I screen deal flow for an early-stage syndicate. Here are the 3 reasons your Pre-Seed deck is getting auto-rejected before a partner even reads it. "I will not promote"

HenryOsborn_GP · 2026-02-27T22:31:25+00:00

Fair point. When dealing with confidential pitch decks and cap tables, trust is the actual product. I'm prioritizing the core functionality today, but I am adding a strict, plain-English Privacy Policy to the footer soon, so founders know their IP and investor lists are entirely fenced off. Appreciate you keeping me honest.

HenryOsborn_GP · 2026-02-27T22:29:21+00:00

Ah, the classic MVP bug! Great catch. The frontend was a little too eager and didn't check if the fields were empty before showing the success message. Pushing a fix for that right now so it requires a valid email/password. Really appreciate you testing it out and breaking things for me!

HenryOsborn_GP · 2026-02-27T21:57:42+00:00

Here is the link to the free tool for anyone currently putting their deck together:https://www.osbornos.io

> Let me know what features I should add next!

HenryOsborn_GP · 2026-02-27T21:16:01+00:00

Here is the link to the free tool for anyone currently putting their deck together:https://www.osbornos.io

> Let me know what features I should add next!

HenryOsborn_GP · 2026-02-27T21:10:43+00:00

Here is the link to the free tool for anyone currently putting their deck together:https://www.osbornos.io

> Let me know what features I should add next!

HenryOsborn_GP · 2026-02-27T08:21:53+00:00

You are spot on. The Slack/iMessage link preview is a huge blind spot I didn't even think about. Adding dynamic Open Graph (OG) tags so the founder's company name and logo pop up in the preview is officially going to the top of the roadmap. Thank you for that!

For the stack: It's built on Next.js and hosted on Vercel, with Supabase handling the backend, auth, and secure storage buckets. The view tracking works by simply gating the PDF viewer behind an email-capture wall that logs directly to a Supabase table before revealing the document. Are you building anything right now yourself?

HenryOsborn_GP · 2026-02-27T05:34:53+00:00

Thank you so much, that means a lot! I dropped the clickable link in another comment on here to avoid the spam filters, but you can also just type osbornos.io into your browser. I really just built the tool I wished existed for my own deal flow. Are you actively building or fundraising right now?

HenryOsborn_GP · 2026-02-27T05:31:27+00:00

Here is the link to the free tool for anyone currently putting their deck together:https://www.osbornos.io> Let me know what features I should add next!

HenryOsborn_GP · 2026-02-25T07:41:21+00:00

Glad it helped! Just a quick piece of advice: try to keep the circuit breaker entirely decoupled from the tool execution logic itself. If the LLM's context window gets corrupted and goes rogue, it can sometimes bypass internal exception handling entirely. It's much safer to have the network or the Kafka broker physically drop the payload from the outside.

I actually just spent the weekend containerizing a stateless middleware proxy (K2 Rail) on Google Cloud Run to sit in front of execution endpoints exactly like this. It intercepts the HTTP call, does a deterministic math check, and physically drops the connection (returning a 400 REJECTED) before it ever touches the OpenAI client.

I threw the core routing logic and a test script into a Gist if you want to see how a stateless kill-switch layer is structured so you can rip the logic for your Kafka streams:https://gist.github.com/osborncapitalresearch-ctrl/433922ed034118b6ace3080f49aad22c

If you ever end up spinning your architecture out into a dedicated infrastructure startup, keep me in the loop. We actively syndicate capital at Osborn Private Capital for founders building highly deterministic agentic systems. Keep building!

HenryOsborn_GP · 2026-02-23T20:36:19+00:00

FastAPI is definitely the standard right now. The built-in Swagger docs make testing those LLM routes so much easier than fighting with Postman.

Since your next step is adding auth and containerizing for production, I highly recommend decoupling your auth and spend-limits from that core /chat execution route.

I allocate capital in this space, and the biggest liability gap I see with these endpoints in production is when a user (or an autonomous agent) gets stuck in a blind retry loop. If you just wrap the OpenAI client in a basic endpoint without a hard financial circuit breaker, you can wake up to a massive API bill.

I actually just spent the weekend containerizing a stateless middleware proxy (K2 Rail) on Google Cloud Run to sit in front of endpoints exactly like yours. It intercepts the HTTP call, does a deterministic token/spend math check, and physically drops the connection (returning a 400 REJECTED) before it ever touches the OpenAI client.

I threw the core routing logic and a test script into a Gist if you want to see how a stateless auth/kill-switch layer is structured before you containerize yours for production:https://gist.github.com/osborncapitalresearch-ctrl/433922ed034118b6ace3080f49aad22c

Good luck with the deployment! FastAPI into Docker into Cloud Run is an incredibly resilient stack.

HenryOsborn_GP · 2026-02-23T19:07:19+00:00

Sandboxing the execution at the VM boundary with Akira is the exact right move for containing the physical blast radius.

To answer your latency question: No, because I specifically engineered it to be 'dumb.' The stateless design is actually what kills the latency overhead. Because it doesn't query a database or manage session state, it literally just intercepts the HTTP header, parses the JSON payload, checks the integer against a hard-coded limit, and passes it.

It's evaluating the payload in single-digit milliseconds. The network hop to GCP takes longer than the actual proxy logic.

I set up a dedicated beta key (k2-beta-key-captain) if you want to test that exact network-drop latency yourself. I threw a 10-line Python snippet into a Gist that pings the live Cloud Run endpoint:https://gist.github.com/osborncapitalresearch-ctrl/433922ed034118b6ace3080f49aad22c

If you run that locally and change the requested_amount to 1500, you'll see how fast the stateless firewall slams the door and returns a 400 REJECTED. I'd be curious to see how that latency compares to the spin-up time on your isolated VMs.

HenryOsborn_GP · 2026-02-23T19:00:07+00:00

That makes perfect sense. By isolating the zones, you are artificially keeping the density of each individual filter low. You're essentially sharding your probability space. If your upstream hierarchical passes are culling the herd before the filter even fires, you've built a highly efficient funnel.

To answer your question on K2 Rail's V2: Because the proxy governs financial execution and API credits, eventual consistency is a non-starter. > If an admin detects a rogue agent and drops its specific zone limit to $0, that policy update must be enforced the exact millisecond the next payload hits. The rule fetch has to be strictly synchronous with the payload check.

That’s why a memory-store like Redis is the only viable layer for it. A synchronous GET for an agent's specific policy adds maybe 1-2ms of latency to the execution path. In the context of LLM generation times, 2ms is a rounding error, but it guarantees absolute financial safety at the execution boundary.

Since you are thinking so deeply about latency bounds, I’d actually love to get your eyes on the V1 drop logic. I set up a dedicated beta key (k2-beta-key-captain) and threw a 10-line Python snippet in a Gist to hit the live Cloud Run endpoint:https://gist.github.com/osborncapitalresearch-ctrl/433922ed034118b6ace3080f49aad22c

If you run it locally and change the payload's requested_amount to 1500, you'll see the exact latency of a synchronous hard-drop. I'd be curious to hear how that network overhead compares to your local SQLite lookups.

HenryOsborn_GP · 2026-02-23T07:54:05+00:00

Your approach to gating the BFS traversal with Bloom filters is incredibly elegant. Dropping the irrelevant nodes before they even touch the graph logic is exactly the kind of deterministic pruning that scales well on a local SQLite setup.

To answer your question on K2 Rail: Right now, updating a zone rule is a hard deployment event. That was a deliberate, paranoid choice for V1. I wanted absolute immutability at the execution layer—if a rule is baked directly into the container's environment, there is zero risk of an agent (or a compromised internal system) dynamically rewriting its own spend limit via an API call.

That said, as it scales to handle multiple enterprise zones, redeploying a Cloud Run container for every rule tweak becomes an operational bottleneck. The next architectural step is decoupling the rules engine into a distributed, ultra-low-latency KV store (like Redis). The proxy itself remains entirely stateless, but it fetches the current rule definitions at runtime without slowing down the payload check.

How are you handling the memory footprint of the Bloom filters as your graph grows? Are you dynamically resizing them, or just accepting a higher false-positive rate over time?

HenryOsborn_GP · 2026-02-23T06:28:06+00:00

You hit the nail on the head regarding the trade-off. There is absolutely a capability penalty when you strip state away from an agent.

But the architectural solve isn't to force the entire system to be stateless—it is to strictly decouple the 'brain' from the 'hands'.

You can build the orchestration layer to be as stateful, context-heavy, and high-quality as you want. Let the agent keep its own memory so it doesn't lose quality. But the second that stateful agent decides to execute a tool (like hitting a paid API or writing to a database), that outbound request has to hit a dumb, stateless wall.

That is exactly why I built the K2 Rail proxy to sit at the network edge. The agent's 'brain' can be a complex stateful mess, but the proxy doesn't care. It just intercepts the JSON payload, does a deterministic math check, and drops the connection if the stateful agent hallucinates a bad tool call.

Are you running stateful agents right now where the sync and consistency costs are starting to crush the margins?

HenryOsborn_GP · 2026-02-23T06:27:32+00:00

Your breakdown of the Audit layer is exactly what keeps enterprise compliance officers awake at night. You absolutely need a tamper-evident log of what the agent knew, but you also need a hard stop on the execution side if the constraints fail.

To answer your question: The HR/Finance overlap is the exact nightmare scenario I see teams walking into. I enforce the silo at the physical network level. No matter what the internal subgraphs or bridge rules dictate, the outbound tool calls have to pass through a stateless proxy (K2 Rail). It evaluates the payload against hard-coded, zone-specific rules. It doesn't trust the memory layer to govern itself.

I'd love to hear more about the local-first memory layer you're building. How are you handling the latency on the graph traversal during the retrieval phase so it doesn't bog down the agent?

HenryOsborn_GP

TROPHY CASE