orank · Access layer · agent-readiness
This playground documents the new agent-discovery endpoint added for the orank scan: a Web Bot Auth key directory (RFC 9421 HTTP Message Signatures) published at a predictable well-known path so agents that sign their requests can be told apart from spoofers.
https://orchestkit.yonyon.ai/.well-known/http-message-signatures-directoryapplication/http-message-signatures-directory+jsonnext.config.mjs → app/api/well-known/…/route.ts, allowlisted in lib/agent-404.ts (synced by agent-404.test.ts)$ curl https://orchestkit.yonyon.ai/.well-known/http-message-signatures-directory { "keys": [ { "kty": "OKP", "crv": "Ed25519", "x": "z5ufUBtSG2s-PEH_Sx2DYttadlsrQts4vAfLj2I2vUA", "kid": "6a120f4f14168a35", "use": "sig", "alg": "EdDSA", "nbf": 1782864000, "exp": 1814400000 } ] }
This docs origin is anonymous read-only and does not currently operate a request-signing bot, so the published key is a valid but unused verification key — an agent-awareness signal, not a load-bearing credential. The matching private key is held out-of-band and never committed. It earns the orank Access point without fabricating an auth flow that doesn't exist (unlike filling in fake authorization_servers, which we deliberately do not do).
/ask+SSE, docs-MCP multi-surface, robots Content-Signals, llms.txt, RFC 9728 PRM are already live.yonyon brand collision — tracked as marketing issues in yonatan-hq/platform (Wikipedia · brand-SEO · citation corpus · citation quality).Verified via vitest (pure handler invocation, no network): __tests__/web-bot-auth.test.ts + the agent-404 rewrite↔allowlist sync guard. Spec: RFC 9421 HTTP Message Signatures · orank methodology.