← Back to Product Feed

Hacker News Show HN: AgentPort – Open-source Security Gateway For Agents

A gateway that provides granular permissions for agent interactions with third-party services, addressing destructive operations and credential exfiltration, positioned as a missing piece for running autonomous agents securely.

5
Traction Score
1
Discussions
Apr 30, 2026
Launch Date
View Origin Link

Product Positioning & Context

AI Executive Synthesis
A gateway that provides granular permissions for agent interactions with third-party services, addressing destructive operations and credential exfiltration, positioned as a missing piece for running autonomous agents securely.
AgentPort directly addresses critical security and governance challenges in enterprise AI adoption. The 'granular permissions' and 'human approval' for destructive operations are essential for mitigating risks like data deletion and unauthorized actions, which are major barriers to deploying autonomous agents in production. Preventing 'credential exfiltration' by abstracting API keys further enhances security. This open-source gateway provides a vital control plane for B2B SaaS, enabling organizations to leverage AI agent benefits while maintaining strict oversight and compliance. It fills a crucial gap in the agent ecosystem, moving beyond an 'all-or-nothing' risk posture to a controlled, auditable deployment model.
Hey HN!I've been wanting to use something like OpenClaw for a while but couldn't get myself to give it access to anything important due to all the risks involved. Prompt injection is still a problem (even though some people seem to ignore it) and so are hallucinations and mishaps that cause agents to do things like delete production data [1].Even harnesses like Claude Code and Codex are subject to this, particularly since we're getting progressively looser about how we run them e.g. Conductor is really popular and runs agents without any sandboxing.That means we're in a bit of an all-or-nothing situation. There are people who just ignore the risks and connect everything to their agents and reap benefits from it while being subject to more risk, and there are others that just don't connect anything because they are mindful of the potential issues.I've been quite cautious but have wanted to run more autonomous agents and so I built the component I needed to enable me to do so: AgentPort.AgentPort is a gateway that connects to any service (e.g. Gmail, GitHub, Stripe, PostHog, Linear) and let's you set granular permissions for what the agent can do automatically, what it needs your approval for, and what it can never do.For example, you can set `list_customers` and `get_customer` on the Stripe integration to "Auto-approve" but `create_refund` to "Ask for approval". The agent will thus be able to do a lot in the background independently but when it comes to a potentially destructive operation it will be blocked and receive an approval link to send to you. You can then approve or deny the call with those exact parameters e.g. `create_refund(customer_id: 1234, amount: 12)`.Agents connect via MCP or CLI and have access to all the integrations you connected without ever getting API keys. Kind of like Composio but with granular permissions and open source.The goal with AgentPort is to specifically address two vulnerabilities that agents are subject to:1. Destructive operations on downstream services: It can't delete a database unless you explicitly approve 2. Credential exfiltration: Your agent never sees API keysAgentPort also helps with sensitive data exfiltration, but that is more nuanced and complicated to defend against if the agent has an internet connection [2].Ultimately, AgentPort was the missing piece for me to start running more autonomous agents that have access to third-party services, and hopefully it can unlock use cases for you too. There's a ton more work needed around securing agents (Claws in particular) and I've both been writing about it [3] and intend to do more in this space, so if you're thinking about similar things let's have a chat.The repo is https://github.com/yakkomajuri/agentport and you can run it locally with docker compose in a minute or use the one-liner install to deploy a prod instance (domain, TLS, etc.) in just a few mins as well.[1] "An AI agent deleted our production database. The agent's confession is below" (https://news.ycombinator.com/item?id=47911524)[2] See my post "On agents dropping production databases": https://yakko.dev/blog/on-agents-dropping-production-dbs[3] https://yakko.dev/blog
Security Gateway granular permissions prompt injection hallucinations destructive operations credential exfiltration API keys MCP

Related Ecosystem & Alternatives

Discover adjacent products, open-source repositories, and developer tools sharing similar technical architecture.

Deep-Dive FAQs

What is AgentPort – Open-source Security Gateway For Agents?
AgentPort – Open-source Security Gateway For Agents is analyzed by our AI as: A gateway that provides granular permissions for agent interactions with third-party services, addressing destructive operations and credential exfiltration, positioned as a missing piece for running autonomous agents securely.. It focuses on AgentPort directly addresses critical security and governance challenges in enterprise AI adoption. The 'granular permissions' and 'human approval'...
Where did AgentPort – Open-source Security Gateway For Agents originate?
Data for AgentPort – Open-source Security Gateway For Agents was aggregated directly from the Hacker News community ecosystem, representing raw developer and early-adopter sentiment.
When was AgentPort – Open-source Security Gateway For Agents publicly launched?
The initial public indexing or launch date for AgentPort – Open-source Security Gateway For Agents within our tracked developer communities was recorded on April 30, 2026.
How popular is AgentPort – Open-source Security Gateway For Agents?
AgentPort – Open-source Security Gateway For Agents has achieved measurable traction, logging over 5 traction score and facilitating 1 recorded discussions or engagements.
Which technical categories define AgentPort – Open-source Security Gateway For Agents?
Based on metadata extraction, AgentPort – Open-source Security Gateway For Agents is categorized under topics such as: Security Gateway, granular permissions, prompt injection, hallucinations.
What are some commercial alternatives to AgentPort – Open-source Security Gateway For Agents?
Our semantic intelligence engine identifies potential commercial alternatives in the SaaS space, such as SocialKaptan, which offers overlapping value propositions.
How does the creator describe AgentPort – Open-source Security Gateway For Agents?
The original author or development team describes the product as follows: "Hey HN!I've been wanting to use something like OpenClaw for a while but couldn't get myself to give it access to anything important due to all the risks involved. Prompt injection is still a proble..."

Community Voice & Feedback

No active discussions extracted yet.

Discovery Source

Hacker News Hacker News

Aggregated via automated community intelligence tracking.

Tech Stack Dependencies

No direct open-source NPM package mentions detected in the product documentation.

Media Tractions & Mentions

No mainstream media stories specifically mentioning this product name have been intercepted yet.

Deep Research & Science

No direct peer-reviewed scientific literature matched with this product's architecture.