Skip to content

Route homepage capture to the bmdpat list (secure, same-origin)#632

Merged
bmdhodl merged 2 commits into
mainfrom
fix/subscribe-to-bmdpat-list
Jul 7, 2026
Merged

Route homepage capture to the bmdpat list (secure, same-origin)#632
bmdhodl merged 2 commits into
mainfrom
fix/subscribe-to-bmdpat-list

Conversation

@bmdhodl

@bmdhodl bmdhodl commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Draft — outward-facing change to the public product site. Do not merge without review.

What

The homepage "Get updates" form posted to /api/lead, which has no handler in the repo (a live GET /api/lead returns 307) and does not feed the bmdpat newsletter list where subscribers actually live. It was a dead capture.

This replaces it with a link to bmdpat's hardened, same-origin capture at /tools/agentguard, tagged utm_source=agentguard47 for attribution, with de-fluffed copy that matches the list ("Field notes on running agents in production"). Removes the now-unused submitLeadForm handler.

Security (the point of the design)

This deliberately introduces no cross-origin write path:

  • No CORS is opened on bmdpat's /api/subscribe. CORS only governs whether a browser can read a response; a public POST endpoint is already reachable by curl, so opening CORS would add attack surface (subscription-bombing, spam) without adding protection.
  • No shared secret lives in this public MIT repo.
  • It reuses the existing same-origin endpoint, which already has a honeypot, per-IP rate limiting, and strict email validation.

The alternative (keep an inline form on agentguard47.com) would require either opening CORS (least secure) or a server-to-server forward with a shared secret env var provisioned on both Vercel projects. That is viable but needs secret provisioning and is a larger change; this same-origin-link approach is the maximally secure option and ships with zero secrets.

Tested

  • New CTA links to https://bmdpat.com/tools/agentguard?utm_source=agentguard47&utm_medium=site&utm_campaign=field-notes, which returns HTTP 200 live.
  • Live production smoke test of the destination pipeline (POST → Supabase row → welcome email) passed and the test row was cleaned up.
  • No remaining /api/lead or submitLeadForm references; no other site page carried the dead form.

Tradeoff for the reviewer

This removes the inline email field in favor of a click-through to the hardened capture. That is a small conversion cost for a large security gain. If inline capture on-site is preferred, the follow-up is the server-to-server design above (needs one shared-secret env var).

🤖 Generated with Claude Code

…igin)

The homepage "Get updates" form posted to /api/lead, which has no handler
in the repo (GET returns 307) and does not feed the bmdpat newsletter list
where subscribers actually live. It was a dead capture.

Replace it with a link to bmdpat's hardened, same-origin capture at
/tools/agentguard (honeypot + rate limit + validation already in place),
tagged with utm_source=agentguard47 for attribution. De-fluffed the copy to
match the list ("Field notes on running agents in production").

Security: this deliberately introduces NO cross-origin write path. No CORS
is opened on bmdpat, and no shared secret lives in this public MIT repo.
The most secure wiring is to reuse the existing same-origin endpoint, which
this does. Removed the now-unused submitLeadForm handler.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@bmdhodl bmdhodl marked this pull request as ready for review July 7, 2026 02:55
Copilot AI review requested due to automatic review settings July 7, 2026 02:55
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the public product homepage newsletter capture to avoid a dead /api/lead POST and instead route users to the existing hardened capture flow on bmdpat.com via a same-origin click-through link (no cross-origin write path, no secrets added to this MIT repo).

Changes:

  • Replace the homepage inline “Get updates” email form with a CTA link to https://bmdpat.com/tools/agentguard including UTM tags.
  • Remove the now-unused submitLeadForm client-side handler previously used to POST to /api/lead.

Comment thread site/index.html Outdated
<p class="form-status" aria-live="polite"></p>
</form>
<div class="email-cta">
<p class="muted">Field notes on running agents in production: what breaks, what it costs, and what actually stops a runaway agent. Only when there is something worth sending.</p>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@bmdhodl bmdhodl merged commit eff5d95 into main Jul 7, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants