# auth.md, Charlie Obaugh Auto Group

## Summary

This host is a **hybrid agent surface**. **All READ access is open**: any agent may read every
data endpoint and call every read tool anonymously over HTTPS, with no credential. The single
**WRITE** tool, `submit_lead`, is protected by a **real OAuth 2.0 authorization server** using
the **client_credentials** grant. Machine clients (a dealer CRM) present a bearer token with the
`lead:write` scope to submit a lead; everything else needs nothing.

## Agent audience

The intended audience is autonomous AI agents and assistants (Claude, ChatGPT, Cursor,
Claude Code, and other MCP clients) that read this dealer's inventory, offers, specials, and
vehicle data, run the conversational buy / trade / finance retailing flow, and (for provisioned
machine clients) submit qualified leads back to the dealer.

## OAuth metadata (real)

- **Protected Resource Metadata (RFC 9728):** `https://ai.charlieobaugh.com/.well-known/oauth-protected-resource`
- **Authorization Server Metadata (RFC 8414):** `https://ai.charlieobaugh.com/.well-known/oauth-authorization-server`
- **Issuer:** `https://ai.charlieobaugh.com`
- **Token endpoint:** `https://ai.charlieobaugh.com/oauth/token` (grant `client_credentials`)
- **JWKS:** `https://ai.charlieobaugh.com/oauth/jwks` (ES256, published `kid`)
- **Protected resource:** `https://ai.charlieobaugh.com/api/ucp/partner` — scope `lead:write`, bearer in the `Authorization: header`.

A `submit_lead` call with no/invalid token returns **HTTP 401** with
`WWW-Authenticate: Bearer resource_metadata="https://ai.charlieobaugh.com/.well-known/oauth-protected-resource"`.

## Registration and provisioning

- **Reads: anonymous (none).** No sign-up, no provisioning, no credential. Connect directly.
- **Writes: client_credentials.** Client credentials (`client_id` + `client_secret`) are issued
  **out-of-band** to approved dealer/CRM integrators (no public self-service registration or DCR).
  Once provisioned, obtain a token, then send it as a bearer on `submit_lead`.

```json
{
  "agent_auth": {
    "skill": "https://ai.charlieobaugh.com/auth.md",
    "register_uri": "https://ai.charlieobaugh.com/auth.md",
    "identity_types_supported": [
      "anonymous"
    ],
    "anonymous": {
      "credential_types_supported": [
        "none"
      ]
    },
    "claim_uri": "https://ai.charlieobaugh.com/.well-known/oauth-protected-resource",
    "registration_methods": [
      {
        "identity_types_supported": [
          "anonymous"
        ],
        "anonymous": {
          "credential_types_supported": [
            "none"
          ]
        },
        "claim_uri": "https://ai.charlieobaugh.com/.well-known/oauth-protected-resource",
        "description": "READ tools and data endpoints require no credential; connect anonymously over HTTPS. The WRITE tool submit_lead uses the client_credentials grant below (client provisioned out-of-band).",
        "grant_types": [
          "client_credentials"
        ],
        "token_endpoint": "https://ai.charlieobaugh.com/oauth/token",
        "token_endpoint_auth_methods_supported": [
          "client_secret_basic",
          "client_secret_post"
        ],
        "scopes_supported": [
          "lead:write"
        ]
      }
    ]
  }
}
```

## How to connect (MCP)

- **Endpoint:** `https://ai.charlieobaugh.com/api/ucp/mcp` (JSON-RPC 2.0, streamable HTTP)
- **Server card:** `https://ai.charlieobaugh.com/.well-known/mcp/server-card.json`
- **Connect page (one-click for Claude, ChatGPT, Cursor, Claude Code):** `https://ai.charlieobaugh.com/mcp`
- **Reads:** send `content-type: application/json` and POST a standard `tools/call`. No
  `Authorization` header is expected or checked for reads.

Read example (no auth):

    curl -s -X POST https://ai.charlieobaugh.com/api/ucp/mcp \
      -H 'content-type: application/json' \
      -d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
           "params":{"name":"get_dealer_info","arguments":{}}}'

Token exchange (provisioned machine clients only):

    curl -s -X POST https://ai.charlieobaugh.com/oauth/token \
      -u "$CLIENT_ID:$CLIENT_SECRET" \
      -d 'grant_type=client_credentials&scope=lead:write'

Then call `submit_lead` with `-H "Authorization: Bearer <access_token>"`.

## Credential use

- **Reads:** no credential of any kind.
- **Writes:** a short-lived (1 hour) ES256-signed JWT bearer token, scoped `lead:write`, audience
  `https://ai.charlieobaugh.com/api/ucp/partner`. Tokens are never stored client-side beyond their lifetime; send only over HTTPS in the
  `Authorization` header.

## Discovery

- **OAuth AS metadata:** `https://ai.charlieobaugh.com/.well-known/oauth-authorization-server`
- **OAuth PRM:** `https://ai.charlieobaugh.com/.well-known/oauth-protected-resource`
- **UCP manifest:** `https://ai.charlieobaugh.com/.well-known/ucp`
- **ACP (Agentic Commerce Protocol):** `https://ai.charlieobaugh.com/.well-known/acp.json`
- **A2A agent card:** `https://ai.charlieobaugh.com/.well-known/agent-card.json`
- **API catalog:** `https://ai.charlieobaugh.com/.well-known/api-catalog`
- **Agent instructions:** `https://ai.charlieobaugh.com/agents.md`
- **Agent skills index:** `https://ai.charlieobaugh.com/.well-known/agent-skills/index.json`

## Writes and transactions

There is no automated checkout. `submit_lead` hands a qualified lead (name, email, explicit
consent) to the dealer's CRM for a human to action; it is the only gated tool. No card, payment,
or signature is ever requested from an agent.
