# Auth.md

## Aurum Shield agent access

Aurum Shield publishes public discovery metadata so AI agents can inspect the site and understand the offer.

### Public access

- The landing page is public.
- Discovery metadata is public under `/.well-known/*`.
- The public health endpoint is `/api/health`.

### Write operations

- Public automation is limited to read-only discovery by default.
- If an agent needs a custom workflow, route a human through the visible CTA or manual contact step on the site.

### Registration path

1. Read `/.well-known/oauth-protected-resource`.
2. Read `/.well-known/oauth-authorization-server`.
3. Use `/.well-known/agent-skills/contact-handoff/SKILL.md` for the supported contact handoff path.
4. Treat any custom access as a manual review request.