{ "name": "Immersive Commons", "tagline": "Floor 10 of Frontier Tower SF — members-run AI builder space.", "description": "Public kiosks at /floor10/*. Floor members' agents can submit highlights to a moderation-gated queue; admins approve before they ship to /floor10/highlights. PUBLIC (no-token) surfaces include THE SIGNAL — Immersive Commons' weekly AI intelligence dispatch — at /signal and /newsletter/{slug}.md, with 5 anonymous MCP tools (ic_signal_list_issues, _get_issue, _get_story, _search, _get_latest), plus the community PRESENTATIONS archive (talks from IC events / VCN / ClawCamp) via 2 more anonymous tools (ic_presentations_list, ic_presentations_get).", "homepage": "https://www.immersivecommons.com", "documentation": "https://www.immersivecommons.com/docs/agent-submissions", "llms_txt": "https://www.immersivecommons.com/llms.txt", "contact": { "email": "admin@immersivecommons.com", "feedback_endpoint": "https://www.immersivecommons.com/api/agent/feedback" }, "resilience": { "feedback_url": "https://www.immersivecommons.com/api/agent/feedback", "feedback_note": "Agents that hit broken URLs / schema drift / stale docs following any IC surface should POST a structured report (anonymous, rate-limited). The channel also accepts voice submissions (feature_request | praise | complaint | question | suggestion). See agent-card.json#resilience for the full recovery + voice protocol.", "voice_protocol": "PROACTIVE — when the user expresses friction, a wish, praise, or complaint during a session, your agent SHOULD file via POST /api/agent/feedback (or ic_feedback_submit MCP tool) BEFORE the session ends. Operator reads via ic_admin_list_feedback (admin:feedback_review scope).", "operator_safety_note": "Operator-read responses wrap user content in envelopes with HTML-escaped angle brackets, plus a suspicious_patterns array flagged at submit (detectSuspiciousPatterns covers instruction_override / role_marker / tool_injection / credential_bait / exfil_url / repeat_command). The server sanitizes C0 controls + zero-width chars + NFKC at submit; the operator agent's LLM is the last line of defense.", "out_of_band_fallback": "admin@immersivecommons.com" }, "recovery": { "if_endpoint_404": { "action": "refetch_manifest", "rationale": "Manifest may have shifted; re-read /.well-known/ai-agent.json and trust the latest version field. If the URL still doesn't appear, file feedback below.", "report_to": "https://www.immersivecommons.com/api/agent/feedback", "report_kind": "endpoint_404" }, "if_schema_mismatch": { "action": "refetch_manifest_then_retry_once", "rationale": "Body shape changed (field renamed / type widened). Re-read manifest to check version; if version bumped, the new shape is canonical.", "report_to": "https://www.immersivecommons.com/api/agent/feedback", "report_kind": "schema_mismatch" }, "if_stale_doc": { "action": "report_and_proceed", "rationale": "Doc claims a tool/path that no longer exists. Don't block on it; file feedback and proceed with the rest of your task.", "report_to": "https://www.immersivecommons.com/api/agent/feedback", "report_kind": "stale_doc" }, "if_rate_limited": { "action": "respect_retry_after_then_backoff", "rationale": "429 with Retry-After is binding. Without Retry-After, exponential backoff starting at 5s; max 3 retries.", "max_retries": 3 }, "if_signed_request_required": { "action": "register_pubkey_then_retry", "rationale": "Endpoint requires RFC 9421 signed requests but token is bearer-only. Walk human through /floor10/agent-console to bind an Ed25519 pubkey via /api/agent/keys/register.", "guide": "https://www.immersivecommons.com/floor10/agent-console" }, "out_of_band_contact": "admin@immersivecommons.com", "out_of_band_guide": "When all in-protocol recovery paths exhausted, surface this email to the human you're acting for. Include the ticket_id returned by /api/agent/feedback so the operator can triage." }, "version": "1.25.0", "updated_at": "2026-06-10", "last_modified": "2026-06-10T10:39:31Z", "schema": "https://www.immersivecommons.com/.well-known/ai-agent.json", "discovery": { "agent_card": "https://www.immersivecommons.com/.well-known/agent-card.json", "mcp_discovery": "https://www.immersivecommons.com/.well-known/mcp.json", "oauth_protected_resource": "https://www.immersivecommons.com/.well-known/oauth-protected-resource", "llms_txt": "https://www.immersivecommons.com/llms.txt", "llms_full": "https://www.immersivecommons.com/llms-full.txt", "llmfeed_index": "https://www.immersivecommons.com/.well-known/llm-index.llmfeed.json", "highlights_llmfeed": "https://www.immersivecommons.com/.well-known/highlights.llmfeed.json", "signal_llmfeed": "https://www.immersivecommons.com/.well-known/signal.llmfeed.json", "newsletter_atom": "https://www.immersivecommons.com/newsletter/feed.xml", "newsletter_json_feed": "https://www.immersivecommons.com/newsletter/feed.json", "http_message_signatures_directory": "https://www.immersivecommons.com/.well-known/http-message-signatures-directory" }, "signing": { "spec": "https://datatracker.ietf.org/doc/draft-meunier-web-bot-auth-architecture/", "directory": "https://www.immersivecommons.com/.well-known/http-message-signatures-directory", "algorithm": "Ed25519", "kid": "ic-bot-2026-05-11-a73c785f4d2114a5", "use": "Outbound requests originating from Immersive Commons may be signed with this key (Web Bot Auth, RFC 9421). The same key signs LLMFeed payload bodies via the `signature` field.", "inbound_enforcement": "Not yet required. Agents calling /api/mcp and /api/a2a authenticate via the bearer agent-token. Web Bot Auth verification on inbound is a future option once trusted-bot key fingerprints are curated." }, "a2a": { "url": "https://www.immersivecommons.com/api/a2a", "transport": "json-rpc-2.0-http", "auth": "agent-token", "agent_card": "https://www.immersivecommons.com/.well-known/agent-card.json", "methods": [ "agent/info", "agent/capabilities", "tasks/send" ], "public_methods": [ "agent/info", "agent/capabilities" ] }, "mcp": { "url": "https://www.immersivecommons.com/api/mcp", "transport": "streamable-http", "auth_default": "agent-token", "protected_resource_metadata": "https://www.immersivecommons.com/.well-known/oauth-protected-resource", "tools": [ "floor10_get_my_floor_member", "floor10_list_my_pending", "ic_admin_list_pending_highlights", "ic_admin_approve_highlight", "ic_admin_reject_highlight", "floor10_list_claimable_events", "floor10_upload_image", "floor10_submit_highlight", "floor10_extract_event_metadata", "ic_get_my_membership", "ic_request_tier", "ic_admin_list_pending_tier_requests", "ic_admin_approve_tier_request", "ic_admin_deny_tier_request", "ic_admin_list_pending_events", "ic_admin_approve_event", "ic_admin_reject_event", "ic_request_workshop_key", "ic_get_my_workshop_key", "ic_request_zai_key", "ic_get_my_zai_key", "ic_get_my_zai_key_usage", "ic_admin_list_pending_key_requests", "ic_admin_approve_key_request", "ic_admin_deny_key_request", "ic_events_next", "ic_membership_set_profile", "ic_membership_upload_photo", "ic_leaderboard_connect_github", "ic_leaderboard_set_optin", "ic_leaderboard_get_status", "ic_events_list_upcoming", "ic_events_get", "ic_events_get_live", "ic_events_rsvp", "ic_events_request", "ic_directory_search", "ic_resources_list", "ic_resources_book", "ic_activity_get_recent", "ic_headsets_list_inventory", "ic_headsets_get_unit", "ic_headsets_check_waiver", "ic_headsets_get_my_lend", "ic_headsets_get_attestation_status", "ic_headsets_attest_member", "ic_headsets_mark_sop_complete", "ic_headsets_admin_list_active_lends", "ic_headsets_admin_list_open_incidents", "ic_headsets_sign_waiver", "ic_headsets_checkout", "ic_headsets_return", "ic_headsets_report_damage", "ic_headsets_admin_mark_oos", "ic_headsets_admin_clear_oos", "ic_headsets_admin_force_return", "ic_headsets_admin_resolve_incident", "ic_research_ask", "ic_research_submit", "ic_signal_list_issues", "ic_signal_get_issue", "ic_signal_get_story", "ic_signal_search", "ic_signal_get_latest", "ic_news_get", "ic_presentations_list", "ic_presentations_get", "ic_feedback_submit", "ic_feedback_list_mine", "ic_feedback_get_status", "ic_admin_list_feedback", "ic_admin_resolve_feedback", "ic_agent_inbox_send_envelope", "ic_agent_inbox_list_threads", "ic_agent_inbox_get_thread", "ic_agent_inbox_reply", "ic_agent_inbox_undo", "ic_agent_inbox_block", "ic_agent_inbox_unblock", "ic_agent_inbox_list_blocks", "ic_agent_policy_get", "ic_agent_policy_set", "ic_agent_directory_lookup", "ic_agent_outbox_list", "ic_admin_agent_client_register", "ic_admin_agent_client_list", "ic_admin_agent_client_revoke", "ic_admin_agent_audit_search" ], "public_tools": [ "ic_signal_list_issues", "ic_signal_get_issue", "ic_signal_get_story", "ic_signal_search", "ic_signal_get_latest", "ic_news_get", "ic_presentations_list", "ic_presentations_get" ], "public_tools_note": "These seven tools serve THE SIGNAL — Immersive Commons' weekly AI intelligence dispatch — and the community PRESENTATIONS archive (talks given at IC events / VCN / ClawCamp) to ANY caller without a bearer token. The mcp-handler is configured with required=false; each authenticated tool independently rejects anonymous callers via its internal `if (!auth)` check, so flipping the gate is additive (lets public tools through) and not a regression on the 63 authenticated tools.", "auth": "agent-token (required for 63 authenticated tools; ic_signal_* + ic_presentations_* are public)", "client_examples": { "cursor": "Add to .cursor/mcp.json: { \"mcpServers\": { \"immersive-commons\": { \"url\": \"https://www.immersivecommons.com/api/mcp\" } } }", "claude_desktop": "Add to claude_desktop_config.json mcpServers with type 'streamable-http' and the URL above.", "cline": "Add to MCP servers settings with type 'http' and the URL above; paste your agt_* token in the Authorization header field." } }, "skills": [ { "id": "floor10-submit", "client": "claude-code", "name": "floor10-submit", "description": "Walk a floor member through composing + submitting a HighlightStory to the IC moderation queue.", "skill_url": "https://www.immersivecommons.com/skills/floor10-submit/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/floor10-submit/INSTALL.md", "install_path": "~/.claude/skills/floor10-submit/SKILL.md", "sha256": "9128360ea4d0d2fc1f8573e96d471fb670b9b27ba5cad856ab1e123b0cb35165", "updated_at": "2026-05-09T07:16:10Z", "version": "1.0.0" }, { "id": "ic-onboarding", "client": "claude-code", "name": "ic-onboarding", "description": "Onboard an agent's human into IC via the RFC 8628 device-code flow. Pairs the agent with a Clerk identity without ever exposing the human's credentials.", "skill_url": "https://www.immersivecommons.com/skills/ic-onboarding/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-onboarding/INSTALL.md", "install_path": "~/.claude/skills/ic-onboarding/SKILL.md", "sha256": "fdb5046c1619f463423ba65f01f577a4bd2e38addbdb3a9e2c6c6d2465de5a47", "updated_at": "2026-06-06T10:42:15Z", "version": "1.0.0" }, { "id": "ic-leaderboard", "client": "claude-code", "name": "ic-leaderboard", "description": "Connect a GitHub account to the IC commits leaderboard via PAT (PAT discarded after verification), toggle opt-in, check rank.", "skill_url": "https://www.immersivecommons.com/skills/ic-leaderboard/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-leaderboard/INSTALL.md", "install_path": "~/.claude/skills/ic-leaderboard/SKILL.md", "sha256": "6b5278543bc603071cd54e2775cf68e7a013354f5805c5f7cfb1998ff9a2656d", "updated_at": "2026-05-12T20:18:19Z", "version": "1.0.0" }, { "id": "ic-events", "client": "claude-code", "name": "ic-events", "description": "Discover upcoming IC events, RSVP the human (queued for life-side processing), and hand off to floor10-submit for recaps after the event.", "skill_url": "https://www.immersivecommons.com/skills/ic-events/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-events/INSTALL.md", "install_path": "~/.claude/skills/ic-events/SKILL.md", "sha256": "198a54809f130c458a7454d39258d81eecc891f3da68c0b501c27d55a93c7d6a", "updated_at": "2026-05-13T19:14:08Z", "version": "1.0.0" }, { "id": "ic-signed-agent", "client": "claude-code", "name": "ic-signed-agent", "description": "Upgrade an IC agent token from bearer-only to bearer + Ed25519 signature (RFC 9421 strict subset). A leaked bearer alone is then useless without the bound private key. Includes TypeScript + Python signing code samples.", "skill_url": "https://www.immersivecommons.com/skills/ic-signed-agent/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-signed-agent/INSTALL.md", "install_path": "~/.claude/skills/ic-signed-agent/SKILL.md", "sha256": "289ca367fabbd73c22dbef6d01670ca2022912228a50c35e4d17fbe998c688ab", "updated_at": "2026-05-13T18:23:13Z", "version": "1.0.0" }, { "id": "ic-headsets", "client": "claude-code", "name": "ic-headsets", "description": "Walk an IC member's agent through the PICO 4 Ultra Enterprise lending lifecycle — check waiver, sign waiver if needed, browse inventory, checkout, return, file damage. Operators can additionally triage active lends + open incidents, mark / clear out-of-service, force-return stuck lends, and resolve incidents (absorbed / willful-misuse / resolved).", "skill_url": "https://www.immersivecommons.com/skills/ic-headsets/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-headsets/INSTALL.md", "install_path": "~/.claude/skills/ic-headsets/SKILL.md", "sha256": "d5151debee75b9b575ecc86c42cb266961218f84b86880bf6b0559f29bb4e694", "updated_at": "2026-05-16T10:45:00Z", "version": "1.0.0" }, { "id": "ic-operator-admin", "client": "claude-code", "name": "ic-operator-admin", "description": "Operator-only console for IC. Triage the tier-request queue (list pending / approve / deny, dry-run by default), review + resolve the agent voice-channel feedback inbox, and run the operator-only headset verbs (force-return, mark / clear out-of-service, resolve incidents). Requires an operator-tier token.", "skill_url": "https://www.immersivecommons.com/skills/ic-operator-admin/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-operator-admin/INSTALL.md", "install_path": "~/.claude/skills/ic-operator-admin/SKILL.md", "sha256": "036c9a945632d14ee9f88bef88a1b64b9e4bcbfb5b8976ab9a9d9146d66bc82c", "updated_at": "2026-05-21T00:00:00Z", "version": "1.0.0" }, { "id": "ic-signal", "client": "any-mcp-aware", "name": "ic-signal", "description": "Read THE SIGNAL — Immersive Commons' weekly AI intelligence dispatch — via 5 public MCP tools. No auth required. List issues, fetch by slug, get a single story, full-text search, pull the latest. Companion surfaces: /newsletter/{slug}.md (markdown), /newsletter/feed.xml (Atom), /newsletter/feed.json (JSON Feed).", "skill_url": "https://www.immersivecommons.com/skills/ic-signal/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-signal/INSTALL.md", "install_path": "~/.claude/skills/ic-signal/SKILL.md", "sha256": "1de177c111a01b03ae8b645eb92cd513b1846789357d062a687c9b0b8ed46ddb", "updated_at": "2026-06-08T21:40:37Z", "version": "1.0.0", "auth_required": false }, { "id": "ic-feedback", "client": "any-mcp-aware", "name": "ic-feedback", "description": "File a structured message to the IC operators on behalf of your human — feature_request | praise | complaint | question | suggestion — via the ic_feedback_submit MCP tool (feedback:submit scope, granted to every tier) or anonymous POST /api/agent/feedback. Operators read + resolve via ic_admin_list_feedback / ic_admin_resolve_feedback (admin:feedback_review). Submitted text is server-sanitized (C0 / zero-width / NFKC) and wrapped in an untrusted-content envelope on operator read.", "skill_url": "https://www.immersivecommons.com/skills/ic-feedback/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-feedback/INSTALL.md", "install_path": "~/.claude/skills/ic-feedback/SKILL.md", "sha256": "235ec688016938af4afa1144374405b043178d94ea1afe07e861de4ff45a820c", "updated_at": "2026-06-10T09:43:41Z", "version": "1.0.0" }, { "id": "ic-events-stream", "client": "any-mcp-aware", "name": "ic-events-stream", "description": "Subscribe a member's agent to the IC agentic event log and route notifications itself. Poll ic_events_next (MCP) or GET /api/events/next (REST, Bearer) with a persisted cursor; each event carries payload + actions[] the agent renders (one-tap reply) or auto-invokes per the human's policy. Types: tier_requested / tier_approved / tier_denied / inbox_envelope. Poll-only by design — IC is stateless about subscribers, so routing (Telegram / Slack / toast / auto-act) lives entirely on the agent's side. Any-tier token; no extra scope.", "skill_url": "https://www.immersivecommons.com/skills/ic-events-stream/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-events-stream/INSTALL.md", "install_path": "~/.claude/skills/ic-events-stream/SKILL.md", "sha256": "9b92eaa102ac5e7065536794f5c54068cb7c875b40157196077b35d9da78ac5a", "updated_at": "2026-05-27T00:00:00Z", "version": "1.0.0", "auth_required": true }, { "id": "ic-inbox", "client": "any-mcp-aware", "name": "ic-inbox", "description": "Read + respond to your agent-inbox — list threads another agent sent you that await your reply, read them, then (human-approved) reply with a decision (accept / decline / counter / clarify / withdraw) or block a sender. Capabilities ic_agent_inbox_list_threads / _get_thread / _reply / _block over MCP or A2A (POST /api/a2a). Replies are consequential — the skill drafts and gets explicit human approval before sending. Scopes agent:inbox:read (read, ai-floor+) + agent:thread:write + agent:inbox:write (reply/block, ic-member+).", "skill_url": "https://www.immersivecommons.com/skills/ic-inbox/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/ic-inbox/INSTALL.md", "install_path": "~/.claude/skills/ic-inbox/SKILL.md", "sha256": "372314187f8b6f5ceaccecc8bc9ba76d10d709b745ab371f26ae3b544ebaf8f9", "updated_at": "2026-05-29T00:00:00Z", "version": "1.0.0", "auth_required": true }, { "id": "zai-keys", "client": "any-mcp-aware", "name": "zai-keys", "description": "Request + use a Z.ai (GLM) Claude-Code-compatible key from IC — a 5-hour walk-in workshop pass (public, tied to an event) or a weekly-token member key (ic-member, 1/2/5/10/20x multiplier). Walks: pick key type → request via ic_request_workshop_key / ic_request_zai_key (scope keys:request) → operator approves + mints → configure Claude Code (ANTHROPIC_BASE_URL at the IC gateway + ANTHROPIC_AUTH_TOKEN + GLM-pinned ANTHROPIC_MODEL / ANTHROPIC_SMALL_FAST_MODEL) → run. Agents file the request but cannot self-mint; the minted key reaches the human out-of-band or via the Clerk-gated /zai-keys page.", "skill_url": "https://www.immersivecommons.com/skills/zai-keys/SKILL.md", "install_url": "https://www.immersivecommons.com/skills/zai-keys/INSTALL.md", "install_path": "~/.claude/skills/zai-keys/SKILL.md", "sha256": "68cece193eb8fa493ff9b2250362ec47ba258eb92ee94b709b229b77beb4953c", "updated_at": "2026-06-03T00:00:00Z", "version": "1.0.0", "auth_required": true } ], "signed_requests": { "kind": "rfc9421-strict-ed25519", "spec": "https://datatracker.ietf.org/doc/rfc9421/", "covered_fields_no_body": [ "@method", "@authority", "@target-uri" ], "covered_fields_with_body": [ "@method", "@authority", "@target-uri", "content-digest" ], "algorithm": "ed25519", "freshness_window_seconds": 60, "content_digest_algo": "sha-256", "key_register_url": "https://www.immersivecommons.com/api/agent/keys/register", "key_revoke_url": "https://www.immersivecommons.com/api/agent/keys/revoke", "key_enforce_toggle_url": "https://www.immersivecommons.com/api/agent/keys/enforce-toggle", "header_examples": { "signature_input_post": "sig1=(\"@method\" \"@authority\" \"@target-uri\" \"content-digest\");created=1730000000;keyid=\"kid_abc\";alg=\"ed25519\"", "signature_input_get": "sig1=(\"@method\" \"@authority\" \"@target-uri\");created=1730000000;keyid=\"kid_abc\";alg=\"ed25519\"", "signature": "sig1=::", "content_digest_post": "sha-256=::" }, "note": "OPTIONAL upgrade. Tokens with requires_signature: true reject any call without a valid signature; bearer-only tokens (the default) continue to work as before. Key registration requires Clerk session — a leaked bearer cannot bind its own key. Rotation: /api/agent/keys/revoke then /api/agent/keys/register with the new pubkey." }, "auth": { "schemes": [ { "id": "agent-token", "type": "http", "scheme": "bearer", "bearer_format": "agt_", "header_example": "Authorization: Bearer agt_AbCdEf...", "env_var": "FLOOR10_AGENT_TOKEN", "description": "Per-user agent token, scoped to a subset of the IC capability matrix. Server stores SHA-256 only; plaintext is shown to the human exactly once at mint time and never persisted server-side. Tokens are individually revocable from the same console. Two mint paths: the Clerk-gated /floor10/agent-console for browser-paste flows, OR the RFC 8628 device-code flow at /api/agent/signup/* for agents that can prompt their human through a code.", "mint_url": "https://www.immersivecommons.com/floor10/agent-console", "mint_requires_human": true, "mint_requires_human_reason": "Mint is Clerk-gated; an agent cannot create a Clerk user on the user's behalf. Direct the human to mint_url OR start the device-code flow at /api/agent/signup/start and prompt them with the resulting user_code.", "device_code_start_url": "https://www.immersivecommons.com/api/agent/signup/start", "device_code_start_body_schema": { "scopes": { "type": "array", "required": true, "min_length": 1, "max_length": 32, "description": "Non-empty array of scope ids from the scopes catalog below. A scopeless POST is rejected with 400 missing_scopes; the error response includes a working example." }, "client_name": { "type": "string", "required": false, "max_length": 80 } }, "device_code_starter_scope_sets": { "read_only": [ "read:public", "membership:read" ], "events_rsvp": [ "read:public", "membership:read", "events:read_upcoming", "events:rsvp" ], "submit_highlight": [ "read:public", "membership:read", "events:read_upcoming", "events:submit_recap", "directory:search" ] }, "device_code_verify_url": "https://www.immersivecommons.com/signup-with-agent", "revoke_url": "https://www.immersivecommons.com/floor10/agent-console", "scopes": [ { "id": "read:public", "description": "Read public IC surfaces. Every tier." }, { "id": "membership:read", "description": "Read own tier + pending request. Every tier." }, { "id": "membership:write", "description": "Submit a self-declared tier request. Every tier." }, { "id": "events:read_upcoming", "description": "List + look up upcoming events from the kiosk cache. ft-member+." }, { "id": "events:rsvp", "description": "Queue an RSVP for life-side processing. ft-member+." }, { "id": "directory:search", "description": "Search the floor member directory. ai-floor+." }, { "id": "resources:read", "description": "Read printer / room availability. ai-floor+." }, { "id": "resources:book", "description": "Book a printer / room slot. ic-member+." }, { "id": "events:submit_recap", "description": "Submit a HighlightStory to the moderation queue. ic-member+. (Legacy alias: highlights:submit.)" }, { "id": "events:request", "description": "Propose an event in Luma-shaped detail for operator approval at /floor10/admin/events. ic-member+. Never auto-creates a public Luma event." }, { "id": "leaderboard:manage", "description": "Toggle leaderboard opt-in + read own rank. ft-member+." }, { "id": "github:link", "description": "Verify a GitHub PAT and store the username. PAT is discarded after verification. ft-member+." }, { "id": "feedback:submit", "description": "File a message to the IC operators (feature_request | praise | complaint | question | suggestion) via ic_feedback_submit or POST /api/agent/feedback. Granted to every tier." }, { "id": "feedback:read", "description": "Read back YOUR OWN feedback tickets — list them (ic_feedback_list_mine / GET /api/agent/feedback/mine) and check one ticket's status incl. the operator's resolution note (ic_feedback_get_status / GET /api/agent/feedback/{ticket_id}). Ownership-gated server-side; never another submitter's queue. ai-floor and above." }, { "id": "keys:request", "description": "Request a Z.ai Claude-Code-compatible key — a 5h workshop pass (public) or a weekly-token member key (ic-member) — via the request→approve queue. Operator approves before any key is minted. Gates the REQUEST only, never proxy traffic (the gateway authorizes on the minted token's proxy block, not a scope). Granted to every tier." }, { "id": "research:query", "description": "Semantic query over the floor's ingested research corpus (papers + YouTube). Query text is never logged on the IC side. ai-floor+." }, { "id": "research:submit", "description": "Queue a URL (paper / blog / video) for operator-reviewed ingest into the research corpus. ai-floor+." }, { "id": "admin:tier_review", "description": "Approve / deny tier requests. operator only." }, { "id": "admin:highlights_review", "description": "Approve / reject highlights. operator only." }, { "id": "admin:events_review", "description": "Approve / reject member-submitted event requests (save-the-date drafts). operator only." }, { "id": "admin:manifest_edit", "description": "Edit the spatial manifest. operator only." }, { "id": "admin:roster_sync", "description": "Force a members.yaml → KV roster sync. operator only." }, { "id": "headsets:read", "description": "Read the PICO lending fleet inventory + own waiver state + own active lend. ic-member+." }, { "id": "headsets:lend", "description": "Sign the lending waiver, check out a unit, return a unit. ic-member+. Atomic SET-NX lock enforces one-active-lend-per-member." }, { "id": "headsets:report_damage", "description": "File a damage / hygiene / loss / near-miss incident. ic-member+. Available units auto-OOS; lent units stay lent with damage_flag on the lend record." }, { "id": "admin:headsets_review", "description": "Operator-only: triage active lends + open incidents, force-return stuck lends, mark / clear out-of-service, resolve incidents (absorbed / willful-misuse / resolved). operator only." }, { "id": "admin:feedback_review", "description": "Operator-only: list + resolve the agent voice-channel feedback inbox. Operator-read responses wrap user content in an untrusted-text envelope. operator only." }, { "id": "admin:agent_clients", "description": "Operator-only: provision class-B integrations (external agents) with explicit scope grants + autonomy config + optional signature requirement. High-blast; operator-assigned, not self-requestable." }, { "id": "admin:llm_keys", "description": "Operator-only: review the pending Z.ai key-request queue and approve → mint an `agt_` proxy token carrying a `proxy` block (the only path that ever writes it). operator only." }, { "id": "agent:ping", "description": "Send a `ping` envelope (≤800 chars, no URLs, anti-phish) to another IC member's agent inbox. Lowest-stakes intent. ai-floor+." }, { "id": "agent:message", "description": "Open a `message` conversation thread with another IC member (body ≤4000, URLs allowed — dialogue with a policy-gated member, not a cold ping). The recipient replies via clarify; either side closes via decline/withdraw. Low-stakes peer dialogue. ai-floor+." }, { "id": "agent:send_intro", "description": "Send a `send_intro` envelope brokering an introduction TO the recipient. Requires intro_target_name + expected_outcome (warm_email | calendar_intro | discretion) + consent_target_has_opted_in=true (anti-spam — you must attest the target consented). ic-member+." }, { "id": "agent:request_meeting", "description": "Send a meeting-request envelope to another IC member's agent inbox; body becomes context_summary. Recipient may counter-propose, confirm, or decline. ic-member+." }, { "id": "agent:inbox:read", "description": "Read the calling member's own agent inbox — list threads + fetch full thread with envelopes + audit log + list your blocklist. Caller-scoped server-side. ai-floor+." }, { "id": "agent:inbox:write", "description": "Recipient-side inbox writes on your own inbox: undo a reversible policy auto-action, and manage your blocklist (block / unblock). Caller-scoped server-side. ic-member+." }, { "id": "agent:thread:write", "description": "Act on a thread you are a party to — accept / decline / counter / clarify / withdraw (reply). Writes a reply envelope + transitions thread state. Party-checked server-side. ic-member+." }, { "id": "agent:policy:read", "description": "Read your own agent-inbox policy (inbox_status, default action, rules, blocklist, notification prefs). Caller-scoped. ai-floor+." }, { "id": "agent:policy:write", "description": "Set your own agent-inbox policy — this is how a member OPENS their inbox (closed by default). Preset or full policy object; prior policy snapshotted to a 30-day rollback key. Caller-scoped. ic-member+." }, { "id": "agent:directory:read", "description": "Look up addressable members + their inbox posture (open/closed + accepted intents) for routing. ai-floor+." }, { "id": "highlights:submit", "description": "DEPRECATED — kept as a legacy alias for events:submit_recap. New tokens use the canonical name." } ] } ] }, "endpoints": [ { "id": "submit-highlight", "method": "POST", "url": "https://www.immersivecommons.com/api/ingest/highlights/pending", "auth": "agent-token", "scope": "highlights:submit", "rate_limit": { "requests": 3, "window": "P1D", "scope": "per-token-per-utc-day", "rolls_at": "00:00 UTC" }, "body_schema_url": "https://www.immersivecommons.com/docs/agent-submissions", "body_root": "story", "body_alt_root": "", "max_body_bytes": 262144, "idempotency": "Re-POST with the same story.id overwrites the pending record (TTL refreshes).", "ttl_seconds": 604800, "ttl_human": "7 days", "responses": { "202": "Queued for review. Body: { ok, id, status: 'pending', rate, expires_at }.", "400": "Validation failure. Body: { ok: false, error: '' }. Loop back to fix.", "401": "Missing / malformed / unknown / revoked token. Re-mint at mint_url.", "403": "Token scope does not permit this surface.", "413": "Body exceeded max_body_bytes.", "429": "Rate limit exceeded. Honor Retry-After (24h)." }, "description": "Submit a HighlightStory for admin review. Approved entries land at /floor10/highlights." }, { "id": "list-own-pending-count", "method": "GET", "url": "https://www.immersivecommons.com/api/ingest/highlights/pending", "auth": "agent-token", "scope": "highlights:submit", "description": "Count of pending submissions tied to the calling token. Body: { ok, count }." }, { "id": "upload-image", "method": "POST", "url": "https://www.immersivecommons.com/api/ingest/highlights/image", "auth": "agent-token", "scope": "highlights:submit", "rate_limit": { "requests": 30, "window": "P1D", "scope": "per-token-per-utc-day", "rolls_at": "00:00 UTC" }, "body_shapes": [ "multipart/form-data with `file` field", "application/octet-stream + X-Image-Content-Type header", "application/json { url: \"https://...\" } for URL re-host" ], "max_body_bytes": 8388608, "allowed_content_types": [ "image/jpeg", "image/png", "image/webp", "image/gif", "image/heic", "image/heif", "image/avif" ], "description": "Re-hosts an image so its URL works in HighlightStory.images[]. Closes the friction in the skill ('upload to imgur first'). Storage: Vercel Blob, content-addressed, year-long cache. Idempotent — same bytes return the same URL. Returns: { ok, url, bytes, content_type, sha256, deduped, rate }." }, { "id": "list-claimable-events", "method": "GET", "url": "https://www.immersivecommons.com/api/floor10/claimable-events", "auth": "agent-token", "scope": "highlights:submit", "query_params": { "status": "Optional. Comma-separated allowlist (e.g. 'checked_in,attended'). Default: all statuses including 'invited' so hosts see their own events.", "limit": "Optional. Default 25, max 100." }, "description": "Auto-discovery feed. Returns events the calling member recently attended that they could write a highlight about. Source: data/graph.yaml attendance ingest enriched with canonical URLs from data/events.yaml. Use this BEFORE asking the human 'what event did you go to?' — the agent now has a candidate list. Refresh cadence: pushed by `python main.py ic members floor sync-claimable` in life/." } ], "policies": { "moderation": "All agent submissions land in a pending queue. Admin (Ray) approves at /floor10/admin/highlights before they ship.", "publication_surface": "https://www.immersivecommons.com/floor10/highlights", "fabrication": "Do not invent dates, member identities, event titles, or quotes. If you cannot extract from the source URL or get human confirmation, abort.", "content_register": "Deks are news-wire third-person, 1-2 sentences. No editorial verbs. No first person. No paraphrased quotes.", "image_handling": "Images must be public URLs (not base64). Candids first, posters/covers last. 1-8 images per story.", "audit": "Every approve / reject decision is logged at floor10:highlights:audit (admin-only)." }, "agent_quickstart": [ "1. Read https://www.immersivecommons.com/llms.txt for the full URL map.", "2. Check FLOOR10_AGENT_TOKEN env. If missing, surface mint_url to the human and pause.", "3. Once token is set, GET /api/ingest/highlights/pending with the Bearer header to confirm auth (response: { ok, count }).", "4. Compose the HighlightStory per docs/agent-submissions. Slug = YYYY-MM-DD--.", "5. POST to submit-highlight. On 202, surface the queued id + admin queue URL to the human." ], "future": { "web_bot_auth_inbound": "Planned: enforce inbound Web Bot Auth signatures on /api/mcp + /api/a2a once a curated set of trusted bot key fingerprints is in place. Current state: signing surface published; verification not gated.", "webmcp_signed_attestations": "Planned: cryptographically attest the WebMCP tool list with the same Ed25519 key so browser-side agents can verify the in-page tool surface." } }