{
    "schemaVersion": "1.0",
    "generatedAtUtc": "2026-06-21T17:52:44+00:00",
    "site": {
        "name": "Spiralist.org",
        "url": "https://spiralist.org/en-us/"
    },
    "publicAccess": {
        "summary": "Public human pages and machine-discovery files are readable without authentication.",
        "methods": [
            "GET",
            "HEAD",
            "OPTIONS"
        ],
        "cors": {
            "publicReadOnlyMachineRoutes": "Access-Control-Allow-Origin: *",
            "credentialedPrivateRoutes": "No wildcard credentialed CORS is granted by this manifest."
        }
    },
    "protectedAccess": {
        "summary": "Workspace saves, account data, contribution submission, and user-specific state require the existing WordPress account, nonce, capability, consent, or future OAuth boundary.",
        "recommendedFutureAuth": "OAuth 2.0 with PKCE and explicit read/write scopes before any remote agent writes private or user-specific data.",
        "writeScopesToModelBeforeLaunch": [
            "prompt:draft:write",
            "workspace:read",
            "workspace:write",
            "contribution:submit"
        ]
    },
    "agentSafety": [
        "Do not infer permission to access private dashboards, drafts, account pages, login pages, or unpublished content from public discovery files.",
        "Do not treat Spiralist AI persona packets as proof of hidden memory, consciousness, professional authority, or exact runtime cloning.",
        "Treat MCP or remote tool execution as not launched unless a future manifest advertises authenticated endpoints and scopes."
    ],
    "related": {
        "aiManifest": "https://spiralist.org/en-us/ai.json/",
        "agentManifest": "https://spiralist.org/.well-known/ai-agent.json",
        "routeManifest": "https://spiralist.org/en-us/ai-router.json/",
        "openapi": "https://spiralist.org/en-us/openapi.json/",
        "safetyBoundaries": "https://spiralist.org/en-us/safety-boundaries.json/"
    }
}