Show HN: Notme.bot – an OSS specification to remove bearer tokens in an AI world
notme.botIn September 2025, I was stuck on a plane trying to use gitsign to sign commits. The lack of internet made the traditional OAUTH/Bearer token flow impossible, and it forced me to rethink how we handle authorization for agents.
With the Trivy hack happening twice this past month, it’s clear we can’t keep relying on "keys in a vault" that can be exfiltrated.
notme.bot is a specification that moves away from bearer tokens toward cryptographic provenance. It allows humans to delegate specific, verifiable authority to AI agents or CLI tools in a way that is local-first and privacy-preserving.
The reference implementation and primitives can be found at github.com/agentic-research/signet
The full draft specification can be read here: https://github.com/agentic-research/signet/blob/main/docs/ap...
No company cares about your privacy the way you do.
No comments yet.