diff options
| author | Peter Stone <thepeterstone@gmail.com> | 2026-01-28 22:19:28 -1000 |
|---|---|---|
| committer | Peter Stone <thepeterstone@gmail.com> | 2026-01-28 22:19:28 -1000 |
| commit | 05b1930e04ac222d73ffb2f45c1b1febb69f893d (patch) | |
| tree | bc451d72b5265ff044c4655ed90685c601688b6d /internal/middleware/security.go | |
| parent | 058ff7d699f088edb851336928dd3eea2934cc07 (diff) | |
Add Agent Context API for external agent integration
Phase 1: Authentication and read-only context
- POST /agent/auth/request - request access with name + agent_id
- GET /agent/auth/poll - poll for approval status
- POST /agent/auth/approve|deny - user approval (browser auth required)
- GET /agent/context - 7-day timeline context (agent session required)
Phase 1.5: Browser-only agent endpoints (HTML pages)
- GET /agent/web/request - request page with token
- GET /agent/web/status - status page with polling
- GET /agent/web/context - context page with timeline data
WebSocket notifications:
- GET /ws/notifications - push agent requests to browsers
- Approval modal with trust indicators and countdown timer
Database:
- agents table for registered agent tracking
- agent_sessions table for pending/active sessions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Diffstat (limited to 'internal/middleware/security.go')
| -rw-r--r-- | internal/middleware/security.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/internal/middleware/security.go b/internal/middleware/security.go index e048645..8d1e619 100644 --- a/internal/middleware/security.go +++ b/internal/middleware/security.go @@ -29,7 +29,7 @@ func SecurityHeaders(debug bool) func(http.Handler) http.Handler { "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; "+ "font-src 'self' https://fonts.gstatic.com; "+ "frame-src https://www.youtube.com https://embed.windy.com; "+ - "connect-src 'self'") + "connect-src 'self' wss: ws:") next.ServeHTTP(w, r) }) |