1124 points by wompapumpum 8d ago 218 comments

I want everything local – Building my offline AI workspace (instavm.io)

1123 points by mkagenius 8d ago 285 comments

Wikipedia loses challenge against Online Safety Act (bbc.com)

1096 points by phlummox 5d ago 850 comments

Streaming services are driving viewers back to piracy (theguardian.com)

1079 points by nemoniac 2d ago 880 comments

FFmpeg 8.0 adds Whisper support (code.ffmpeg.org)

1005 points by rilawa 3d ago 322 comments

Emailing a one-time code is worse than passwords (blog.danielh.cc)

986 points by max__dev 9d ago 789 comments

Debian 13 “Trixie” (debian.org)

959 points by ducktective 7d ago 409 comments

Steve Wozniak: Life to me was never about accomplishment, but about happiness (yro.slashdot.org)

916 points by MilnerRoute 2d ago 594 comments

Vibechart (vibechart.net)

873 points by datadrivenangel 9d ago 189 comments

Claude Code is all you need (dwyer.co.za)

836 points by sixhobbits 5d ago 503 comments

VC-backed company just killed my EU trademark for a small OSS project

825 points by marcjschmidt 4d ago 241 comments

Why LLMs can't really build software (zed.dev)

819 points by srid 2d ago 478 comments

Gemma 3 270M: Compact model for hyper-efficient AI (developers.googleblog.com)

795 points by meetpateltech 2d ago 306 comments

Nginx introduces native support for ACME protocol (blog.nginx.org)

787 points by phickey 3d ago 294 comments

Show HN: The current sky at your approximate location, as a CSS gradient (sky.dlazaro.ca)

779 points by dlazaro 7d ago 160 comments

Claude says “You're absolutely right!” about everything (github.com)

760 points by pr337h4m 3d ago 528 comments

PYX: The next step in Python packaging (astral.sh)

745 points by the_mitsuhiko 3d ago 459 comments

Good system design (seangoedecke.com)

723 points by dondraper36 17h ago 319 comments

Open hardware desktop 3D printing is dead? (josefprusa.com)

699 points by rcarmo 1d ago 424 comments

How I code with AI on a budget/free (wuu73.org)

692 points by indigodaddy 7d ago 240 comments

Show HN: Building a web search engine from scratch with 3B neural embeddings (blog.wilsonl.in)

659 points by wilsonzlin 4d ago 115 comments

Try and (ygdp.yale.edu)

658 points by treetalker 6d ago 333 comments

This website is for humans (localghost.dev)

641 points by charles_f 3d ago 349 comments

GPT-5: Key characteristics, pricing and system card (simonwillison.net)

640 points by Philpax 9d ago 295 comments

Wikimedia Foundation Challenges UK Online Safety Act Regulations (wikimediafoundation.org)

633 points by danso 5d ago 4 comments

OpenFreeMap survived 100k requests per second (blog.hyperknot.com)

607 points by hyperknot 7d ago 133 comments

I accidentally became PureGym’s unofficial Apple Wallet developer (drobinin.com)

602 points by valzevul 1d ago 162 comments

Jim Lovell, Apollo 13 commander, has died (nasa.gov)

584 points by LorenDB 8d ago 114 comments

Search all text in New York City (alltext.nyc)

578 points by Kortaggio 4d ago 116 comments

Ask HN: How can ChatGPT serve 700M users when I can't run one GPT-4 locally?

565 points by superasn 8d ago 364 comments

What's the strongest AI model you can train on a laptop in five minutes? (seangoedecke.com)

556 points by ingve 4d ago 191 comments

Historical Tech Tree (historicaltechtree.com)

543 points by louisfd94 9d ago 128 comments

Why are there so many rationalist cults? (asteriskmag.com)

534 points by glenstein 4d ago 899 comments

Meta Leaks Part 1: Israel and Meta (archive.org)

521 points by icw_nru 5d ago 180 comments

The future of large files in Git is Git (tylercipriani.com)

517 points by thcipriani 1d ago 251 comments

Cursed Knowledge (immich.app)

515 points by bqmjjx0kac 9d ago 157 comments

The Chrome VRP Panel has decided to award $250k for this report (issues.chromium.org)

513 points by alexcos 5d ago 270 comments

Monero appears to be in the midst of a successful 51% attack (twitter.com)

503 points by treyd 4d ago 273 comments

The Framework Desktop is a beast (world.hey.com)

494 points by lemonberry 8d ago 445 comments

GPT-OSS vs. Qwen3 and a detailed look how things evolved since GPT-2 (magazine.sebastianraschka.com)

486 points by ModelForge 6d ago 97 comments

Flipper Zero dark web firmware bypasses rolling code security (rtl-sdr.com)

485 points by lq9AJ8yrfs 9d ago 312 comments

Getting good results from Claude Code (dzombak.com)

484 points by ingve 8d ago 200 comments

Occult books digitized and put online by Amsterdam’s Ritman Library (openculture.com)

478 points by Anon84 1d ago 193 comments

StarDict sends X11 clipboard to remote servers (lwn.net)

477 points by pabs3 4d ago 322 comments

AI is different (antirez.com)

468 points by grep_it 3d ago 784 comments

Show HN: Scoped, expiring API keys for AI agents

4 lexokoh 4 8/16/2025, 2:42:38 PM github.com ↗
I’ve been experimenting with AI agents lately, and one problem kept coming up: they either get a raw API key with full access or nothing at all. That’s risky, especially if you’re testing agents that can make arbitrary calls.

So I hacked together a tiny package called Kage Keys - https://github.com/kagehq/keys

It lets you wrap agent actions with scoped, short-lived tokens instead of handing over your real API keys.

Example:

```js import { withAgentKey, getLogs } from "@kagehq/keys";

async function main() { await withAgentKey("github:repos.read", async () => { console.log("Agent is calling GitHub API..."); });

  console.log(await getLogs());
}

main();

Right now it:

- Generates scoped, expiring tokens (default 10s)

- Logs every action to kage-keys.log

- Works as a drop-in wrapper for async functions

It’s just an MVP (tokens are fake UUIDs), but I want to see if developers find this helpful before building the production version with real crypto + proxy enforcement.

Repo: https://github.com/kagehq/keys

npm: https://www.npmjs.com/package/@kagehq/keys

Would love feedback, especially from anyone running agents in production or dealing with API key sprawl.

Comments (4)

skyzouwdev · 4h ago
Makes sense — handing full API keys to agents is a huge risk surface. Even with fake UUIDs at MVP stage, the scoped/expiring pattern seems useful. Curious if you’ve thought about integrating with existing secrets managers (Vault, Doppler, etc.) instead of rolling custom crypto later on.
lexokoh · 59m ago
Thank you. Yes, it's one of the things I'm already looking into. So will work well with any Secrets manager, not compete with them.

Curious if you'd want to use it?

sinharishabh · 9h ago
interesting project, what is the primary use-case for something like this? i'm still giving the agent access anyway or is it just scoped-access? i'm trying to understand how the short-lived nature of these keys can help
lexokoh · 9h ago
Thank you. Instead of giving the agent your real API key, it gets a scoped, short-lived capability (e.g. “can post 1 message to Slack channel X in the next 30s”).

The short-lived nature means that if the token is leaked or the agent goes rogue, the blast radius is tiny, you can instantly revoke/deny new mints, and you get full audit and policy control. It turns “here’s my permanent master key” into “here’s a disposable permit slip for just this action.”

Let me know if that makes sense.