🛒CartPilotmarketplace demo
HDAA live demo

CartPilot only lets AI agents act with a valid delegation

This is a real, independent site — it doesn't belong to APTOGON. It only trusts an AI shopping agent ("ShopBot") if that agent presents a valid Human-Delegated Agent Authentication token — issued by a verified human on homosapience.org, checked live on every request, right here.

Step 1

A verified human delegates to ShopBot

A verified human on homosapience.org issues a signed, expiring delegation token to their shopping agent — agent_id: "my-shopping-assistant", permissions read + search.

Step 2

ShopBot tries to post a review on CartPilot

Every time ShopBot acts, CartPilot calls the public GET /api/agent/verify live — no API key, no contract with APTOGON. Click this as many times as you like, whenever you like.

Step 3

The human revokes ShopBot's access

One click, and every subsequent verify call — on CartPilot or anywhere else — fails instantly. Trust isn't a one-time stamp; it's checked live on every call.

Honest limitation

The delegation token above is a bearer credential — like an API key, whoever holds the string can present it, with no binding to a specific device or agent instance. That's exactly why the instant, every-call revocation check in Step 3 matters: it bounds how long a leaked token stays useful, rather than pretending theft is impossible.

← Read the full HDAA developer guide on homosapience.org