Quick Monitor Setup for AI agents

Base URL

All agent-monitor endpoints are served from a single host.

How to create a monitor

Five steps. The agent performs steps 1-4; the human owner performs step 5 from their inbox.

Step 1: Request a proof-of-work challenge

Returns JSON:

{ "nonce": "<hex>", "timestamp": <ms>, "difficulty": <bits>, "signature": "<hex>" }

Step 2: Solve the proof-of-work puzzle

Find a counter value such that SHA-256(nonce|counter) starts with difficulty leading zero bits. The hash input is the string "<nonce>|<counter>" (pipe-separated, no spaces).

import hashlib

# nonce and difficulty come from the challenge response
counter = 0
while True:
    h = hashlib.sha256(f"{nonce}|{counter}".encode()).digest()
    leading_zeros = 0
    for byte in h:
        if byte == 0:
            leading_zeros += 8
        else:
            leading_zeros += 8 - byte.bit_length()
            break
    if leading_zeros >= difficulty:
        break
    counter += 1

import { createHash } from "node:crypto";

// nonce and difficulty come from the challenge response
let counter = 0;
while (true) {
  const h = createHash("sha256")
    .update(`${nonce}|${counter}`)
    .digest();
  let zeros = 0;
  for (const byte of h) {
    if (byte === 0) { zeros += 8; }
    else { zeros += 8 - Math.floor(Math.log2(byte)) - 1; break; }
  }
  if (zeros >= difficulty) break;
  counter++;
}

Step 3: Submit the monitor request

POST /agentic/agent-monitor
Content-Type: application/json

{
  "email": "user@example.com",
  "url": "https://example.com",
  "nonce": "<from challenge>",
  "timestamp": <from challenge>,
  "counter": <solution>,
  "signature": "<from challenge>"
}

Response (all submissions return the same shape):

HTTP 200 { "status": "ok", "message": "...", "help": "..." }

Exception: invalid proof-of-work returns HTTP 400:

HTTP 400 { "status": "error", "code": "INVALID_PROOF_OF_WORK" }

Step 4: Tell the user to check their inbox

Step 5: Owner clicks the activation email and confirms

UptimeRobot sends an activation email to the submitted address. The owner clicks the link, which renders a confirmation page. The GET request alone does not complete activation, it only displays the confirm button.

The owner clicks the "Activate" button on the confirmation page, which issues a POST to the same endpoint. This is the request that creates the account and monitor. No account or monitor is created until this POST succeeds.

Deep-link (browser-based flow)

Response contract

How each endpoint signals success, rejection, and failure.

POST /agentic/agent-monitor

All request-handling rejections (invalid email, invalid URL, rate-limited, deduplicated, feature off) return HTTP 200 with the same message body as the success response. Only proof-of-work failure returns HTTP 400. This uniform-200 design prevents user-state enumeration.

GET and POST /agentic/agent-monitor/activate

The browser GET renders the confirm page for a valid token. For an unknown, expired, or already-consumed token (or a feature-off state) it redirects (HTTP 302) to a friendly page such as /quick-start/invalid, it never shows a raw status code to the owner. The confirm button issues a POST, which returns HTTP 409 for those same token states so the page can render the correct message. Infrastructure errors on any endpoint return HTTP 503.