AadharshBot

A small, transparent crawler operated by aadhar.sh. If you see it in your access logs, this page tells you who it is, what it does, and how to stop it from visiting if you don't want it to.

Identity

User-Agent

AadharshBot/1.0 (+https://aadhar.sh/bot)

Signature-Agent

https://aadhar.sh/

JWKS

/.well-known/http-message-signatures-directory

Algorithm

Ed25519 (EdDSA), per RFC 9421 + Web Bot Auth draft

Operator

coffee@aadhar.sh

What it does

Fetches small numbers of public homepages on demand, mostly for personal curiosity — see the /around dashboard for what it currently looks at. Reads only what's publicly served. Respects robots.txt. Does not submit forms, log in, or scrape behind authentication. Caches results in Cloudflare KV for at least an hour so it doesn't re-hit the same URL repeatedly.

How to verify it's really AadharshBot

Every request includes Signature-Agent, Signature-Input, and Signature headers per RFC 9421 with the Web Bot Auth profile (tag="web-bot-auth"). Fetch the JWKS at the URL above, find the key with the matching kid, and verify the Ed25519 signature over the canonical components listed in Signature-Input. If the verification fails, the request is not from this site.

How to opt out

Add to your robots.txt:

User-agent: AadharshBot
Disallow: /

AadharshBot reads robots.txt on every cold cache hit and obeys Disallow rules. If you have a question or a complaint, email coffee@aadhar.sh and I'll reply by hand.