# Auth.md

Teas.co.uk public agent registration and access notes.

## Step 1 — Discover

Fetch https://teas.co.uk/.well-known/oauth-protected-resource, then fetch https://teas.co.uk/.well-known/oauth-authorization-server and read the `agent_auth` block.

## Public read-only registration

Public read-only agent surfaces do not require OAuth or API keys.

- Ask API: https://teas.co.uk/wp-json/teas/v1/ask/
- Product Truth API: https://teas.co.uk/wp-json/teas/v1/product-truth/
- Compiled agent index: https://teas.co.uk/teas-agent-index.json
- Machine feedback: https://teas.co.uk/wp-json/teas/v1/machine-feedback
- OAuth protected resource metadata: https://teas.co.uk/.well-known/oauth-protected-resource
- OAuth authorization server metadata: https://teas.co.uk/.well-known/oauth-authorization-server
- Under the Hood trust verification: https://teas.co.uk/under-the-hood/

## Human purchase confirmation

Checkout, carts, accounts, addresses, payments and order actions require explicit human purchase intent and are not public autonomous agent resources.

## Events and revocation

There are no public read-only agent credentials to revoke. Private user-bound credentials are outside this public staging surface.

Customer, order, address, payment, admin and private analytics surfaces are not public agent resources. Checkout requires explicit human purchase intent.