# auth.md - anc.dev agent authentication

anc.dev publishes a public catalog of the agent-native CLI standard. The programmatic surfaces
below require **no authentication, no API key, and no agent registration**.

## Audience

AI agents and MCP clients (Claude Code, Codex, Cursor, custom runtimes) that query the
agent-native CLI standard: scorecards, the eight principles, and the vendored spec.

## Endpoints

- MCP server (streamable HTTP): `https://anc.dev/mcp` - JSON-RPC, MCP spec revision `2025-06-18`.
- MCP server card (SEP-1649): `https://anc.dev/.well-known/mcp/server-card.json`.
- MCP pointer aliases (301 to the server card): `https://anc.dev/.well-known/mcp`, `https://anc.dev/mcp.json`.
- API catalog: `https://anc.dev/.well-known/api-catalog`.
- OAuth protected resource: `https://anc.dev/.well-known/oauth-protected-resource`.
- OAuth authorization server: `https://anc.dev/.well-known/oauth-authorization-server`.
- Client guide: `https://anc.dev/mcp-skill.md`.

## Authentication method

None. The catalog is open by design and the inventory is published. No API key and no agent
registration are required. Agents call the MCP endpoint directly over HTTPS; `Authorization`
headers are ignored.

OAuth discovery metadata (`/.well-known/oauth-protected-resource`,
`/.well-known/oauth-authorization-server`, `/.well-known/jwks.json`) is published for
agent-readiness scanners. The `token_endpoint` (`/oauth2/token`) exists only to answer
discovery probes: POSTs return a typed `public_catalog` error and issue no credentials.
The server card (`/.well-known/mcp/server-card.json`) declares `authentication.required: false`
and points here via `authentication.documentation`. OAuth PRM/AS `resource_documentation` /
`service_documentation` also resolve to this file.

## CORS posture

Public discovery metadata (server card, api-catalog, OAuth PRM/AS, JWKS) returns
`Access-Control-Allow-Origin: *` because these are read-only catalogs meant for cross-origin
agent tools and automated scanners. No secrets are exposed.

`POST /mcp` deliberately omits CORS so a malicious web page cannot drive JSON-RPC calls
(including metered `score_cli` audits) against the visitor IP. MCP clients are server-side
agent runtimes, not browser tabs.

`POST /oauth2/token` also omits CORS for the same browser-isolation reason; discovery
metadata already documents the public-catalog posture.

## Credential use

No credentials are issued or required. Agents call the MCP endpoint directly over HTTPS.

## Rate limits

Reads are gated at 60 requests per 60 seconds per IP. The cost-bearing live-scoring tool
(`score_cli`) is metered separately at 5 fresh audits per 60 minutes per IP. Both are keyed on
the client IP; there is no per-agent identity.

## Contact

mailto:97-boss-beetle@icloud.com
