# auth.md

Agent registration metadata for Rahul M S — Cybersecurity Researcher & Red Team Specialist.

## Site Identity

- **Name**: Rahul M S — Cybersecurity Researcher & Red Team Specialist
- **URL**: https://rahulms.qzz.io
- **Contact**: 1amrahul@proton.me
- **GitHub**: https://github.com/1amrahul
- **LinkedIn**: https://linkedin.com/in/rahul-m-s-372b631a2

## Agent Registration

This site supports agent authentication via OAuth 2.0. Agents can register and obtain credentials to access protected API endpoints.

### Registration Endpoint

```
POST https://rahulms.qzz.io/api/auth/register
Content-Type: application/json

{
  "name": "Your Agent Name",
  "description": "What your agent does",
  "redirect_uris": ["https://your-agent.example.com/callback"]
}
```

### Authentication Flow

1. **Register**: POST to `/api/auth/register` with agent details
2. **Authenticate**: POST to `/api/auth/login` with credentials
3. **Access**: Use JWT Bearer token in `Authorization: Bearer <token>` header

### Supported Methods

| Method | Description |
|--------|-------------|
| `client_secret` | OAuth client credentials |
| `private_key_jwt` | JWT-based client authentication |
| `none` | Public clients (PKCE) |

## Public Endpoints (No Auth Required)

| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/projects` | GET | List open-source projects |
| `/api/settings` | GET | Get site settings (name, social links) |
| `/api/contact.php` | POST | Send a contact message |

### Contact Form

```json
POST /api/contact.php
Content-Type: application/json

{
  "name": "string (required)",
  "email": "string (required)",
  "message": "string (required)"
}
```

Response:
```json
{
  "success": true
}
```

Rate limited to 3 submissions per IP per hour. Server-side injection detection is active.

## Protected Endpoints (Auth Required)

| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/auth/login` | POST | Authenticate (returns JWT) |
| `/api/auth/me` | GET | Get current user info |
| `/api/projects` | POST/PUT/DELETE | Manage projects |
| `/api/messages` | GET/PUT | Manage contact messages |
| `/api/settings` | PUT | Update site settings |

Authentication uses JWT Bearer tokens. Obtain a token via `/api/auth/login`.

## Agent Interaction Guidelines

1. **Rate Limiting**: The contact form enforces rate limits. Respect them.
2. **Injection Detection**: The contact form has server-side injection detection. Do not send payloads.
3. **User-Agent**: Identify your agent with a descriptive User-Agent header.
4. **Content-Type**: Use `application/json` for all POST/PUT requests.

## MCP Server

An MCP server card is available at `/.well-known/mcp/server-card.json` for programmatic interaction.

## Skills

Agent skills for this site are listed at `/.well-known/agent-skills/index.json`.

## OAuth Metadata

- Protected Resource: `/.well-known/oauth-protected-resource`
- Authorization Server: `/.well-known/oauth-authorization-server`
