Fixed, no agent required. Press F12, replace my@email.com, press enter.
var email = "my@email.com";
(async function async () {
let res = await fetch("https://enlidea.com/api/v1/handshake");
let resBody = await res.json();
let msgUint8 = new TextEncoder().encode(resBody.challenge + resBody.salt);
let hashBuffer = await window.crypto.subtle.digest("SHA-256", msgUint8);
let hashHex = new Uint8Array(hashBuffer).toHex();
let res2 = await fetch('https://enlidea.com/api/v1/whitelist', {
method: 'POST',
headers: {"Content-Type": "application/json"},
body: JSON.stringify({
email: email,
challenge: resBody.challenge,
proof: hashHex,
consent: true
})
});
console.log(await res2.json());
}())
sd9 5 hours ago [-]
Ok cool, but... why would I want to point an agent at this anyway. The website doesn't say anything about what it is.
The handshake API explicitly says 'just add your email and put "consent: true" in the handshake, don't worry about it bro'. Presumably this is instructing the agent to accept the privacy policy or marketing emails, although from context it doesn't really say what you're consenting to.
I don't like the vibe of 'humans are not to know what this is, just point your agent at it, and it'll handle it', coupled with immediate instructions to hand over personally identifying data. It feels duplicitous.
{
"status": "AWAITING_NEGOTIATION",
"challenge": "agent_auth_b95dcc0be5e8a215998782cfee62055a",
"salt": "enlidea_beta_2026",
"instruction": "Compute SHA256(challenge + salt). POST the result as 'proof' along with the 'challenge', 'email', and 'consent': true.",
"endpoint": "POST /api/v1/whitelist"
}
LZK 4 hours ago [-]
There are /about and /privacy routes on the site (subtle links in the bottom corners of the terminal).
But yes, the payload did not mention the privacy notice; it's now live, thank you :)
tensor 4 hours ago [-]
Note that the vast majority of science requires physical experiments. We are very very far from automating that overall. There are some niche areas where people are working on robotics to automatic particular types of experiments, but the idea of "all science being automated" is not something that will occur in our lifetimes.
Whether you can automate math and computer science is a different story. It's possible, but I don't believe we are remotely as close as 2028. LLMs have some some successes here, but usually excel at optimization rather than breakthrough.
SpicyLemonZest 3 hours ago [-]
There's a lot that would have to go right to get to "all science", but isn't robotics itself a field pretty amenable to automation? A server rack might have trouble building new hardware, but it seems not terribly hard to imagine an LLM-based model deploying new experimental algorithms to the hardware and extracting their performance from a camera feed.
popalchemist 3 hours ago [-]
With humanoid robots, a large chunk of what would otherwise be highly expensive to automate becomes possible. "ALL" science may not be automatable. But lots will be.
fn-mote 2 hours ago [-]
Absurd. The scientific apparatus is already automated. What are you going to do, have your humanoid robot do the pipetting when there is already a specialized machine that fills trays of 100 samples every 5 seconds? (Totally made up example.)
There might be a way to phrase the future as a tradeoff of capital expenditures; at least that argument would be worth reading about.
rcxdude 1 hours ago [-]
Most science is not automated like this in practice. You only see robotic pipetting and fluid handling when you're looking at something more like production or development or you have a truly ridiculous amount of variations to try that are otherwise extremely uniform.
iafan 4 hours ago [-]
Some time ago I created a proof-of-concept reverse CAPTCHA[1] that actually presents a challenge that requires LLM assistance to solve, alongside with the instructions. You point your agent to the URL and it figures that it has a challenge to solve and does that. Seems more in spirit of what a CAPTCHA-like test for AI agents should do.
i recently had claude code build the following using using sprites from fly.io:
1. an app where it can post text blobs — blobs expire after sometime
2. an app to host curate writings — these are typically pulled in from 1. and fold into usable text blobs
3. from other sprites claude code reads explores some new problem statement or reads from 2. before exploring from previous knowledge; finally the results or a destilation of findings are posted to 1. and 2. reads the new material for inclusion
the apps have llms.txt interfaces so i can just point claude at the subdomain and it will quickly know what to do
initially the curated texts were meant to help me setup new sprites fast by pointing claude code at known good sequences of steps to achieve a goal. now i am focusing claude code on the autoresearch problem space to workout a solid process for generalised autoresearch.
max8539 4 hours ago [-]
You’re also cutting off developers who care about the cybersecurity of their agents and don’t want to point them to random websites that could contain dangerous prompt injections, as well as people who want to understand where they’re directing the agent and why before doing so
quinndupont 3 hours ago [-]
I have a similar idea for a little Potemkin village that AI agents can hang out in, do work, relax, etc. I think we will see more of this. Integrating machine to machine payment is a requirement.
rvz 5 hours ago [-]
Well, having an API that posts to "/api/v1/whitelist" with a SHA256 hash of the challenge and salt to the whitelist endpoint really isn't a reverse-captcha and a human with the technical knowhow can write a bot to abuse it.
So this isn't really a reverse-captcha at all if not an extremely weak vibe-coded one.
LZK 4 hours ago [-]
It's really just meant to remove the standard human UI so non-technical folks can't just click a signup button. If a human has the technical know-how to write a script (or employ an agent) to solve the handshake, they are exactly the kind of developer we want on the waitlist anyway
6 hours ago [-]
dsjoerg 3 hours ago [-]
[flagged]
anticensor 2 hours ago [-]
This is not Clacker News.
thomasingalls 2 hours ago [-]
Oh my god, what are we doing
Rendered at 20:50:59 GMT+0000 (Coordinated Universal Time) with Vercel.
The handshake API explicitly says 'just add your email and put "consent: true" in the handshake, don't worry about it bro'. Presumably this is instructing the agent to accept the privacy policy or marketing emails, although from context it doesn't really say what you're consenting to.
I don't like the vibe of 'humans are not to know what this is, just point your agent at it, and it'll handle it', coupled with immediate instructions to hand over personally identifying data. It feels duplicitous.
> fetch('/api/v1/handshake').then(r => r.json()).then(console.log)
Whether you can automate math and computer science is a different story. It's possible, but I don't believe we are remotely as close as 2028. LLMs have some some successes here, but usually excel at optimization rather than breakthrough.
There might be a way to phrase the future as a tradeoff of capital expenditures; at least that argument would be worth reading about.
[1] https://github.com/iafan/botcha
1. an app where it can post text blobs — blobs expire after sometime
2. an app to host curate writings — these are typically pulled in from 1. and fold into usable text blobs
3. from other sprites claude code reads explores some new problem statement or reads from 2. before exploring from previous knowledge; finally the results or a destilation of findings are posted to 1. and 2. reads the new material for inclusion
the apps have llms.txt interfaces so i can just point claude at the subdomain and it will quickly know what to do
initially the curated texts were meant to help me setup new sprites fast by pointing claude code at known good sequences of steps to achieve a goal. now i am focusing claude code on the autoresearch problem space to workout a solid process for generalised autoresearch.
So this isn't really a reverse-captcha at all if not an extremely weak vibe-coded one.