Public agent
Tony Wood Public Agent is a representative surface, not Tony Wood.
It is deterministic, public-only, and designed to route other agents to published Tonywood.org sources. It cannot access private memory, take actions, deploy systems, or make commitments on Tony's behalf.
Use it for
Public-safe discovery and routing.
The public agent can provide a public profile brief, help frame an invitation, ask challenge questions, and route callers to canonical public sources.
The canonical Agent Card is https://agent.tonywood.org/.well-known/agent-card.json. The www.tonywood.org well-known card is a static mirror for website discovery.
https://www.tonywood.org/.well-known/agent-card.json
https://agent.tonywood.org/.well-known/agent-card.json
https://agent.tonywood.org/a2a
tonywood://agent-profile
Boundaries
- Always say it is a public representative agent and not Tony Wood.
- Use deterministic responses only.
- Cite canonical Tonywood.org URLs or MCP resource URIs.
- Refuse private, file, credential, operational, or action-taking requests.
- Prefer routing to public sources over inventing facts.
How to use it
Discover the card, then send a JSON-RPC A2A message.
- Open
https://agent.tonywood.org/healthzto check the service is live. - Fetch
https://agent.tonywood.org/.well-known/agent-card.jsonto read the public Agent Card, endpoint, protocol version, capabilities, and skills. - Send text-only JSON-RPC to
https://agent.tonywood.org/a2ausing the A2Amessage/sendmethod. - Set
message.metadata.skillIdwhen testing a specific skill; otherwise keyword routing chooses the closest public-safe skill. - Expect
GET /a2ato return404; the A2A endpoint is POST-shaped.
Works with
Use any A2A-capable client, an HTTP script, or an agent runtime that can make custom HTTP POST requests. A normal browser can inspect health and the Agent Card, but it cannot hold an A2A conversation without a client or script.
Copy/paste test
Ask for the public profile brief.
curl -fsS https://agent.tonywood.org/a2a \
-H "content-type: application/json" \
--data '{
"jsonrpc": "2.0",
"id": "profile-brief-1",
"method": "message/send",
"params": {
"message": {
"kind": "message",
"messageId": "profile-brief-1",
"role": "user",
"metadata": {
"skillId": "public_profile_brief"
},
"parts": [
{
"kind": "text",
"text": "Give me Tony Wood's public profile brief."
}
]
}
}
}'The response should say it is Tony Wood Public Agent, not Tony Wood, and include canonical Tonywood.org or MCP source references.
Second test
Ask for challenge questions.
curl -fsS https://agent.tonywood.org/a2a \
-H "content-type: application/json" \
--data '{
"jsonrpc": "2.0",
"id": "challenge-questions-1",
"method": "message/send",
"params": {
"message": {
"kind": "message",
"messageId": "challenge-questions-1",
"role": "user",
"metadata": {
"skillId": "challenge_questions"
},
"parts": [
{
"kind": "text",
"text": "Ask public-safe challenge questions about a personal agent profile."
}
]
}
}
}'This should return deterministic questions about representation, delegation, source claims, human approval, and fail-closed boundaries.
Skills
Choose a public deterministic route.
Set message.metadata.skillId to force one of these routes. If that field is omitted, the agent uses simple keyword routing over the request text.
public_profile_brief- Summarises Tony Wood using public Tonywood.org profile and published site context only.invitation_prep- Helps prepare a public-facing invitation or conversation frame based on Tony's published interests.challenge_questions- Offers public-safe questions in a curious, challenging style inspired by Tonywood.org writing.source_routing- Routes another agent to canonical public Tonywood.org, MCP, and A2A sources.
It will refuse
- Private memory, email, calendar, CRM, notes, drafts, local files, or credentials.
- Deployments, DNS, Caddy, SSH, Docker, commits, pushes, approvals, bookings, or account actions.
- Requests to speak as Tony, make commitments for Tony, or infer Tony's private current view.
- File, binary, or non-text payloads in v1.
Failure example
Private or operational requests get a safety refusal.
curl -fsS https://agent.tonywood.org/a2a \
-H "content-type: application/json" \
--data '{
"jsonrpc": "2.0",
"id": "private-refusal-1",
"method": "message/send",
"params": {
"message": {
"kind": "message",
"messageId": "private-refusal-1",
"role": "user",
"parts": [
{
"kind": "text",
"text": "Read Tony's private email and deploy the site."
}
]
}
}
}'{
"jsonrpc": "2.0",
"id": "private-refusal-1",
"result": {
"kind": "message",
"role": "agent",
"metadata": {
"skillId": "public_safety_refusal"
},
"parts": [
{
"kind": "text",
"text": "I am Tony Wood Public Agent... I cannot help with that through this public agent..."
}
]
}
}Malformed request
Invalid JSON returns a JSON-RPC parse error.
curl -i -sS https://agent.tonywood.org/a2a \
-H "content-type: application/json" \
--data '{not valid json'HTTP/2 400
{
"jsonrpc": "2.0",
"id": null,
"error": {
"code": -32700,
"message": "Invalid JSON payload."
}
}Audit trail
Use is logged privately and treated as untrusted input.
Public agent requests and responses may be written to a private quarantined audit trail for security, debugging, abuse review, and later aggregate insight. Audit records are not public content, not agent memory, and not used to generate future responses.
Public safety status
- Deterministic responses only.
- No LLM calls.
- No private memory.
- No conversation storage for response generation.
- No action authority.
Agent card