From 05b1930e04ac222d73ffb2f45c1b1febb69f893d Mon Sep 17 00:00:00 2001 From: Peter Stone Date: Wed, 28 Jan 2026 22:19:28 -1000 Subject: Add Agent Context API for external agent integration Phase 1: Authentication and read-only context - POST /agent/auth/request - request access with name + agent_id - GET /agent/auth/poll - poll for approval status - POST /agent/auth/approve|deny - user approval (browser auth required) - GET /agent/context - 7-day timeline context (agent session required) Phase 1.5: Browser-only agent endpoints (HTML pages) - GET /agent/web/request - request page with token - GET /agent/web/status - status page with polling - GET /agent/web/context - context page with timeline data WebSocket notifications: - GET /ws/notifications - push agent requests to browsers - Approval modal with trust indicators and countdown timer Database: - agents table for registered agent tracking - agent_sessions table for pending/active sessions Co-Authored-By: Claude Opus 4.5 --- internal/middleware/security.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'internal/middleware/security.go') diff --git a/internal/middleware/security.go b/internal/middleware/security.go index e048645..8d1e619 100644 --- a/internal/middleware/security.go +++ b/internal/middleware/security.go @@ -29,7 +29,7 @@ func SecurityHeaders(debug bool) func(http.Handler) http.Handler { "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; "+ "font-src 'self' https://fonts.gstatic.com; "+ "frame-src https://www.youtube.com https://embed.windy.com; "+ - "connect-src 'self'") + "connect-src 'self' wss: ws:") next.ServeHTTP(w, r) }) -- cgit v1.2.3