Story

Show HN: Lightbox – Flight recorder for AI agents (record, replay, verify)

Berticus12 Tuesday, January 27, 2026

I built Lightbox because I kept running into the same problem: an agent would fail in production, and I had no way to know what actually happened.

Logs were scattered, the LLM’s “I called the tool” wasn’t trustworthy, and re-running wasn’t deterministic.

This week, tons of Clawdbot incidents have driven the point home. Agents with full system access can expose API keys and chat histories. Prompt injection is now a major security concern.

When agents can touch your filesystem, execute code, and browse the web…you probably need a tamper-proof record of exactly what actions it took, especially when a malicious prompt or compromised webpage could hijack the agent mid-session.

Lightbox is a small Python library that records every tool call an agent makes (inputs, outputs, timing) into an append-only log with cryptographic hashes. You can replay runs with mocked responses, diff executions across versions, and verify the integrity of logs after the fact.

Think airplane black box, but for your hackbox.

*What it does:*

- Records tool calls locally (no cloud, your infra)

- Tamper-evident logs (hash chain, verifiable)

- Replay failures exactly with recorded responses

- CLI to inspect, replay, diff, and verify sessions

- Framework-agnostic (works with LangChain, Claude, OpenAI, etc.)

*What it doesn’t do:* - Doesn’t replay the LLM itself (just tool calls) - Not a dashboard or analytics platform - Not trying to replace LangSmith/Langfuse (different problem)

*Use cases I care about:*

- Security forensics: agent behaved strangely, was it prompt injection? Check the trace.

- Compliance: “prove what your agent did last Tuesday”

- Debugging: reproduce a failure without re-running expensive API calls

- Regression testing: diff tool call patterns across agent versions

As agents get more capable and more autonomous (Clawdbot/Molt, Claude computer use, Manus, Devin), I think we’ll need black boxes the same way aviation does.

This is my attempt at that primitive.

It’s early (v0.1), intentionally minimal, MIT licensed.

Site: <https://uselightbox.app> install: `pip install lightbox-rec`

GitHub: <https://github.com/mainnebula/Lightbox-Project>

Would love feedback, especially from anyone thinking about agent security or running autonomous agents in production.

Summary
Lightbox is a lightweight, modern, and customizable JavaScript library that provides a simple way to display images and videos in a responsive and accessible lightbox overlay. It offers a range of features, including support for touch gestures, keyboard controls, and customization options.
3 0
Summary
uselightbox.app
Visit article Read on Hacker News