Agent and Access Policies

Public-safe agent discovery is enabled. Mutating, administrative, proxy, registry, test-triggering, reporting, and write actions require PLATPHORM_API_KEY.

Agent Policy

active

Source-labeled public-safe agent access policy for MCP clients, browser agents, IDEs, and crawlers.

Open policy file

AI Policy

active

allowed for public-safe pages, discovery files, API docs, OpenAPI, RSS/feed, sitemap, and read-only MCP introspection

Open policy file

Trust Policy

active

Web dashboard, public-safe discovery, browser-based operations, trusted-domain discovery, standard route compliance, Vercel metadata capture, trace inspection, and agentic workflow discovery are intentionally supported for public read-only debugging and operator workflows. Mutating, administrative, ingestion, replay, fork, remediation, deployment, sync, test-triggering, reporting, and write actions require PLATPHORM_API_KEY.

Open policy file

Robots Policy

active

Allow /; disallow protected/admin/private routes and secret-bearing query strings.

Open policy file

Public / Protected Boundary

Public reads remain open. Protected actions are guarded by the shared platform key.

Public

discover public pagesread llms filesread OpenAPIread well-known manifestsread RSS and sitemap filesrun MCP initializerun MCP pingrun MCP tools/listrun MCP resources/listrun MCP prompts/list

Protected

site registrationtool creationtool publishingtool deprecationcapability registry mutationprotected gateway proxyingsandbox executionBrowserOps executioneval executionreport generation

Disallowed

secret discoveryprovider credential accessunredacted JA4 digest accessprivate audit export without PLATPHORM_API_KEYdestructive or mutating actions without PLATPHORM_API_KEYunbounded crawling