Hi, thanks for posting this. I appreciate you not coming from engineering and being laser focused on product building.
There's a real gap identified (execution permission instead of output guardrails). The timing concern is valid (we're scaling agent framework way faster than security infrastructure — see Clawdbot-Moltbot). The default-deny + time-boxed permissions + audit logs is a solid model, easy to discuss at high-level with security teams in an org. The "Auth0 for AI Agents" framing is clear and positions it well.
Actually, the audit log piece is really huge. Having a complete execution trace with authorization decisions is invaluable for incident response. That alone might justify adoption even if the blocking mechanism is imperfect.
My concerns and questions:
- Where exactly does this sit? If it's between the agent and tool calls, that's relatively straightforward. If it needs to intercept arbitrary code execution or API calls, that's significantly harder.
- Adding another authorization layer means more setup, more policy configuration, more potential points of failure. Adoption challenge.
- Who defines what's "allowed"? In what format? How granular? Actually expressing "this agent can do X in context Y at time Z" in a way that's both powerful and usable, that's the whole ballgame (IMHO). I have in mind how complex AWS IAM policies got, and those are for relatively static systems. AI agents are dynamic, context-dependent, and probabilistic.
- By the time Reg sees a request to execute, the LLM has already decided. What happens when you block it? Does the agent gracefully handle denials and retry with different approaches?
I'd be interested in seeing real-world policy examples from your design partners. That'll tell you whether you've found the right abstraction layer.
Congratulations for just framing the idea and getting this far. Being very concerned about the current free-wheeling AI expansion with minimal security, I strongly believe this is going in the right direction and would like to know where this leads.
Thanks for the thoughtful questions! You've identified exactly the right challenges I am also facing, solution wise.
> Where exactly does this sit?
Between agent reasoning and tool execution. The agent/framework calls Reg.Run before executing any tool/action. The Pattern would be:
1. Agent decides: "I should refund $250"
2. Calls Authorization Protocol/authorize with action details
3. Reg.Run evaluates policy → approved/denied/requires_approval
4. If approved, agent proceeds. If denied, agent knows immediately.
Integration points: LangChain/LangGraph tools, MCP servers, custom agent frameworks. We provide middleware that wraps tool calls.
> Adoption challenge (more setup, more config)
Valid concern tbh - I think this was the most difficult part of thinking about Reg.. Specially because I didn't know where to start. After speaking with Engineers and friends I came to this:
- Start with sane defaults (deny-all, then allowlist incrementally)
- Pre-built policies for common patterns (refunds, data access, transfers)
- Dashboard UI for ops teams (no code/policy language needed)
- Gradual rollout: monitor-only mode first, then enforce
I would like to do adoption easier, with a good UX, not just spec.
> Who defines what's "allowed"?
Great question, Trying to llearn this with design partners right now.
My current thoughts/ approach: Three-tier system
- Simple rules (amount thresholds, time windows) → YAML config
- Business context (customer LTV, fraud flags) → external data lookups
- Complex logic → delegate to approval workflow
You're right that AWS IAM got unwieldy. We're trying to avoid that by:
1. Keeping policies human-readable (ops teams, not just engineers)
2. Starting simple, adding complexity only when needed
3. Approval workflows as escape hatch (when policy can't decide)
The abstraction I'm testing: "auto-approve simple cases, require human judgment for edge cases, deny obviously bad things." Keeping it fairly simple and evolve from there.
Thank you so much for reading, giving feedback - and most importantly - making my think!
Actually, "esprit d'escalier" is indeed used in French, though less commonly, especially outside of literary contexts. It refers specifically to the inability to come up with a timely response or comeback (and the frustration of finding the "perfect" reply when the conversation is already over). On the other hand, "présence d'esprit" has a broader usage in everyday language. It can mean having a quick and witty response (the opposite of "esprit d'escalier"), or more broadly, the sudden ability to judge and react appropriately in a situation.
It's very good. I've tried it after hesitating a bit because of the price tag compared to Khan Academy — no regrets.
K.A. is great and I still use with my kid, but M.A. is more condensed and to the point for my needs. I was properly guided through the first program choices according to my profile, and the diagnostic exam you start with was perfect to highlight what I actually need to work on given my limited time.
Explanations and courses are super condensed, with the right amount of example and pedagogy that clicks for me.
It goes even deeper than getting laid if you study Costume History and its psychological importance.
It is a powerful medium of self-expression and social identity yes, deeply rooted in human history where costumes and attire have always signified cultural, social, and economic status.
Drawing from tribal psychology, it fulfills an innate human desire for belonging and individuality, enabling people to communicate their affiliation, status, and personal values through their choice of clothing.
It has always been and will always be part of humanity, even if its industrialization in Capitalistic societies like ours have hidden this fact.
Clothing is important in that sense, but fashion as a changing thing and especially fast fashion isn't. I suppose it can be a nice hobby for some, but for society as a whole it's at best a wasteful zero-sum pursuit.
> fashion industry in general is useless to society
> rich jobless people need a place to hangout
You're talking about an industry that generates approximately $1.5 trillion globally, employing more than 60 million people globally, from multi-disciplinary skills in fashion design, illustration, web development, e-commerce, AI, digital marketing.
As a secular Jew in Western Europe, I've distanced myself from my religious community due to its insistence on tying my identity to Israel. Where I live, it's less taboo to critique Israel than in the U.S., but still tricky.
Advocates of Israel's right-wing politics have blurred the line between criticizing Israel and anti-Semitism, an endeavor helped by actual anti-Semites. I've grown up with these supporters, but can't quite call them a "lobby" due to their loose organization and lesser influence here compared to the U.S.
Speaking out brings risks: being labeled a leftist extremist, clashing with fellow Jews, or unwittingly aiding anti-Semites. And that's if you are Jew.
This creates a pervasive, cautious silence that I imagine is even more stifling in countries with highly organized pro-Israel lobbying.
I was once "reported to ADL" for my anti-Semitism.
My horrid crime that made me literally Hitler?
Disagreement if a tag should be named "jews" or "judaism" on the Politics Stack Exchange site. I made an off-hand comment that I renamed the tag from "jews" to "judaism" and the very first response was that I had been "reported to the ADL" (whether they actually did: who knows? Probably not).
That such an incredibly boring, banal, and benign disagreement exploded in accusations of anti-Semitism so quickly has made me rather distrustful of these accusations in general unless I can verify things. Anti-Semitism is real, but so are narcissistic people abusing it to "win the argument". If you need to defend yourself with "but I'm not anti-Semitic!" then you've already kind of lost the argument, right?
One of my favorite books is “Kindly Inquisitors” by Jonathan Rauch. Highly recommended. Among its core messages is that accusations of bias are often used to stop discourse. The strongest response against a factual claim is that it’s wrong. Not that it’s racist, anti-Semitic, homophobic, etc.
“If there be time to expose through discussion, the falsehoods and fallacies, to avert the evil by the processes of education, the remedy to be applied is more speech, not enforced silence.”
It's less about your Jewish identity tied to Israel and more about you and your identity not tied to the country you live. It's two sides of the same coin and the argument is much older than Israel. Your loyalty will be always questioned it's just that now it has more "Israeli flavor".
Different people, same idea. Things didn't change much since the Dreyfus affair.
> Where I live, it's less taboo to critique Israel than in the U.S., but still tricky.
Is it really so hard to "critique" Israel? I see daily calls for Israel to be abolished one way or the other (either violently with the help of Iran or with a Palestinian return). You can hear these opinions from politicians, on the news and social media, campuses and schools.
You might be labeled as a leftist as you said because this is generally a leftist stance, that's fair no? If I held a rightwing view I will probably be labeled as a right winger.
Most Israelis I know think twice before they identify as Israelis in certain parts of Europe, they don't want a random cab driver to start lecturing them about apartheid (or do something worse).
So I'm really intrigued why you think its such a taboo thing to criticize Israel or even openly call for its destruction.
There's a real gap identified (execution permission instead of output guardrails). The timing concern is valid (we're scaling agent framework way faster than security infrastructure — see Clawdbot-Moltbot). The default-deny + time-boxed permissions + audit logs is a solid model, easy to discuss at high-level with security teams in an org. The "Auth0 for AI Agents" framing is clear and positions it well.
Actually, the audit log piece is really huge. Having a complete execution trace with authorization decisions is invaluable for incident response. That alone might justify adoption even if the blocking mechanism is imperfect.
My concerns and questions:
- Where exactly does this sit? If it's between the agent and tool calls, that's relatively straightforward. If it needs to intercept arbitrary code execution or API calls, that's significantly harder.
- Adding another authorization layer means more setup, more policy configuration, more potential points of failure. Adoption challenge.
- Who defines what's "allowed"? In what format? How granular? Actually expressing "this agent can do X in context Y at time Z" in a way that's both powerful and usable, that's the whole ballgame (IMHO). I have in mind how complex AWS IAM policies got, and those are for relatively static systems. AI agents are dynamic, context-dependent, and probabilistic.
- By the time Reg sees a request to execute, the LLM has already decided. What happens when you block it? Does the agent gracefully handle denials and retry with different approaches?
I'd be interested in seeing real-world policy examples from your design partners. That'll tell you whether you've found the right abstraction layer.
Congratulations for just framing the idea and getting this far. Being very concerned about the current free-wheeling AI expansion with minimal security, I strongly believe this is going in the right direction and would like to know where this leads.
reply