Сайту потрібні виправлення

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for Canonical and metadata (canonical_metadata).
Current check result:

{"evidence":{"final_url":"https://api.starveri.net/credits","headers":{"content-type":"text/html; charset=utf-8","vary":"Origin"},"inconsistent_fields":[],"items":[{"type":"canonical_url","value":"https://api.starveri.net/credits"},{"type":"title","value":"Starveri API Credits"},{"type":"meta_description","value":"Buy prepaid Starveri API credits for OpenAI-compatible GPT and Codex chat completions at 1/3 OpenAI-style pricing. Includes model discovery, API keys, tier limits, and a text-only GPT 5.5 demo."},{"type":"open_graph.description","value":"OpenAI-compatible GPT/Codex API credits, public model discovery, and prepaid keys at 1/3 OpenAI-style pricing."},{"type":"open_graph.site_name","value":"Starveri API"},{"type":"open_graph.title","value":"Starveri API Credits"},{"type":"open_graph.type","value":"website"},{"type":"open_graph.url","value":"https://api.starveri.net/credits"}],"malformed_fields":[],"metadata":{"canonical_self_reference":true,"canonical_url":"https://api.starveri.net/credits","description_length":193,"meta_description":"Buy prepaid Starveri API credits for OpenAI-compatible GPT and Codex chat completions at 1/3 OpenAI-style pricing. Includes model discovery...

Expected result: HTML contains a server-rendered `<title>`, meta description, a self-referential canonical link, and the four required Open Graph properties (`og:title`, `og:type`, `og:image`, `og:url`) consistent with the canonical and not marked `noindex`..
Fix guidance: Populate metadata in the layout/template for each public page; do not rely only on client-side head updates. Point each page's canonical at its own clean URL (consolidating tracking/variant query parameters), keep `og:url` consistent with that canonical, add all four required `og:*` properties, and remove `noindex` from pages that should be available to agents..
Stack templates:
- Generic web server: serve canonical and metadata tags from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for canonical and metadata tags; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for canonical and metadata tags; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for canonical and metadata tags; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for canonical and metadata tags; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for canonical and metadata tags; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for canonical and metadata tags; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement canonical and metadata tags via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add canonical and metadata tags via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add canonical and metadata tags as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate canonical and metadata tags in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 10 keys }

  {
    "items": [
      {
        "type": "canonical_url",
        "value": "https://api.starveri.net/credits"
      },
      {
        "type": "title",
        "value": "Starveri API Credits"
      },
      {
        "type": "meta_description",
        "value": "Buy prepaid Starveri API credits for OpenAI-compatible GPT and Codex chat completions at 1/3 OpenAI-style pricing. Includes model discovery, API keys, tier limits, and a text-only GPT 5.5 demo."
      },
      {
        "type": "open_graph.description",
        "value": "OpenAI-compatible GPT/Codex API credits, public model discovery, and prepaid keys at 1/3 OpenAI-style pricing."
      },
      {
        "type": "open_graph.site_name",
        "value": "Starveri API"
      },
      {
        "type": "open_graph.title",
        "value": "Starveri API Credits"
      },
      {
        "type": "open_graph.type",
        "value": "website"
      },
      {
        "type": "open_graph.url",
        "value": "https://api.starveri.net/credits"
      }
    ],
    "headers": {
      "vary": "Origin",
      "content-type": "text/html; charset=utf-8"
    },
    "snippet": "<!doctype html> <html lang=\"en\"> <head> <meta charset=\"utf-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <title>Starveri API Credits</title> <meta name=\"description\" content=\"Buy prepaid Starveri API credits for OpenAI-compatible GPT and Codex chat completions at 1/3 OpenA",
    "metadata": {
      "title": "Starveri API Credits",
      "twitter": {
        "card": "summary",
        "title": "Starveri API Credits",
        "description": "Prepaid OpenAI-compatible GPT/Codex API credits at 1/3 OpenAI-style pricing."
      },
      "open_graph": {
        "url": "https://api.starveri.net/credits",
        "type": "website",
        "title": "Starveri API Credits",
        "site_name": "Starveri API",
        "description": "OpenAI-compatible GPT/Codex API credits, public model discovery, and prepaid keys at 1/3 OpenAI-style pricing."
      },
      "title_length": 20,
      "canonical_url": "https://api.starveri.net/credits",
      "meta_description": "Buy prepaid Starveri API credits for OpenAI-compatible GPT and Codex chat completions at 1/3 OpenAI-style pricing. Includes model discovery, API keys, tier limits, and a text-only GPT 5.5 demo.",
      "description_length": 193,
      "canonical_self_reference": true
    },
    "final_url": "https://api.starveri.net/credits",
    "redirects": [
      {
        "url": "https://api.starveri.net/",
        "location": "/credits",
        "status_code": 302
      }
    ],
    "status_code": 200,
    "requested_url": "https://api.starveri.net/",
    "malformed_fields": [],
    "inconsistent_fields": []
  }

• outputs{ 3 keys }

  {
    "has_canonical": true,
    "has_open_graph": true,
    "metadata_item_count": 8
  }

• remediation_key"canonical_metadata_incomplete"

  "canonical_metadata_incomplete"

• scanner_message"Some metadata was found, but canonical/basic/Open Graph coverage is incomplete…

  "Some metadata was found, but canonical/basic/Open Graph coverage is incomplete."

• status"partial"

  "partial"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for Discovery Link headers (link_headers).
Current check result:

{"evidence":{"discovered_links":[],"discovery_counts":{"machine_readable":0,"navigational":0},"final_url":"https://api.starveri.net/credits","headers":{"content-type":"text/html; charset=utf-8","vary":"Origin"},"malformed_entries":[],"redirects":[{"location":"/credits","status_code":302,"url":"https://api.starveri.net/"}],"rel_missing_entries":[],"requested_url":"https://api.starveri.net/","status_code":200,"well_known_api_catalog":{"content_type":"application/json","final_url":"https://api.starveri.net/.well-known/api-catalog","found":false,"requested_url":"https://api.starveri.net/.well-known/api-catalog","status":"fetched","status_code":404}},"outputs":{"discovery_link_count":0,"link_count":0,"machine_readable_link_count":0},"remediation_key":"link_headers_missing","scanner_message":"No HTTP Link header was found on the target page.","status":"fail"}

Expected result: The main response includes machine-readable `Link` headers with rel values for canonical, sitemap, `api-catalog`, `linkset`, `service-desc`, or other registered discovery resources..
Fix guidance: Add `Link` headers at the web server or application response layer; use absolute URLs and correct `rel`/`type` parameters..
Stack templates:
- Generic web server: serve HTTP `Link` headers from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for HTTP `Link` headers; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for HTTP `Link` headers; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for HTTP `Link` headers; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for HTTP `Link` headers; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for HTTP `Link` headers; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for HTTP `Link` headers; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement HTTP `Link` headers via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add HTTP `Link` headers via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add HTTP `Link` headers as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate HTTP `Link` headers in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 10 keys }

  {
    "headers": {
      "vary": "Origin",
      "content-type": "text/html; charset=utf-8"
    },
    "final_url": "https://api.starveri.net/credits",
    "redirects": [
      {
        "url": "https://api.starveri.net/",
        "location": "/credits",
        "status_code": 302
      }
    ],
    "status_code": 200,
    "requested_url": "https://api.starveri.net/",
    "discovered_links": [],
    "discovery_counts": {
      "navigational": 0,
      "machine_readable": 0
    },
    "malformed_entries": [],
    "rel_missing_entries": [],
    "well_known_api_catalog": {
      "found": false,
      "status": "fetched",
      "final_url": "https://api.starveri.net/.well-known/api-catalog",
      "status_code": 404,
      "content_type": "application/json",
      "requested_url": "https://api.starveri.net/.well-known/api-catalog"
    }
  }

• outputs{ 3 keys }

  {
    "link_count": 0,
    "discovery_link_count": 0,
    "machine_readable_link_count": 0
  }

• remediation_key"link_headers_missing"

  "link_headers_missing"

• scanner_message"No HTTP Link header was found on the target page."

  "No HTTP Link header was found on the target page."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for robots.txt availability (robots_txt).
Current check result:

{"evidence":{"directives":{"allow_count":1,"count":21,"disallow_count":9,"unknown":["content-signal"],"user_agents":["*","Amazonbot","Applebot-Extended","Bytespider","CCBot","ClaudeBot","CloudflareBrowserRenderingCrawler","Google-Extended","GPTBot","meta-externalagent"]},"final_url":"https://api.starveri.net/robots.txt","headers":{"content-type":"text/plain; charset=utf-8"},"malformed_lines":[],"parseable":true,"redirects":[],"requested_url":"https://api.starveri.net/robots.txt","sitemaps":[],"snippet":"# As a condition of accessing this website, you agree to abide by the following # content signals: # (a) If a Content-Signal = yes, you may collect content for the corresponding # use. # (b) If a Content-Signal = no, you may not collect content for the # corresponding use. # (c) If the website opera","status_code":200},"outputs":{"directive_count":21,"has_sitemap":false,"parseable":true},"remediation_key":"robots_txt_incomplete","scanner_message":"robots.txt is readable but incomplete: no sitemap hints.","status":"partial"}

Expected result: A public `/robots.txt` returns HTTP 200, is parseable, and contains `User-agent` rules plus `Sitemap` directives..
Fix guidance: Create or update `/robots.txt`: add rules for generic and AI crawler user agents, include an absolute sitemap URL, and serve it as `text/plain`..
Stack templates:
- Generic web server: serve `/robots.txt` from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for `/robots.txt`; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for `/robots.txt`; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for `/robots.txt`; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for `/robots.txt`; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for `/robots.txt`; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for `/robots.txt`; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement `/robots.txt` via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add `/robots.txt` via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add `/robots.txt` as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate `/robots.txt` in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 10 keys }

  {
    "headers": {
      "content-type": "text/plain; charset=utf-8"
    },
    "snippet": "# As a condition of accessing this website, you agree to abide by the following # content signals: # (a) If a Content-Signal = yes, you may collect content for the corresponding # use. # (b) If a Content-Signal = no, you may not collect content for the # corresponding use. # (c) If the website opera",
    "sitemaps": [],
    "final_url": "https://api.starveri.net/robots.txt",
    "parseable": true,
    "redirects": [],
    "directives": {
      "count": 21,
      "unknown": [
        "content-signal"
      ],
      "allow_count": 1,
      "user_agents": [
        "*",
        "Amazonbot",
        "Applebot-Extended",
        "Bytespider",
        "CCBot",
        "ClaudeBot",
        "CloudflareBrowserRenderingCrawler",
        "Google-Extended",
        "GPTBot",
        "meta-externalagent"
      ],
      "disallow_count": 9
    },
    "status_code": 200,
    "requested_url": "https://api.starveri.net/robots.txt",
    "malformed_lines": []
  }

• outputs{ 3 keys }

  {
    "parseable": true,
    "has_sitemap": false,
    "directive_count": 21
  }

• remediation_key"robots_txt_incomplete"

  "robots_txt_incomplete"

• scanner_message"robots.txt is readable but incomplete: no sitemap hints."

  "robots.txt is readable but incomplete: no sitemap hints."

• status"partial"

  "partial"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for llms-full.txt (llms_full_txt).
Current check result:

{"evidence":{"body_size_bytes":53,"final_url":"https://api.starveri.net/llms-full.txt","has_explicit_markdown_or_plain_text":false,"headers":{"content-type":"application/json"},"is_markdown_or_plain_text":false,"redirects":[],"requested_url":"https://api.starveri.net/llms-full.txt","status_code":404},"outputs":{"http_status":404},"remediation_key":"llms_full_txt_missing","scanner_message":"llms-full.txt is not available with HTTP 200.","status":"fail"}

Expected result: `/llms-full.txt` returns HTTP 200 as an explicit `text/markdown` (or `text/plain`) document: it starts with an H1 title and a short blockquote summary, then groups the full content under `##`/`###` sections (not just links). This is a de-facto convention, not part of the official llms.txt spec; a large file is normal, so size is not penalized as long as the body stays within the scanner's fetch limit..
Fix guidance: Publish the full public content as one Markdown file: an H1 title, a blockquote summary right after it, then `##`/`###` sections of complete text (overview, important pages, usage limits) and no private data. Serve it with an explicit `Content-Type: text/markdown` (or `text/plain`) and `Vary: Accept`, and keep a companion `/llms.txt` index next to it. Do not trim the file just for size — a large valid document passes the check..
Stack templates:
- Generic web server: serve `/llms-full.txt` from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for `/llms-full.txt`; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for `/llms-full.txt`; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for `/llms-full.txt`; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for `/llms-full.txt`; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for `/llms-full.txt`; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for `/llms-full.txt`; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement `/llms-full.txt` via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add `/llms-full.txt` via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add `/llms-full.txt` as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate `/llms-full.txt` in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 8 keys }

  {
    "headers": {
      "content-type": "application/json"
    },
    "final_url": "https://api.starveri.net/llms-full.txt",
    "redirects": [],
    "status_code": 404,
    "requested_url": "https://api.starveri.net/llms-full.txt",
    "body_size_bytes": 53,
    "is_markdown_or_plain_text": false,
    "has_explicit_markdown_or_plain_text": false
  }

• outputs{ 1 key }

  {
    "http_status": 404
  }

• remediation_key"llms_full_txt_missing"

  "llms_full_txt_missing"

• scanner_message"llms-full.txt is not available with HTTP 200."

  "llms-full.txt is not available with HTTP 200."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for llms.txt (llms_txt).
Current check result:

{"evidence":{"body_size_bytes":1237,"discovered_links":[],"final_url":"https://api.starveri.net/llms.txt","headers":{"content-type":"text/plain; charset=utf-8","vary":"Origin, accept-encoding"},"is_markdown_content_type":false,"is_markdown_or_plain_text":true,"language_hints":[],"malformed_link_lines":[],"redirects":[],"requested_url":"https://api.starveri.net/llms.txt","snippet":"# Starveri API OpenAI-compatible GPT and Codex chat completions API with public model discovery, prepaid credits, bounded code tools, and 1/3 OpenAI-style API pricing. ## Primary URLs - Documentation: https://api.starveri.net/docs - OpenAPI: https://api.starveri.net/openapi.yaml - OpenAPI JSON: http","status_code":200,"structure":{"blockquote_count":0,"h1_count":1,"h2_count":3,"has_described_links":false,"has_required_structure":true,"has_summary":false,"has_useful_links":false,"link_count":0,"links_with_notes":0,"markdown_link_target_count":0,"markdown_link_target_share":0.0,"optional_section":false,"starts_with_h1":true}},"outputs":{"has_described_links":false,"has_language_hints":false,"has_links":false,"has_required_structure":true,"has_summary":false,"is_markdown_content_type":false,"is_markdown_o...

Expected result: `/llms.txt` returns HTTP 200 as `text/markdown`, starts with one H1 followed by a short blockquote summary, and groups links with per-link descriptions (`[name](url): note`) under `##` sections; language hints for `uk`, `ru`, or `en` are a bonus..
Fix guidance: Create a short agent-facing index: a single H1 title, a one-line blockquote summary right after it, `##` sections that list key URLs as `[name](url): note`, prefer Markdown (`.md`) link targets, and serve the file with `Content-Type: text/markdown`..
Stack templates:
- Generic web server: serve `/llms.txt` from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for `/llms.txt`; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for `/llms.txt`; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for `/llms.txt`; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for `/llms.txt`; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for `/llms.txt`; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for `/llms.txt`; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement `/llms.txt` via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add `/llms.txt` via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add `/llms.txt` as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate `/llms.txt` in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 13 keys }

  {
    "headers": {
      "vary": "Origin, accept-encoding",
      "content-type": "text/plain; charset=utf-8"
    },
    "snippet": "# Starveri API OpenAI-compatible GPT and Codex chat completions API with public model discovery, prepaid credits, bounded code tools, and 1/3 OpenAI-style API pricing. ## Primary URLs - Documentation: https://api.starveri.net/docs - OpenAPI: https://api.starveri.net/openapi.yaml - OpenAPI JSON: http",
    "final_url": "https://api.starveri.net/llms.txt",
    "redirects": [],
    "structure": {
      "h1_count": 1,
      "h2_count": 3,
      "link_count": 0,
      "has_summary": false,
      "starts_with_h1": true,
      "blockquote_count": 0,
      "has_useful_links": false,
      "links_with_notes": 0,
      "optional_section": false,
      "has_described_links": false,
      "has_required_structure": true,
      "markdown_link_target_count": 0,
      "markdown_link_target_share": 0
    },
    "status_code": 200,
    "requested_url": "https://api.starveri.net/llms.txt",
    "language_hints": [],
    "body_size_bytes": 1237,
    "discovered_links": [],
    "malformed_link_lines": [],
    "is_markdown_content_type": false,
    "is_markdown_or_plain_text": true
  }

• outputs{ 11 keys }

  {
    "has_links": false,
    "link_count": 0,
    "has_summary": false,
    "language_hints": [],
    "links_with_notes": 0,
    "has_language_hints": false,
    "has_described_links": false,
    "has_required_structure": true,
    "is_markdown_content_type": false,
    "is_markdown_or_plain_text": true,
    "markdown_link_target_share": 0
  }

• remediation_key"llms_txt_incomplete"

  "llms_txt_incomplete"

• scanner_message"llms.txt is present but its structure, links, or media type are incomplete."

  "llms.txt is present but its structure, links, or media type are incomplete."

• status"partial"

  "partial"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for Markdown content negotiation (markdown_negotiation).
Current check result:

{"evidence":{"body_size_bytes":22634,"final_url":"https://api.starveri.net/credits","has_markdown_content_type":false,"has_vary_accept":false,"headers":{"content-type":"text/html; charset=utf-8","vary":"Origin"},"markdown":{"has_code_fence":false,"has_heading":false,"has_link":false,"has_list":true,"html_tag_count":19,"looks_like_markdown":false,"non_empty_line_count":462,"signal_count":1},"redirects":[{"location":"/credits","status_code":302,"url":"https://api.starveri.net/"}],"requested_url":"https://api.starveri.net/","snippet":"<!doctype html> <html lang=\"en\"> <head> <meta charset=\"utf-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <title>Starveri API Credits</title> <meta name=\"description\" content=\"Buy prepaid Starveri API credits for OpenAI-compatible GPT and Codex chat completions at 1/3 OpenA","status_code":200},"outputs":{"body_size_bytes":22634,"has_markdown_content_type":false,"has_vary_accept":false,"markdown_signal_count":1},"remediation_key":"markdown_negotiation_missing","scanner_message":"Target page does not expose a Markdown representation.","status":"fail"}

Expected result: A request with `Accept: text/markdown` returns a Markdown representation, `Content-Type: text/markdown`, and `Vary: Accept` without breaking HTML..
Fix guidance: Add content negotiation in the route or middleware: render clean page text for Markdown requests while keeping HTML for browsers..
Stack templates:
- Generic web server: serve `Accept: text/markdown` negotiation from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for `Accept: text/markdown` negotiation; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for `Accept: text/markdown` negotiation; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for `Accept: text/markdown` negotiation; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for `Accept: text/markdown` negotiation; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for `Accept: text/markdown` negotiation; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for `Accept: text/markdown` negotiation; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement `Accept: text/markdown` negotiation via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add `Accept: text/markdown` negotiation via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add `Accept: text/markdown` negotiation as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate `Accept: text/markdown` negotiation in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 10 keys }

  {
    "headers": {
      "vary": "Origin",
      "content-type": "text/html; charset=utf-8"
    },
    "snippet": "<!doctype html> <html lang=\"en\"> <head> <meta charset=\"utf-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <title>Starveri API Credits</title> <meta name=\"description\" content=\"Buy prepaid Starveri API credits for OpenAI-compatible GPT and Codex chat completions at 1/3 OpenA",
    "markdown": {
      "has_link": false,
      "has_list": true,
      "has_heading": false,
      "signal_count": 1,
      "has_code_fence": false,
      "html_tag_count": 19,
      "looks_like_markdown": false,
      "non_empty_line_count": 462
    },
    "final_url": "https://api.starveri.net/credits",
    "redirects": [
      {
        "url": "https://api.starveri.net/",
        "location": "/credits",
        "status_code": 302
      }
    ],
    "status_code": 200,
    "requested_url": "https://api.starveri.net/",
    "body_size_bytes": 22634,
    "has_vary_accept": false,
    "has_markdown_content_type": false
  }

• outputs{ 4 keys }

  {
    "body_size_bytes": 22634,
    "has_vary_accept": false,
    "markdown_signal_count": 1,
    "has_markdown_content_type": false
  }

• remediation_key"markdown_negotiation_missing"

  "markdown_negotiation_missing"

• scanner_message"Target page does not expose a Markdown representation."

  "Target page does not expose a Markdown representation."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for Server-rendered content availability (ssr_content).
Current check result:

{"evidence":{"body_size_bytes":23138,"content_metrics":{"external_script_count":1,"has_empty_app_root":false,"heading_count":7,"link_count":0,"looks_js_only":false,"noscript_text_length":0,"paragraph_count":1,"script_count":4,"visible_text_length":455,"word_count":75},"final_url":"https://api.starveri.net/credits","headers":{"content-type":"text/html; charset=utf-8","vary":"Origin"},"redirects":[{"location":"/credits","status_code":302,"url":"https://api.starveri.net/"}],"requested_url":"https://api.starveri.net/","snippet":"Starveri API Credits Starveri API Credits OpenAI-compatible GPT and Codex API credits at 1/3 OpenAI-style pricing. Docs Usage Chat Privacy Log out Try GPT 5.5 Prompt Run Demo 5 free text-only requests, 2,000 tokens total. Buy Credits Amount Email Name Buy Credits Restock Dashboard Dashboard Login Da","status_code":200},"outputs":{"has_empty_app_root":false,"heading_count":7,"paragraph_count":1,"script_count":4,"visible_text_length":455,"word_count":75},"remediation_key":"ssr_content_thin","scanner_message":"Some content is available without JavaScript, but the server-rendered response is thin.","status":"partial"}

Expected result: The initial HTML contains meaningful content without executing JavaScript: headings, paragraphs, links, and canonical metadata..
Fix guidance: Enable SSR/SSG or a server-side fallback for public pages; do not leave an empty app root as the only source of content..
Stack templates:
- Generic web server: serve server-rendered HTML from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for server-rendered HTML; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for server-rendered HTML; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for server-rendered HTML; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for server-rendered HTML; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for server-rendered HTML; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for server-rendered HTML; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement server-rendered HTML via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add server-rendered HTML via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add server-rendered HTML as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate server-rendered HTML in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 8 keys }

  {
    "headers": {
      "vary": "Origin",
      "content-type": "text/html; charset=utf-8"
    },
    "snippet": "Starveri API Credits Starveri API Credits OpenAI-compatible GPT and Codex API credits at 1/3 OpenAI-style pricing. Docs Usage Chat Privacy Log out Try GPT 5.5 Prompt Run Demo 5 free text-only requests, 2,000 tokens total. Buy Credits Amount Email Name Buy Credits Restock Dashboard Dashboard Login Da",
    "final_url": "https://api.starveri.net/credits",
    "redirects": [
      {
        "url": "https://api.starveri.net/",
        "location": "/credits",
        "status_code": 302
      }
    ],
    "status_code": 200,
    "requested_url": "https://api.starveri.net/",
    "body_size_bytes": 23138,
    "content_metrics": {
      "link_count": 0,
      "word_count": 75,
      "script_count": 4,
      "heading_count": 7,
      "looks_js_only": false,
      "paragraph_count": 1,
      "has_empty_app_root": false,
      "visible_text_length": 455,
      "noscript_text_length": 0,
      "external_script_count": 1
    }
  }

• outputs{ 6 keys }

  {
    "word_count": 75,
    "script_count": 4,
    "heading_count": 7,
    "paragraph_count": 1,
    "has_empty_app_root": false,
    "visible_text_length": 455
  }

• remediation_key"ssr_content_thin"

  "ssr_content_thin"

• scanner_message"Some content is available without JavaScript, but the server-rendered response…

  "Some content is available without JavaScript, but the server-rendered response is thin."

• status"partial"

  "partial"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for AI bot rules (ai_bot_rules).
Current check result:

{"evidence":{"configured_agents":["GPTBot","ClaudeBot","PerplexityBot","OAI-SearchBot","ChatGPT-User","Google-Extended","CCBot","anthropic-ai","Claude-Web","Applebot-Extended","Meta-ExternalAgent","Amazonbot","Bytespider"],"directive_count":21,"final_url":"https://api.starveri.net/robots.txt","headers":{"content-type":"text/plain; charset=utf-8"},"malformed_lines":[],"matched_directives":[{"agent":"GPTBot","directives":[{"directive":"disallow","line_number":54,"value":"/"}],"policy":"disallow","source":"direct"},{"agent":"ClaudeBot","directives":[{"directive":"disallow","line_number":45,"value":"/"}],"policy":"disallow","source":"direct"},{"agent":"PerplexityBot","directives":[{"directive":"allow","line_number":30,"value":"/"}],"policy":"allow","source":"wildcard"},{"agent":"OAI-SearchBot","directives":[{"directive":"allow","line_number":30,"value":"/"}],"policy":"allow","source":"wildcard"},{"agent":"ChatGPT-User","directives":[{"directive":"allow","line_number":30,"value":"/"}],"policy":"allow","source":"wildcard"},{"agent":"Google-Extended","directives":[{"directive":"disallow","line_number":51,"value":"/"}],"policy":"disallow","source":"direct"},{"agent":"CCBot","directives"...

Expected result: `robots.txt` explicitly describes policy for GPTBot, ClaudeBot, PerplexityBot, and other AI crawler user agents..
Fix guidance: Add dedicated `User-agent` groups or a wildcard policy with `Allow`/`Disallow`; verify it does not accidentally block required SEO crawlers..
Stack templates:
- Generic web server: serve AI bot rules in `robots.txt` from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for AI bot rules in `robots.txt`; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for AI bot rules in `robots.txt`; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for AI bot rules in `robots.txt`; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for AI bot rules in `robots.txt`; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for AI bot rules in `robots.txt`; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for AI bot rules in `robots.txt`; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement AI bot rules in `robots.txt` via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add AI bot rules in `robots.txt` via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add AI bot rules in `robots.txt` as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate AI bot rules in `robots.txt` in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 15 keys }

  {
    "headers": {
      "content-type": "text/plain; charset=utf-8"
    },
    "snippet": "# As a condition of accessing this website, you agree to abide by the following # content signals: # (a) If a Content-Signal = yes, you may collect content for the corresponding # use. # (b) If a Content-Signal = no, you may not collect content for the # corresponding use. # (c) If the website opera",
    "final_url": "https://api.starveri.net/robots.txt",
    "parseable": true,
    "redirects": [],
    "status_code": 200,
    "policy_counts": {
      "allow": 5,
      "disallow": 8
    },
    "requested_url": "https://api.starveri.net/robots.txt",
    "directive_count": 21,
    "malformed_lines": [],
    "required_agents": [
      "GPTBot",
      "ClaudeBot",
      "PerplexityBot"
    ],
    "configured_agents": [
      "GPTBot",
      "ClaudeBot",
      "PerplexityBot",
      "OAI-SearchBot",
      "ChatGPT-User",
      "Google-Extended",
      "CCBot",
      "anthropic-ai",
      "Claude-Web",
      "Applebot-Extended",
      "Meta-ExternalAgent",
      "Amazonbot",
      "Bytespider"
    ],
    "matched_directives": [
      {
        "agent": "GPTBot",
        "policy": "disallow",
        "source": "direct",
        "directives": [
          {
            "value": "/",
            "directive": "disallow",
            "line_number": 54
          }
        ]
      },
      {
        "agent": "ClaudeBot",
        "policy": "disallow",
        "source": "direct",
        "directives": [
          {
            "value": "/",
            "directive": "disallow",
            "line_number": 45
          }
        ]
      },
      {
        "agent": "PerplexityBot",
        "policy": "allow",
        "source": "wildcard",
        "directives": [
          {
            "value": "/",
            "directive": "allow",
            "line_number": 30
          }
        ]
      },
      {
        "agent": "OAI-SearchBot",
        "policy": "allow",
        "source": "wildcard",
        "directives": [
          {
            "value": "/",
            "directive": "allow",
            "line_number": 30
          }
        ]
      },
      {
        "agent": "ChatGPT-User",
        "policy": "allow",
        "source": "wildcard",
        "directives": [
          {
            "value": "/",
            "directive": "allow",
            "line_number": 30
          }
        ]
      },
      {
        "agent": "Google-Extended",
        "policy": "disallow",
        "source": "direct",
        "directives": [
          {
            "value": "/",
            "directive": "disallow",
            "line_number": 51
          }
        ]
      },
      {
        "agent": "CCBot",
        "policy": "disallow",
        "source": "direct",
        "directives": [
          {
            "value": "/",
            "directive": "disallow",
            "line_number": 42
          }
        ]
      },
      {
        "agent": "anthropic-ai",
        "policy": "allow",
        "source": "wildcard",
        "directives": [
          {
            "value": "/",
            "directive": "allow",
            "line_number": 30
          }
        ]
      },
      {
        "agent": "Claude-Web",
        "policy": "allow",
        "source": "wildcard",
        "directives": [
          {
            "value": "/",
            "directive": "allow",
            "line_number": 30
          }
        ]
      },
      {
        "agent": "Applebot-Extended",
        "policy": "disallow",
        "source": "direct",
        "directives": [
          {
            "value": "/",
            "directive": "disallow",
            "line_number": 36
          }
        ]
      },
      {
        "agent": "Meta-ExternalAgent",
        "policy": "disallow",
        "source": "direct",
        "directives": [
          {
            "value": "/",
            "directive": "disallow",
            "line_number": 57
          }
        ]
      },
      {
        "agent": "Amazonbot",
        "policy": "disallow",
        "source": "direct",
        "directives": [
          {
            "value": "/",
            "directive": "disallow",
            "line_number": 33
          }
        ]
      },
      {
        "agent": "Bytespider",
        "policy": "disallow",
        "source": "direct",
        "directives": [
          {
            "value": "/",
            "directive": "disallow",
            "line_number": 39
          }
        ]
      }
    ],
    "unknown_directives": [
      "content-signal"
    ],
    "missing_required_agents": []
  }

• outputs{ 7 keys }

  {
    "parseable": true,
    "policy_counts": {
      "allow": 5,
      "disallow": 8
    },
    "required_agent_count": 3,
    "missing_required_agents": [],
    "direct_required_agent_count": 2,
    "covered_required_agent_count": 3,
    "direct_configured_agent_count": 8
  }

• remediation_key"ai_bot_rules_incomplete"

  "ai_bot_rules_incomplete"

• scanner_message"Some AI bot access rules were found, but required crawler coverage is incomple…

  "Some AI bot access rules were found, but required crawler coverage is incomplete."

• status"partial"

  "partial"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for Content usage policy signals (content_usage_policy).
Current check result:

{"evidence":{"final_url":"https://api.starveri.net/credits","headers":{"content-type":"text/html; charset=utf-8","vary":"Origin"},"items":[],"malformed_fields":[],"redirects":[{"location":"/credits","status_code":302,"url":"https://api.starveri.net/"}],"requested_url":"https://api.starveri.net/","snippet":"<!doctype html> <html lang=\"en\"> <head> <meta charset=\"utf-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <title>Starveri API Credits</title> <meta name=\"description\" content=\"Buy prepaid Starveri API credits for OpenAI-compatible GPT and Codex chat completions at 1/3 OpenA","status_code":200},"outputs":{"header_signal_count":0,"malformed_field_count":0,"metadata_signal_count":0,"signal_count":0,"strong_signal_count":0},"remediation_key":"content_usage_policy_missing","scanner_message":"No supported content usage policy headers or metadata were found.","status":"fail"}

Expected result: The site publishes machine-readable AI/content usage signals in headers, meta tags, or policy links..
Fix guidance: Add consistent policy headers/meta/link rels pointing to usage terms; do not encode legal guarantees in code..
Stack templates:
- Generic web server: serve content usage policy signals from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for content usage policy signals; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for content usage policy signals; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for content usage policy signals; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for content usage policy signals; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for content usage policy signals; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for content usage policy signals; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement content usage policy signals via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add content usage policy signals via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add content usage policy signals as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate content usage policy signals in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 8 keys }

  {
    "items": [],
    "headers": {
      "vary": "Origin",
      "content-type": "text/html; charset=utf-8"
    },
    "snippet": "<!doctype html> <html lang=\"en\"> <head> <meta charset=\"utf-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <title>Starveri API Credits</title> <meta name=\"description\" content=\"Buy prepaid Starveri API credits for OpenAI-compatible GPT and Codex chat completions at 1/3 OpenA",
    "final_url": "https://api.starveri.net/credits",
    "redirects": [
      {
        "url": "https://api.starveri.net/",
        "location": "/credits",
        "status_code": 302
      }
    ],
    "status_code": 200,
    "requested_url": "https://api.starveri.net/",
    "malformed_fields": []
  }

• outputs{ 5 keys }

  {
    "signal_count": 0,
    "header_signal_count": 0,
    "strong_signal_count": 0,
    "malformed_field_count": 0,
    "metadata_signal_count": 0
  }

• remediation_key"content_usage_policy_missing"

  "content_usage_policy_missing"

• scanner_message"No supported content usage policy headers or metadata were found."

  "No supported content usage policy headers or metadata were found."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for Rate-limit hints (rate_limit_hints).
Current check result:

{"evidence":{"final_url":"https://api.starveri.net/credits","headers":{},"observed_from":"initial_fetch","requested_url":"https://api.starveri.net/","safe_probe":{"request_count":0,"strategy":"passive_initial_fetch"},"status_code":200},"outputs":{"bot_policy_hint_count":0,"has_429":false,"has_retry_after":false,"hint_count":0,"legacy_rate_limit_header_count":0,"standard_rate_limit_header_count":0},"remediation_key":"rate_limit_hints_missing","scanner_message":"No Retry-After, RateLimit, 429, or bot-specific throttling hints were observed.","status":"fail"}

Expected result: Responses include standard `RateLimit` or `Retry-After` hints, and bot policy explains expected throttling behavior..
Fix guidance: Configure rate-limit middleware/edge rules and return clear headers for 429 or controlled throttling..
Stack templates:
- Generic web server: serve RateLimit/Retry-After hints from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for RateLimit/Retry-After hints; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for RateLimit/Retry-After hints; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for RateLimit/Retry-After hints; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for RateLimit/Retry-After hints; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for RateLimit/Retry-After hints; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for RateLimit/Retry-After hints; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement RateLimit/Retry-After hints via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add RateLimit/Retry-After hints via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add RateLimit/Retry-After hints as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate RateLimit/Retry-After hints in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 6 keys }

  {
    "headers": {},
    "final_url": "https://api.starveri.net/credits",
    "safe_probe": {
      "strategy": "passive_initial_fetch",
      "request_count": 0
    },
    "status_code": 200,
    "observed_from": "initial_fetch",
    "requested_url": "https://api.starveri.net/"
  }

• outputs{ 6 keys }

  {
    "has_429": false,
    "hint_count": 0,
    "has_retry_after": false,
    "bot_policy_hint_count": 0,
    "legacy_rate_limit_header_count": 0,
    "standard_rate_limit_header_count": 0
  }

• remediation_key"rate_limit_hints_missing"

  "rate_limit_hints_missing"

• scanner_message"No Retry-After, RateLimit, 429, or bot-specific throttling hints were observed…

  "No Retry-After, RateLimit, 429, or bot-specific throttling hints were observed."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for A2A/WebMCP readiness (a2a_webmcp_readiness).
Current check result:

{"evidence":{"candidates":[{"final_url":"https://api.starveri.net/.well-known/agent-card.json","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/agent-card.json"},{"final_url":"https://api.starveri.net/.well-known/agent.json","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/agent.json"},{"final_url":"https://api.starveri.net/.well-known/webmcp.json","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/webmcp.json"}],"final_url":"https://api.starveri.net/.well-known/agent-card.json","headers":{"content-type":"application/json"},"requested_url":"https://api.starveri.net/.well-known/agent-card.json","root":{"discovered_links":[],"final_url":"https://api.starveri.net/credits","headers":{"content-type":"text/html; charset=utf-8","vary":"Origin"},"malformed_entries":[],"redirects":[{"location":"/credits","status_code":302,"url":"https://api.starveri.net/"}],"requested_url":"https://api....

Expected result: Public discovery JSON describes A2A Agent Card or WebMCP capabilities, endpoints, auth, and documentation..
Fix guidance: Publish agent card/WebMCP JSON only for capabilities that truly exist; add docs links and tests for JSON validation..
Stack templates:
- Generic web server: serve A2A/WebMCP discovery metadata from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for A2A/WebMCP discovery metadata; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for A2A/WebMCP discovery metadata; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for A2A/WebMCP discovery metadata; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for A2A/WebMCP discovery metadata; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for A2A/WebMCP discovery metadata; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for A2A/WebMCP discovery metadata; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement A2A/WebMCP discovery metadata via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add A2A/WebMCP discovery metadata via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add A2A/WebMCP discovery metadata as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate A2A/WebMCP discovery metadata in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 6 keys }

  {
    "root": {
      "status": "fetched",
      "headers": {
        "vary": "Origin",
        "content-type": "text/html; charset=utf-8"
      },
      "final_url": "https://api.starveri.net/credits",
      "redirects": [
        {
          "url": "https://api.starveri.net/",
          "location": "/credits",
          "status_code": 302
        }
      ],
      "status_code": 200,
      "requested_url": "https://api.starveri.net/",
      "discovered_links": [],
      "malformed_entries": []
    },
    "headers": {
      "content-type": "application/json"
    },
    "final_url": "https://api.starveri.net/.well-known/agent-card.json",
    "candidates": [
      {
        "url": "https://api.starveri.net/.well-known/agent-card.json",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/agent-card.json",
        "status_code": 404
      },
      {
        "url": "https://api.starveri.net/.well-known/agent.json",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/agent.json",
        "status_code": 404
      },
      {
        "url": "https://api.starveri.net/.well-known/webmcp.json",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/webmcp.json",
        "status_code": 404
      }
    ],
    "status_code": 404,
    "requested_url": "https://api.starveri.net/.well-known/agent-card.json"
  }

• outputs{ 3 keys }

  {
    "protocols": [],
    "endpoint_count": 0,
    "metadata_found": false
  }

• remediation_key"a2a_webmcp_readiness_missing"

  "a2a_webmcp_readiness_missing"

• scanner_message"No A2A Agent Card or WebMCP readiness metadata was discovered."

  "No A2A Agent Card or WebMCP readiness metadata was discovered."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for Agent Skills index (agent_skills).
Current check result:

{"evidence":{"candidates":[{"final_url":"https://api.starveri.net/.well-known/agent-skills/index.json","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/agent-skills/index.json"}],"final_url":"https://api.starveri.net/.well-known/agent-skills/index.json","headers":{"content-type":"application/json"},"requested_url":"https://api.starveri.net/.well-known/agent-skills/index.json","status_code":404},"outputs":{"skill_count":0,"skills_found":false},"remediation_key":"agent_skills_missing","scanner_message":"No Agent Skills index was discovered.","status":"fail"}

Expected result: `/.well-known/agent-skills/index.json` returns a valid index with skills, versions, descriptions, and download/documentation URLs..
Fix guidance: Create index JSON for public skills, add schema validation, and use stable URLs for skill files or documentation..
Stack templates:
- Generic web server: serve Agent Skills index from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for Agent Skills index; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for Agent Skills index; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for Agent Skills index; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for Agent Skills index; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for Agent Skills index; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for Agent Skills index; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement Agent Skills index via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add Agent Skills index via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add Agent Skills index as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate Agent Skills index in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 5 keys }

  {
    "headers": {
      "content-type": "application/json"
    },
    "final_url": "https://api.starveri.net/.well-known/agent-skills/index.json",
    "candidates": [
      {
        "url": "https://api.starveri.net/.well-known/agent-skills/index.json",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/agent-skills/index.json",
        "status_code": 404
      }
    ],
    "status_code": 404,
    "requested_url": "https://api.starveri.net/.well-known/agent-skills/index.json"
  }

• outputs{ 2 keys }

  {
    "skill_count": 0,
    "skills_found": false
  }

• remediation_key"agent_skills_missing"

  "agent_skills_missing"

• scanner_message"No Agent Skills index was discovered."

  "No Agent Skills index was discovered."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for API Catalog discovery (api_catalog).
Current check result:

{"evidence":{"candidates":[{"final_url":"https://api.starveri.net/.well-known/api-catalog","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/api-catalog"}],"final_url":"https://api.starveri.net/.well-known/api-catalog","headers":{"content-type":"application/json"},"requested_url":"https://api.starveri.net/.well-known/api-catalog","root":{"discovered_links":[],"final_url":"https://api.starveri.net/credits","headers":{"content-type":"text/html; charset=utf-8","vary":"Origin"},"malformed_entries":[],"redirects":[{"location":"/credits","status_code":302,"url":"https://api.starveri.net/"}],"requested_url":"https://api.starveri.net/","status":"fetched","status_code":200},"status_code":404},"outputs":{"api_description_document_count":0,"api_description_document_fanout_limit":5,"api_description_document_types":[],"api_link_count":0,"catalog_found":false,"link_relation_found":false,"valid_api_description_document_count":0},"remediation_key":"api_catalog_missing","scanner_message":"No API catalog was found at /.well-known/api-catalog or through Link headers.","status":"fail"}

Expected result: `/.well-known/api-catalog` or `Link rel="api-catalog"` returns a valid JSON catalog with links to public OpenAPI or JSON Schema documents..
Fix guidance: Publish API catalog JSON, add links to OpenAPI/JSON Schema documents and a `Link` header; do not include private or internal endpoints..
Stack templates:
- Generic web server: serve `/.well-known/api-catalog` from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for `/.well-known/api-catalog`; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for `/.well-known/api-catalog`; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for `/.well-known/api-catalog`; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for `/.well-known/api-catalog`; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for `/.well-known/api-catalog`; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for `/.well-known/api-catalog`; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement `/.well-known/api-catalog` via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add `/.well-known/api-catalog` via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add `/.well-known/api-catalog` as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate `/.well-known/api-catalog` in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 6 keys }

  {
    "root": {
      "status": "fetched",
      "headers": {
        "vary": "Origin",
        "content-type": "text/html; charset=utf-8"
      },
      "final_url": "https://api.starveri.net/credits",
      "redirects": [
        {
          "url": "https://api.starveri.net/",
          "location": "/credits",
          "status_code": 302
        }
      ],
      "status_code": 200,
      "requested_url": "https://api.starveri.net/",
      "discovered_links": [],
      "malformed_entries": []
    },
    "headers": {
      "content-type": "application/json"
    },
    "final_url": "https://api.starveri.net/.well-known/api-catalog",
    "candidates": [
      {
        "url": "https://api.starveri.net/.well-known/api-catalog",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/api-catalog",
        "status_code": 404
      }
    ],
    "status_code": 404,
    "requested_url": "https://api.starveri.net/.well-known/api-catalog"
  }

• outputs{ 7 keys }

  {
    "catalog_found": false,
    "api_link_count": 0,
    "link_relation_found": false,
    "api_description_document_count": 0,
    "api_description_document_types": [],
    "valid_api_description_document_count": 0,
    "api_description_document_fanout_limit": 5
  }

• remediation_key"api_catalog_missing"

  "api_catalog_missing"

• scanner_message"No API catalog was found at /.well-known/api-catalog or through Link headers."

  "No API catalog was found at /.well-known/api-catalog or through Link headers."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for MCP Server Card (mcp_server_card).
Current check result:

{"evidence":{"candidates":[{"final_url":"https://api.starveri.net/.well-known/mcp","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/mcp"},{"final_url":"https://api.starveri.net/.well-known/mcp/server-card.json","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/mcp/server-card.json"},{"final_url":"https://api.starveri.net/.well-known/mcp.json","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/mcp.json"},{"final_url":"https://api.starveri.net/.well-known/mcp-server.json","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/mcp-server.json"},{"final_url":"https://api.starveri.net/.well-known/mcp/server.json","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/mcp/server.json"}],"final_...

Expected result: `/.well-known/mcp`, an MCP Server Card path, or a `Link` relation returns valid JSON with `serverInfo`, `protocolVersion`, endpoint, transport, and tools/resources/prompts or capabilities signals..
Fix guidance: Publish MCP discovery JSON at `/.well-known/mcp` or an MCP Server Card path; when using another URL, add a root `Link` header with `rel="mcp-server-card"`. List only public endpoints and do not expose private tools..
Stack templates:
- Generic web server: serve MCP Server Card from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for MCP Server Card; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for MCP Server Card; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for MCP Server Card; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for MCP Server Card; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for MCP Server Card; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for MCP Server Card; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement MCP Server Card via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add MCP Server Card via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add MCP Server Card as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate MCP Server Card in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 6 keys }

  {
    "root": {
      "status": "fetched",
      "headers": {
        "vary": "Origin",
        "content-type": "text/html; charset=utf-8"
      },
      "final_url": "https://api.starveri.net/credits",
      "redirects": [
        {
          "url": "https://api.starveri.net/",
          "location": "/credits",
          "status_code": 302
        }
      ],
      "status_code": 200,
      "requested_url": "https://api.starveri.net/",
      "discovered_links": [],
      "malformed_entries": []
    },
    "headers": {
      "content-type": "application/json"
    },
    "final_url": "https://api.starveri.net/.well-known/mcp",
    "candidates": [
      {
        "url": "https://api.starveri.net/.well-known/mcp",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/mcp",
        "status_code": 404
      },
      {
        "url": "https://api.starveri.net/.well-known/mcp/server-card.json",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/mcp/server-card.json",
        "status_code": 404
      },
      {
        "url": "https://api.starveri.net/.well-known/mcp.json",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/mcp.json",
        "status_code": 404
      },
      {
        "url": "https://api.starveri.net/.well-known/mcp-server.json",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/mcp-server.json",
        "status_code": 404
      },
      {
        "url": "https://api.starveri.net/.well-known/mcp/server.json",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/mcp/server.json",
        "status_code": 404
      }
    ],
    "status_code": 404,
    "requested_url": "https://api.starveri.net/.well-known/mcp"
  }

• outputs{ 9 keys }

  {
    "capabilities": [],
    "endpoint_count": 0,
    "transport_types": [],
    "protocol_versions": [],
    "server_card_found": false,
    "tools_signal_found": false,
    "link_relation_found": false,
    "prompts_signal_found": false,
    "resources_signal_found": false
  }

• remediation_key"mcp_server_card_missing"

  "mcp_server_card_missing"

• scanner_message"No MCP Server Card was discovered at configured .well-known locations."

  "No MCP Server Card was discovered at configured .well-known locations."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for OAuth authorization server metadata (oauth_authorization_server).
Current check result:

{"evidence":{"candidates":[{"final_url":"https://api.starveri.net/.well-known/oauth-authorization-server","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/oauth-authorization-server"},{"final_url":"https://api.starveri.net/.well-known/openid-configuration","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/openid-configuration"}],"final_url":"https://api.starveri.net/.well-known/oauth-authorization-server","headers":{"content-type":"application/json"},"requested_url":"https://api.starveri.net/.well-known/oauth-authorization-server","root":{"discovered_links":[],"final_url":"https://api.starveri.net/credits","headers":{"content-type":"text/html; charset=utf-8","vary":"Origin"},"malformed_entries":[],"redirects":[{"location":"/credits","status_code":302,"url":"https://api.starveri.net/"}],"requested_url":"https://api.starveri.net/","status":"fetched","status_code":200},"status_code":404},"outputs":{"authorization_code_grant_supported":false,"authorization_code_response_supported":...

Expected result: A public well-known endpoint returns RFC 8414 metadata with issuer, authorization endpoint, token endpoint, `code_challenge_methods_supported` with `S256`, and `scopes_supported`..
Fix guidance: Enable the standard OAuth/OIDC discovery endpoint in the provider or proxy; verify HTTPS URLs, issuer consistency, PKCE `S256`, scopes, and cache headers..
Stack templates:
- Generic web server: serve OAuth authorization server metadata from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for OAuth authorization server metadata; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for OAuth authorization server metadata; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for OAuth authorization server metadata; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for OAuth authorization server metadata; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for OAuth authorization server metadata; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for OAuth authorization server metadata; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement OAuth authorization server metadata via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add OAuth authorization server metadata via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add OAuth authorization server metadata as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate OAuth authorization server metadata in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 6 keys }

  {
    "root": {
      "status": "fetched",
      "headers": {
        "vary": "Origin",
        "content-type": "text/html; charset=utf-8"
      },
      "final_url": "https://api.starveri.net/credits",
      "redirects": [
        {
          "url": "https://api.starveri.net/",
          "location": "/credits",
          "status_code": 302
        }
      ],
      "status_code": 200,
      "requested_url": "https://api.starveri.net/",
      "discovered_links": [],
      "malformed_entries": []
    },
    "headers": {
      "content-type": "application/json"
    },
    "final_url": "https://api.starveri.net/.well-known/oauth-authorization-server",
    "candidates": [
      {
        "url": "https://api.starveri.net/.well-known/oauth-authorization-server",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/oauth-authorization-server",
        "status_code": 404
      },
      {
        "url": "https://api.starveri.net/.well-known/openid-configuration",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/openid-configuration",
        "status_code": 404
      }
    ],
    "status_code": 404,
    "requested_url": "https://api.starveri.net/.well-known/oauth-authorization-server"
  }

• outputs{ 7 keys }

  {
    "issuer_count": 0,
    "metadata_found": false,
    "max_scope_count": 0,
    "link_relation_found": false,
    "pkce_s256_supported": false,
    "authorization_code_grant_supported": false,
    "authorization_code_response_supported": false
  }

• remediation_key"oauth_authorization_server_missing"

  "oauth_authorization_server_missing"

• scanner_message"No OAuth authorization server metadata was discovered."

  "No OAuth authorization server metadata was discovered."

• status"fail"

  "fail"

You are a senior web developer. Improve api.starveri.net for AI agents.
Task: add or repair support for OAuth protected resource metadata (oauth_protected_resource).
Current check result:

{"evidence":{"candidates":[{"final_url":"https://api.starveri.net/.well-known/oauth-protected-resource","headers":{"content-type":"application/json"},"source":"well_known","status":"http_error","status_code":404,"url":"https://api.starveri.net/.well-known/oauth-protected-resource"}],"final_url":"https://api.starveri.net/.well-known/oauth-protected-resource","headers":{"content-type":"application/json"},"related_candidates":{"authorization_servers":[]},"related_validations":{"authorization_servers":[]},"requested_url":"https://api.starveri.net/.well-known/oauth-protected-resource","status_code":404},"outputs":{"agent_ready_authorization_server_count":0,"authorization_server_count":0,"metadata_found":false,"validated_authorization_server_count":0},"remediation_key":"oauth_protected_resource_missing","scanner_message":"No OAuth protected resource metadata was discovered.","status":"fail"}

Expected result: Protected resource metadata describes the resource identifier, authorization servers, and documentation; authorization servers publish PKCE `S256` and scopes metadata..
Fix guidance: Add well-known JSON for the protected resource, list authorization server URLs, and verify linked server metadata includes PKCE `S256`/scopes without exposing internal resources..
Stack templates:
- Generic web server: serve OAuth protected resource metadata from the public web root or a route, with the correct status, `Content-Type`, and cache policy.
- Nginx: add a `location`/`add_header` for OAuth protected resource metadata; verify `try_files`, redirects, and that private upstreams are not exposed.
- Apache: configure `Alias`, `Header set`, or a rewrite rule for OAuth protected resource metadata; check `.htaccess` and virtual host precedence.
- Next.js: use `public/`, route handlers, Metadata API, or middleware for OAuth protected resource metadata; do not disable SSR/SSG for public content.
- Nuxt: use `public/`, server routes, `useHead`/Nitro middleware for OAuth protected resource metadata; verify prerender/SSR output.
- Laravel: add a route/controller, Blade metadata, or middleware headers for OAuth protected resource metadata; do not bypass auth/authorization for private routes.
- Django: add a `urls.py` route/view, template metadata, or middleware headers for OAuth protected resource metadata; verify `ALLOWED_HOSTS` and cache behavior.
- WordPress: implement OAuth protected resource metadata via theme/plugin hooks, SEO plugin settings, or a static file; do not edit core files.
- Bitrix: add OAuth protected resource metadata via the site template, component, or web server config; verify composite cache and multi-site rules.
- Static hosting: add OAuth protected resource metadata as a static asset or platform headers file (`_headers`, `vercel.json`, `netlify.toml`).
- Headless CMS: generate OAuth protected resource metadata in the delivery layer/edge app from published content; do not expose draft or admin APIs.
Constraints: do not break SEO; do not expose private endpoints; preserve SSRF/redirect safety; do not add remote JS execution to the scanner; add tests.
Return a patch/diff and a short explanation.

• evidence{ 7 keys }

  {
    "headers": {
      "content-type": "application/json"
    },
    "final_url": "https://api.starveri.net/.well-known/oauth-protected-resource",
    "candidates": [
      {
        "url": "https://api.starveri.net/.well-known/oauth-protected-resource",
        "source": "well_known",
        "status": "http_error",
        "headers": {
          "content-type": "application/json"
        },
        "final_url": "https://api.starveri.net/.well-known/oauth-protected-resource",
        "status_code": 404
      }
    ],
    "status_code": 404,
    "requested_url": "https://api.starveri.net/.well-known/oauth-protected-resource",
    "related_candidates": {
      "authorization_servers": []
    },
    "related_validations": {
      "authorization_servers": []
    }
  }

• outputs{ 4 keys }

  {
    "metadata_found": false,
    "authorization_server_count": 0,
    "validated_authorization_server_count": 0,
    "agent_ready_authorization_server_count": 0
  }

• remediation_key"oauth_protected_resource_missing"

  "oauth_protected_resource_missing"

• scanner_message"No OAuth protected resource metadata was discovered."

  "No OAuth protected resource metadata was discovered."

• status"fail"

  "fail"