# Auth.md: Corium Records Agent Authentication and Registration

Corium Records is currently a public, static, read-only data surface.

No account, login, OAuth client registration, API key, bearer token, or private credential is required to read the public Corium Records data endpoints.

## Current Authentication Status

- Authentication required: no
- Agent registration required: no
- OAuth client registration available: no
- OpenID Connect provider available: no
- Protected write APIs: none
- Protected private APIs: none
- Public static data: yes
- Human trip ticket: local browser ritual state only, not authentication

## Agent Registration

Registration Required: no

Register URI: none

Supported Identity Types:

- anonymous
- public_agent

Credential Types:

- none

Claims URI: none

Revocation URI: none

Authorization Server: none

Protected Resource Metadata: `https://coriumrecords.com/.well-known/oauth-protected-resource`

OAuth Authorization Server Metadata: `https://coriumrecords.com/.well-known/oauth-authorization-server`

Agent registration is not currently supported because Corium Records does not publish protected APIs, writable APIs, private agent tools, or a live authenticated MCP/A2A service. Agents may access the public static data surface without registration.

## Agent Access Policy

Agents may read the public static endpoints listed in:

- `https://coriumrecords.com/llms.txt`
- `https://coriumrecords.com/openapi.json`
- `https://coriumrecords.com/.well-known/agents.json`
- `https://coriumrecords.com/.well-known/api-catalog`
- `https://coriumrecords.com/data/index.json`
- `https://coriumrecords.com/data/query_index.json`

Agents should prefer structured JSON, JSONL, Markdown, and OpenAPI surfaces before crawling HTML.

## Registration Policy

Agent registration is not currently supported because there are no protected agent APIs.

If protected APIs, writable endpoints, private curator tools, or a live MCP/A2A service are published in the future, Corium Records may add OAuth/OIDC discovery metadata and agent registration instructions.

## Credential Types

Currently supported credential types:

- none

Currently unsupported credential types:

- OAuth bearer tokens
- OAuth dynamic client registration credentials
- API keys
- client secrets
- mTLS credentials
- signed agent assertions

## Revocation

No agent credentials are issued, so there is currently no credential revocation endpoint.

## Contact / Documentation

- Agent instructions: `https://coriumrecords.com/llms.txt`
- API catalog: `https://coriumrecords.com/.well-known/api-catalog`
- OpenAPI: `https://coriumrecords.com/openapi.json`