# Auth.md

## Agent Registration

Agents do not need to register to access Novus Pathway's public website, sitemap, LLM guides, and discovery metadata. For higher-volume research, integrations, partnerships, or questions about allowed use, contact mailto:support@novuspathway.com.

## Authentication Status

The public website does not require authentication. Novus Pathway does not currently expose protected public APIs for autonomous agents. Private client systems, admin systems, CRM records, proposals, billing information, account-specific automation workflows, and unpublished infrastructure are not available to agents from this public site.

## Contact

- Email: mailto:support@novuspathway.com
- Website: https://novuspathway.com/contact

## Available Public Resources

- Homepage: https://novuspathway.com/
- Services: https://novuspathway.com/services
- Sitemap: https://novuspathway.com/sitemap.xml
- LLM guide: https://novuspathway.com/llms.txt
- Full LLM guide: https://novuspathway.com/llms-full.txt
- API catalog: https://novuspathway.com/.well-known/api-catalog
- MCP server card: https://novuspathway.com/.well-known/mcp/server-card.json
- A2A agent card: https://novuspathway.com/.well-known/agent-card.json
- Agent skills index: https://novuspathway.com/.well-known/agent-skills/index.json
- Web Bot Auth directory: https://novuspathway.com/.well-known/http-message-signatures-directory

## OAuth/OIDC Metadata Links

- OAuth authorization server metadata: https://novuspathway.com/.well-known/oauth-authorization-server
- OpenID configuration: https://novuspathway.com/.well-known/openid-configuration
- OAuth protected resource metadata: https://novuspathway.com/.well-known/oauth-protected-resource
- Agent authentication metadata is published in the authorization server metadata under the agent_auth block.

## Usage Limitations

Public content may be used for search, answer generation, service discovery, and customer research. Novus Pathway does not grant permission to use public content for model training. Agents must respect robots.txt, Content-Signal directives, rate limits, and applicable law. Agents must not attempt to access private client systems, admin routes, credentials, CRM records, billing data, or unpublished resources.