Hi HN,

At Imbue, we’ve been following the rapid developments in the agent landscape and noticed that the way agents interact with third-party services on users’ behalf often leaves a lot to be desired. Integrations are ad hoc, complicated, context-heavy, and either unfriendly to non-technical users or tied to a lock-in of some sort.

We‘re experimenting with a command-line tool, Latchkey, that could be used by local agents targeted at non-technical users while avoiding remote intermediaries. As far as we know, this is the only existing approach at the intersection of these two goals.

Core idea: Agents access APIs of third-party services by prepending ordinary `curl` calls with the `latchkey` command, like this:

    latchkey curl -X POST 'https://slack.com/api/conversations.create' \
      -H 'Content-Type: application/json' \
      -d '{"name":"something-urgent"}'

Latchkey then transparently injects credentials into these calls, prompting the user to log in via a browser pop-up when needed. Browser automation is used to extract an API token from the browser session once logged in.

Benefits:

* A single skill to integrate with all services.

* Direct communication between the agent and the third-party service (no OAuth intermediary app needed).

* Agents usable by non-technical users.

* Secrets do not leak to logs or chat transcripts.

We believe this aligns with a vision of a decentralized future in which people don’t need to ask corporations for permission to use their own data. We imagine a lively ecosystem of local agents that people use freely, supported by a community helping each other keep these tools useful and functional.

We’re aware that this approach comes with some downsides, too, and would love your feedback.

P.S. Here’s also a link to Passepartout, a toy demo AI assistant app built using Latchkey: https://github.com/imbue-ai/passepartout