Show HN: Latchkey – inject credentials into agents' curl calls https://ift.tt/GsScFD0

Show HN: Latchkey – inject credentials into agents' curl calls Hi HN, At Imbue, we’ve been following the rapid developments in the agent landscape and noticed that the way agents interact with third-party services on users’ behalf often leaves a lot to be desired. Integrations are ad hoc, complicated, context-heavy, and either unfriendly to non-technical users or tied to a lock-in of some sort. We‘re experimenting with a command-line tool, Latchkey, that could be used by local agents targeted at non-technical users while avoiding remote intermediaries. As far as we know, this is the only existing approach at the intersection of these two goals. Core idea: Agents access APIs of third-party services by prepending ordinary `curl` calls with the `latchkey` command, like this: latchkey curl -X POST 'https://ift.tt/sL6AQa9' \ -H 'Content-Type: application/json' \ -d '{"name":"something-urgent"}' Latchkey then transparently injects credentials into these calls, prompting the user to log in via a browser pop-up when needed. Browser automation is used to extract an API token from the browser session once logged in. Benefits: * A single skill to integrate with all services. * Direct communication between the agent and the third-party service (no OAuth intermediary app needed). * Agents usable by non-technical users. * Secrets do not leak to logs or chat transcripts. We believe this aligns with a vision of a decentralized future in which people don’t need to ask corporations for permission to use their own data. We imagine a lively ecosystem of local agents that people use freely, supported by a community helping each other keep these tools useful and functional. We’re aware that this approach comes with some downsides, too, and would love your feedback. P.S. Here’s also a link to Passepartout, a toy demo AI assistant app built using Latchkey: https://ift.tt/k2xrGWe https://ift.tt/jhVB0vP February 3, 2026 at 11:15PM