4 comments

  • esafak31 minutes ago
    First time I&#x27;m hearing about <a href="https:&#x2F;&#x2F;agentauthprotocol.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;agentauthprotocol.com&#x2F;</a> and <a href="https:&#x2F;&#x2F;workos.com&#x2F;auth-md" rel="nofollow">https:&#x2F;&#x2F;workos.com&#x2F;auth-md</a><p>MCP and A2A weren&#x27;t enough?
    • benswerd22 minutes ago
      MCP Auth is just Oauth, its designed for humans to authenticate their sessions for connections.<p>TBH I know nothing about A2A.<p>Agent Identity and Authz is a different problem, allowing agents to operate independently from humans with granular permissions is coming&#x2F;whether from these protocols or others, and when it does I think CLIs&#x2F;CLI Device Auth which is used as a rough proxy for this where the agent just takes your identity will finally go away.
  • mohamedkoubaa23 minutes ago
    &gt;Defaults are bad. Agents can be expected to read the documentation, register what good starting values are, and fill them all in, in place.<p>This is not what defaults are for.<p>If, for example, you are writing a replacement CLI for git, *for the love of God and all that is holy* do not force agents to read the entire documentation and pass a value for every possible parameter
    • benswerd19 minutes ago
      Why not?<p>The docs for git clone at <a href="https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-clone" rel="nofollow">https:&#x2F;&#x2F;git-scm.com&#x2F;docs&#x2F;git-clone</a> are less than 4000 tokens, I don&#x27;t think this is unreasonable.
  • ShipVoicedev35 minutes ago
    [flagged]