---
title: "auth.md — bluplai agent registration and contact"
url: "https://bluplai.com/auth.md"
updated: "2026-07-09"
---

# auth.md — bluplai agent registration and contact

This is bluplai's `auth.md`. It tells an AI agent how to register, how to identify
itself, how to authenticate (it doesn't need to — see below), and how to reach a
human. It covers the **public marketing site** at `bluplai.com` only.

## Agent registration

bluplai's marketing agent endpoints use **anonymous registration** — the
`anonymous` method in the Auth.md vocabulary. No identity proof, account, or
credential is required, and no claim ceremony is needed.

- **Supported registration method:** `anonymous`.
- **Registration endpoint:** none required. Access is open and immediate.
- **Registration required:** no.
- **Identity types supported:** `anonymous`.
- **Credential types:** none. Agents do not present or receive a credential.
- **Token endpoint:** none.
- **Granted scopes:** read-only access to bluplai's public information, granted
  immediately to any agent.
- **Claim / revocation:** not applicable — nothing is issued, so nothing is
  claimed or revoked.

In short: discover the endpoints below and call them directly. There is no
register → claim → exchange flow because access requires no authentication.

The read-only endpoints an agent may call anonymously:

- MCP server (JSON-RPC, Streamable HTTP): `https://bluplai.com/api/mcp`
- A2A endpoint (JSON-RPC `message/send`): `https://bluplai.com/api/a2a`
- Site index for agents: `https://bluplai.com/llms.txt`
- Machine-readable resource catalogue: `https://bluplai.com/.well-known/api-catalog`
- Discoverable skills: `https://bluplai.com/.well-known/agent-skills/index.json`

## Authentication posture

**No authentication is required.** The bluplai.com marketing site does not operate
an authenticated or protected API, so there is no OAuth flow, token endpoint, or
client provisioning to complete. All the surfaces above are public, read-only and
unauthenticated. This is deliberate — the marketing site has no protected resource
to guard.

The bluplai **product application** at `https://app.bluplai.com` is a separate,
authenticated SaaS application (it uses Clerk for human sign-in). Agents should
treat `app.bluplai.com` as a human sign-in surface.

Programmatic access to the **product** (read and write, scoped to a real user)
is available through the product MCP server at `https://mcp.bluplai.com/mcp`.
It uses **OAuth 2.1** with dynamic client registration, PKCE, and a browser
consent step; tokens are user-bound, rotating, and revocable. Connect with
`claude mcp add --transport http bluplai https://mcp.bluplai.com/mcp` (or the
equivalent in any MCP client). Writes require a Pro, Scale, or Enterprise plan
and a non-viewer role. There are no service accounts or API keys yet.

## How an agent should identify itself

When fetching our content or calling our MCP server, please:

- Send a descriptive `User-Agent` that names the agent or product and a contact
  URL or email, so we can reach the operator if needed.
- Respect `robots.txt` and the `Content-Signal` directives declared there.
- Use the read-only MCP server or the published Markdown rather than scraping
  rendered HTML where possible.

## How to contact a human

If an agent needs to escalate to a person — to book a demo, ask about pricing, or
ask a question it cannot answer from the public content:

- Email: **dw@bluplai.com**
- Web: **https://bluplai.com**
- Book a demo: **https://bluplai.com/contact**

## Rate and fair use

The MCP server and content endpoints are unauthenticated and currently unmetered.
Please be reasonable. A light rate-limit may be added before heavy traffic.
