Democrats are desperately trying to revive the click-to-cancel rule (theverge.com)

1 points by pseudolus 1m ago 0 comments

The Reason Your AI Code Becomes Unmaintainable (and How to Fix It) (blog.daviddodda.com)

1 points by DavidDodda 3m ago 0 comments

Tesla opens diner and drive-in movie theater in Hollywood (abc7.com)

2 points by geox 5m ago 0 comments

Show HN: Cryptographic proofs that algorithms stay fair over time [pdf] (github.com)

1 points by skylessdev 6m ago 0 comments

Large ancient Hawaiian petroglyphs uncovered by waves on Oahu (sfgate.com)

1 points by c420 8m ago 0 comments

One in six US workers pretends to use AI to please the bosses (theregister.com)

3 points by mikece 10m ago 0 comments

Nuclear fusion startup claims to have cracked alchemy (telegraph.co.uk)

1 points by austinallegro 14m ago 0 comments

Qwen Code: A command-line AI workflow tool, optimized for Qwen3-Coder models (github.com)

1 points by arcanemachiner 15m ago 0 comments

Algorithms for Modern Processor Architectures (lemire.github.io)

2 points by matt_d 17m ago 0 comments

Lacking Ridership and Revenue, Florida Lauded Private Rail Is Worrying Investor (bloomberg.com)

2 points by us0r 17m ago 1 comments

Launching OpenCommunity Software License (OCSL) Version 1.0 (madalin.me)

1 points by Topfi 22m ago 0 comments

Police officers in Denmark are tackling crime by playing online games with kids (euronews.com)

2 points by PaulHoule 23m ago 0 comments

You lose 23 minutes of focus every Google or GPT use; (wagoo.ai)

1 points by vspuzzler 25m ago 1 comments

Kelp: A UI library for people who love HTML (kelpui.com)

2 points by exiguus 26m ago 1 comments

The Productivity Delusion (octopus.com)

2 points by gpi 27m ago 0 comments

Lonely Diarist of the High Seas (daily.jstor.org)

1 points by bookofjoe 28m ago 0 comments

NASA Saved a Camera 370M Miles Away Near Jupiter (nasa.gov)

4 points by jnord 34m ago 0 comments

Ozzy Osbourne Dead at 76 (nypost.com)

3 points by cable2600 39m ago 1 comments

Trump deflects questions about Epstein probe with accusations about Obama (npr.org)

11 points by duxup 40m ago 2 comments

How to Make a Paper Airplane (foldnfly.com)

1 points by ColinWright 42m ago 0 comments

Antipodes Map – Tunnel to the other side of the world (antipodesmap.com)

1 points by ColinWright 43m ago 1 comments

Building an MCP Server with Clerk, Vercel, and Mintlify (blog.onkernel.com)

1 points by juecd 45m ago 1 comments

FAA says power outage forced postponement of SpaceX TRACERS launch (aol.com)

3 points by Bluestein 48m ago 0 comments

Python 3.14 release candidate 1 is go (pythoninsider.blogspot.com)

3 points by Bogdanp 49m ago 0 comments

Red Sox Pitcher Confronts Commissioner About Gambling, Social Media Threats (newsweek.com)

2 points by spike021 49m ago 3 comments

Thoughts on cloud alerts from the top cloud MDR (groundedcloudsecurity.substack.com)

1 points by mooreds 50m ago 0 comments

Andor and the Psychology of Resistance [audio] (changetechnically.fyi)

1 points by mooreds 50m ago 0 comments

Synthetic Auth Report – Issue 003 (syntheticauth.ai)

1 points by zerolayers 51m ago 1 comments

Ahey – A free and open-source video calling app for the web (ahey.net)

1 points by vasanthv 55m ago 0 comments

Google exec: 'We're going to be combining ChromeOS and Android' (theverge.com)

2 points by ilamont 57m ago 3 comments

Comparing the Glove80 and Maltron Keyboards (tratt.net)

14 points by ltratt 1h ago 2 comments

The Pharaohs Built Pyramids–We Build Data Centers (forbes.com)

1 points by tldrthelaw 1h ago 0 comments

We Are Winning (Update) (honest-broker.com)

1 points by paulpauper 1h ago 0 comments

Inlining in the Glasgow Haskell Compiler:Empirical Investigation and Improvement (era.ed.ac.uk)

2 points by matt_d 1h ago 0 comments

Tooooools.app

1 points by sogen 1h ago 1 comments

Google and OpenAI Get 2025 IMO Gold (thezvi.substack.com)

2 points by paulpauper 1h ago 0 comments

The Perverse Economics of Assisted Suicide (nytimes.com)

3 points by paulpauper 1h ago 0 comments

Sony PXW-Z300: The First Camcorder to Embed Content Authenticity in Video (diyphotography.net)

8 points by mikece 1h ago 0 comments

Apple alerted Iranians to iPhone spyware attacks, say researchers (techcrunch.com)

2 points by mikece 1h ago 0 comments

Aging well according to a longevity researcher (wbur.org)

1 points by brandonb 1h ago 0 comments

Topics in Mathematics with Applications in Finance (ocw.mit.edu)

2 points by ibobev 1h ago 0 comments

Tinyio: A tiny (~200 lines) event loop for Python (github.com)

1 points by tehnub 1h ago 0 comments

Hierarchies and Promotions in Politics: Accountability and Selection (mdpi.com)

1 points by PaulHoule 1h ago 0 comments

Amazon Acquires AI wearables startup Bee (techcrunch.com)

3 points by marc__1 1h ago 1 comments

2025 Scholar Metrics Released (scholar.googleblog.com)

1 points by jeremyscanvic 1h ago 0 comments

Proton completes SoC 2 Type II audit, reinforcing trust for business users (proton.me)

7 points by mikece 1h ago 2 comments

HP owed over $940M by Mike Lynch's estate, ex-business partner, UK court rules (reuters.com)

3 points by petethomas 1h ago 0 comments

Functional Documentation (dzombak.com)

1 points by ingve 1h ago 0 comments

The Food Court 5000 is a Portland-based, retro-fitness, mall-walking movement (foodcourt5k.com)

2 points by mooreds 1h ago 0 comments

The kill ring is a list of blocks of text (gnu.org)

2 points by Bluestein 1h ago 0 comments

Show HN: Runtime Defense Against Prompt Injection in Supabase MCP

3 anand-tan 3 7/22/2025, 4:14:53 PM docs.tansive.io ↗

I wrote this after studying the Supabase MCP prompt injection issue. The blog shows how I built a working defense using an open-source AI agent runtime I’ve been building called Tansive ( https://github.com/tansive/tansive )

Instead of just filtering malicious prompts, I implemented role-based policies with runtime input validation that can scale across combinations of different AI tools (GitHub, Stripe, Linear, etc.).

All the code referenced in the blog is in the examples/supabase_demo folder.

I welcome your feedback — especially from folks working with AI toolchains or security.

Comments (3)

anand-tan · 6h ago

For reference, this was the thread that led me to work on this.

https://news.ycombinator.com/item?id=44502318

vijivishali · 5h ago

Since it's postgres behind the scenes, can't you just use pg roles?

anand-tan · 5h ago

Absolutely. If the tools were only from Supabase, then yes, you could use Postgres roles. However, most people use a combination of tools (GitHub, Stripe, Linear, etc.), and each has different permission models. I wanted to implement a solution that works generically across tools rather than requiring separate security configurations for each service. This doesn't preclude one from limiting the access scope at the database, though.