Story

Show HN: Raypher–Sandboxing local AI agents(OpenClaw)on your own local computer

Kidiga Monday, February 23, 2026

Hey HN,

Most of us want to run autonomous agents like OpenClaw locally, right on our daily-driver machines. We want them to actually interact with our files, our IDEs, and our real local workflows.

But doing that right now is a security nightmare. A hallucinating (or hijacked) agent with raw system access is basically local remote code execution waiting to wipe a directory or leak an SSH key.

The current workarounds are terrible:

The Hardware Air-Gap: Buying a dedicated Mac Mini or a secondary cheap laptop just to run agents safely.

The Cloud: Spinning up a VPS, which adds annoying latency, costs money, and completely kills the "local-first" advantage.

Containers: Shoving the agent in a Docker container. It’s clunky, and it completely lobotomizes the agent because it can no longer see or interact with your actual host OS where your real work lives.

I got fed up and built Raypher.

Raypher is a bare-metal security architecture specifically designed for AI agents. It lets you run agents directly on your host machine while keeping them on a cryptographically tight leash.

How the Alpha works under the hood:

Zero-Touch Interception: You don't have to rewrite your Python/Node agent scripts. Raypher currently uses transparent system proxy injection (netsh portproxy on Windows) to catch all agent traffic automatically.

Hardware Identity: We bind the agent's session cryptographically to your physical TPM 2.0 chip.

The Policy Engine: Every request is evaluated against strict budget, domain, and time-restriction policies. If it tries to phone home to a weird domain, it gets blocked. It also runs local DLP to automatically redact API keys or any sensitive information that you can custom to be redacted before they hit the stream.

We will distribute it as a single script that sets up the interception and launches a local Command Center dashboard so you can watch your agents get secured in real-time.

(Transparency note: The heavy kernel-level eBPF/WFP hooks are currently in development, but this proxy MVP proves the hardware-bound Policy Engine actually works).

join the waitlist/architecture is at raypherlabs.tech to be the first to be notified when we launch

Summary
Raypherlabs.tech is a technology company that specializes in developing innovative solutions using cutting-edge technologies such as artificial intelligence, machine learning, and data analytics. The website provides information about the company's services, expertise, and portfolio of successful projects.
1 0
Summary
raypherlabs.tech
Visit article Read on Hacker News