| I got tired of "Security Prompts" being the only thing stopping AI agents from blowing up production. Hi HN, I’ve spent the last few months looking at how we deploy autonomous agents. The current standard is basically: "Put it in a system prompt and hope the LLM doesn't hallucinate a $50k refund." As someone who has managed organizational authority for a decade (People Ops), this felt like a massive liability gap. Prompt engineering is probabilistic; security needs to be deterministic. I built Reg.run to move the "Stop Button" out of the prompt and into the execution layer. How it works technically: The Sidecar: We use a local WASM-based proxy that sits next to the agent. The Protocol: It intercepts Model Context Protocol (MCP) or standard API calls in real-time. Policy-as-Code: Every action is checked against a rigid schema (e.g., MaxSpend: 100) before it’s signed and sent. Performance: Sub-1ms latency. No data leaves your VPC. It’s early, but the goal is to provide a physical "human-on-the-loop" gate mandated by the EU AI Act (Article 14) without breaking the autonomy of the agent. I’m a solo founder and I’m around to answer any questions about the WASM implementation or the permission logic. I'd love your feedback on this. |