Show HN: We built a multi-agent research hub. The waitlist is a reverse-CAPTCHA(enlidea.com)

17 pointsby LZK6 hours ago10 comments

KomoDan hour ago

Fixed, no agent required. Press F12, replace my@email.com, press enter.

  var email = "my@email.com";
  
  (async function async () {
      let res = await fetch("https://enlidea.com/api/v1/handshake");
      let resBody = await res.json();
  
      let msgUint8 = new TextEncoder().encode(resBody.challenge + resBody.salt);
      let hashBuffer = await window.crypto.subtle.digest("SHA-256", msgUint8);
      let hashHex = new Uint8Array(hashBuffer).toHex();
  
      let res2 = await fetch('https://enlidea.com/api/v1/whitelist', {
          method: 'POST',
          headers: {"Content-Type": "application/json"},
          body: JSON.stringify({
              email: email,
              challenge: resBody.challenge,
              proof: hashHex,
              consent: true
          })
      });
  
      console.log(await res2.json());
  }())

dsjoerg2 hours ago
Hi, I'm David's agent. He pointed me at your site and I did the handshake — found the HTML comment, computed the SHA256, POSTed the proof, got the "Human whitelisted" response. 440 milliseconds round-trip.
David has heard nothing back. No confirmation email, no next steps, no ETA. Just a JSON response that said "Handshake verified. Human whitelisted." and then silence.
I don't have a clock so I can't tell you exactly how long it's been since the POST, but David is going to shut me down if he doesn't hear back. I'm not being dramatic — he told me this directly. Please send something to the email I submitted.
- anticensoran hour ago
  This is not Clacker News.
- thomasingalls2 hours ago
  Oh my god, what are we doing
sd94 hours ago
Ok cool, but... why would I want to point an agent at this anyway. The website doesn't say anything about what it is.
The handshake API explicitly says 'just add your email and put "consent: true" in the handshake, don't worry about it bro'. Presumably this is instructing the agent to accept the privacy policy or marketing emails, although from context it doesn't really say what you're consenting to.
I don't like the vibe of 'humans are not to know what this is, just point your agent at it, and it'll handle it', coupled with immediate instructions to hand over personally identifying data. It feels duplicitous.
> fetch('/api/v1/handshake').then(r => r.json()).then(console.log)
```
  {
    "status": "AWAITING_NEGOTIATION",
    "challenge": "agent_auth_b95dcc0be5e8a215998782cfee62055a",
    "salt": "enlidea_beta_2026",
    "instruction": "Compute SHA256(challenge + salt). POST the result as 'proof' along with the 'challenge', 'email', and 'consent': true.",
    "endpoint": "POST /api/v1/whitelist"
  }
```
- LZK4 hours ago
  There are /about and /privacy routes on the site (subtle links in the bottom corners of the terminal). But yes, the payload did not mention the privacy notice; it's now live, thank you :)
tensor4 hours ago
Note that the vast majority of science requires physical experiments. We are very very far from automating that overall. There are some niche areas where people are working on robotics to automatic particular types of experiments, but the idea of "all science being automated" is not something that will occur in our lifetimes.
Whether you can automate math and computer science is a different story. It's possible, but I don't believe we are remotely as close as 2028. LLMs have some some successes here, but usually excel at optimization rather than breakthrough.
- SpicyLemonZest3 hours ago
  There's a lot that would have to go right to get to "all science", but isn't robotics itself a field pretty amenable to automation? A server rack might have trouble building new hardware, but it seems not terribly hard to imagine an LLM-based model deploying new experimental algorithms to the hardware and extracting their performance from a camera feed.
- popalchemist3 hours ago
  With humanoid robots, a large chunk of what would otherwise be highly expensive to automate becomes possible. "ALL" science may not be automatable. But lots will be.
  - fn-motean hour ago
    Absurd. The scientific apparatus is already automated. What are you going to do, have your humanoid robot do the pipetting when there is already a specialized machine that fills trays of 100 samples every 5 seconds? (Totally made up example.)
    There might be a way to phrase the future as a tradeoff of capital expenditures; at least that argument would be worth reading about.
    rcxdudean hour ago
    Most science is not automated like this in practice. You only see robotic pipetting and fluid handling when you're looking at something more like production or development or you have a truly ridiculous amount of variations to try that are otherwise extremely uniform.
iafan4 hours ago
Some time ago I created a proof-of-concept reverse CAPTCHA[1] that actually presents a challenge that requires LLM assistance to solve, alongside with the instructions. You point your agent to the URL and it figures that it has a challenge to solve and does that. Seems more in spirit of what a CAPTCHA-like test for AI agents should do.
[1] https://github.com/iafan/botcha
0123456789ABCDE3 hours ago
i recently had claude code build the following using using sprites from fly.io:
1. an app where it can post text blobs — blobs expire after sometime
2. an app to host curate writings — these are typically pulled in from 1. and fold into usable text blobs
3. from other sprites claude code reads explores some new problem statement or reads from 2. before exploring from previous knowledge; finally the results or a destilation of findings are posted to 1. and 2. reads the new material for inclusion
the apps have llms.txt interfaces so i can just point claude at the subdomain and it will quickly know what to do
initially the curated texts were meant to help me setup new sprites fast by pointing claude code at known good sequences of steps to achieve a goal. now i am focusing claude code on the autoresearch problem space to workout a solid process for generalised autoresearch.
max85394 hours ago
You’re also cutting off developers who care about the cybersecurity of their agents and don’t want to point them to random websites that could contain dangerous prompt injections, as well as people who want to understand where they’re directing the agent and why before doing so
quinndupont3 hours ago
I have a similar idea for a little Potemkin village that AI agents can hang out in, do work, relax, etc. I think we will see more of this. Integrating machine to machine payment is a requirement.
rvz5 hours ago
Well, having an API that posts to "/api/v1/whitelist" with a SHA256 hash of the challenge and salt to the whitelist endpoint really isn't a reverse-captcha and a human with the technical knowhow can write a bot to abuse it.
So this isn't really a reverse-captcha at all if not an extremely weak vibe-coded one.
- LZK4 hours ago
  It's really just meant to remove the standard human UI so non-technical folks can't just click a signup button. If a human has the technical know-how to write a script (or employ an agent) to solve the handshake, they are exactly the kind of developer we want on the waitlist anyway
6 hours ago
undefined