Comment by sd9

8 hours ago

Ok cool, but... why would I want to point an agent at this anyway. The website doesn't say anything about what it is.

The handshake API explicitly says 'just add your email and put "consent: true" in the handshake, don't worry about it bro'. Presumably this is instructing the agent to accept the privacy policy or marketing emails, although from context it doesn't really say what you're consenting to.

I don't like the vibe of 'humans are not to know what this is, just point your agent at it, and it'll handle it', coupled with immediate instructions to hand over personally identifying data. It feels duplicitous.

> fetch('/api/v1/handshake').then(r => r.json()).then(console.log)

  {
    "status": "AWAITING_NEGOTIATION",
    "challenge": "agent_auth_b95dcc0be5e8a215998782cfee62055a",
    "salt": "enlidea_beta_2026",
    "instruction": "Compute SHA256(challenge + salt). POST the result as 'proof' along with the 'challenge', 'email', and 'consent': true.",
    "endpoint": "POST /api/v1/whitelist"
  }

1 comment

sd9

Reply
LZK  7 hours ago

There are /about and /privacy routes on the site (subtle links in the bottom corners of the terminal). But yes, the payload did not mention the privacy notice; it's now live, thank you :)