Latchkey brings auth to curl-first agents

This is a genuinely sharp anti-bloat move: instead of adding another agent protocol, Latchkey keeps the model in curl territory and moves auth into a local, encrypted layer. The appeal is less about novelty than about removing one of the ugliest parts of agent integration without inventing another abstraction.

• –The curl-first approach lowers friction because agents already know how to write and read curl examples from public API docs.
• –Keeping credentials local and out of prompts, logs, and transcripts is the strongest part of the pitch.
• –The tradeoff is trust, because browser-login and shared auth make the local machine part of the attack surface, so prompt injection and token hygiene still matter.
• –Product Hunt comments already surface the operational questions, and Imbue says auth is decoupled from the agent lifecycle with isolated credential stores via `LATCHKEY_DIRECTORY`.
• –Best fit is HTTP-first services and power users; richer, stateful workflows will still benefit from fuller protocols like MCP.