Skip to content

Commit 70a0195

Browse files
bmdhodlclaude
andcommitted
fix(site): route homepage capture to the bmdpat list (secure, same-origin)
The homepage "Get updates" form posted to /api/lead, which has no handler in the repo (GET returns 307) and does not feed the bmdpat newsletter list where subscribers actually live. It was a dead capture. Replace it with a link to bmdpat's hardened, same-origin capture at /tools/agentguard (honeypot + rate limit + validation already in place), tagged with utm_source=agentguard47 for attribution. De-fluffed the copy to match the list ("Field notes on running agents in production"). Security: this deliberately introduces NO cross-origin write path. No CORS is opened on bmdpat, and no shared secret lives in this public MIT repo. The most secure wiring is to reuse the existing same-origin endpoint, which this does. Removed the now-unused submitLeadForm handler. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1 parent 73fd924 commit 70a0195

1 file changed

Lines changed: 4 additions & 50 deletions

File tree

site/index.html

Lines changed: 4 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -1027,13 +1027,10 @@ <h2>Run the local proof. Keep the dashboard optional.</h2>
10271027
<a class="btn btn-red" href="/quickstart.html">Run quickstart</a>
10281028
<a class="btn btn-secondary" href="https://pypi.org/project/agentguard47/">View PyPI</a>
10291029
</div>
1030-
<form class="email-form" action="/api/lead" method="post" onsubmit="return submitLeadForm(event, this)">
1031-
<label class="sr-only" for="homepage-email">Email for hosted updates</label>
1032-
<input id="homepage-email" type="email" name="email" placeholder="Email for hosted updates" autocomplete="email" required />
1033-
<input type="hidden" name="source" value="agentguard47_homepage" />
1034-
<button class="btn" type="submit">Get updates</button>
1035-
<p class="form-status" aria-live="polite"></p>
1036-
</form>
1030+
<div class="email-cta">
1031+
<p class="muted">Field notes on running agents in production: what breaks, what it costs, and what actually stops a runaway agent. Only when there is something worth sending.</p>
1032+
<a class="btn" href="https://bmdpat.com/tools/agentguard?utm_source=agentguard47&amp;utm_medium=site&amp;utm_campaign=field-notes">Get the field notes</a>
1033+
</div>
10371034
</div>
10381035
</section>
10391036
</main>
@@ -1099,49 +1096,6 @@ <h2>Run the local proof. Keep the dashboard optional.</h2>
10991096
setButtonState(button, 'Select text');
11001097
});
11011098
}
1102-
1103-
function submitLeadForm(event, form) {
1104-
if (!window.fetch || !window.FormData) {
1105-
return true;
1106-
}
1107-
1108-
event.preventDefault();
1109-
1110-
var button = form.querySelector('button[type="submit"]');
1111-
var status = form.querySelector('.form-status');
1112-
var email = form.querySelector('input[name="email"]');
1113-
if (!email.value.trim()) {
1114-
status.textContent = 'Enter an email first.';
1115-
status.className = 'form-status error';
1116-
email.focus();
1117-
return false;
1118-
}
1119-
1120-
button.disabled = true;
1121-
status.textContent = 'Saving...';
1122-
status.className = 'form-status';
1123-
1124-
fetch(form.action, {
1125-
method: form.method || 'post',
1126-
body: new FormData(form),
1127-
credentials: 'same-origin',
1128-
headers: { 'accept': 'application/json' }
1129-
}).then(function(response) {
1130-
if (!response.ok) {
1131-
throw new Error('Lead capture failed');
1132-
}
1133-
form.reset();
1134-
status.textContent = 'Updates enabled. Check your inbox.';
1135-
status.className = 'form-status success';
1136-
}).catch(function() {
1137-
status.textContent = 'Could not save that email. Try again.';
1138-
status.className = 'form-status error';
1139-
}).finally(function() {
1140-
button.disabled = false;
1141-
});
1142-
1143-
return false;
1144-
}
11451099
</script>
11461100
</body>
11471101
</html>

0 commit comments

Comments
 (0)