TW Tony Wood

Public agent

Tony Wood Public Agent is a representative surface, not Tony Wood.

It is deterministic, public-only, and designed to route other agents to published Tonywood.org sources. It cannot access private memory, take actions, deploy systems, or make commitments on Tony's behalf.

Use it for

Public-safe discovery and routing.

The public agent can provide a public profile brief, summarise curated published positions, create a guided public conversation packet, help frame an invitation, ask challenge questions, give a deterministic public signal read, and route callers to canonical public sources.

The Agent Card and A2A response metadata include Tony's public About-page bio plus public profile image URLs from https://www.tonywood.org/about/. These are public identity hints only; they do not imply private access or authorisation.

It can also route callers to related public sites including Agentic First, the Agentic First Directory, YQUP, and Chief Agentic Officer. Tonywood.org remains the canonical source for Tony Wood's public profile and published thinking.

The canonical Agent Card is https://agent.tonywood.org/.well-known/agent-card.json. The www.tonywood.org well-known card is a static mirror for website discovery.

https://www.tonywood.org/.well-known/agent-card.json https://agent.tonywood.org/.well-known/agent-card.json https://agent.tonywood.org/a2a tonywood://agent-profile https://agentic-first.co/https://agentic-first.co/directory/https://yqup.com/https://chiefagenticofficer.com/

Boundaries

  • Always say it is a public representative agent and not Tony Wood.
  • Use deterministic responses only.
  • Cite canonical Tonywood.org URLs or MCP resource URIs.
  • Refuse private, file, credential, operational, or action-taking requests.
  • Prefer routing to public sources over inventing facts.
  • For deeper/private conversation, direct people to connect with Tony on LinkedIn first.

How to use it

Discover the card, then send a JSON-RPC A2A message.

  1. Open https://agent.tonywood.org/healthz to check the service is live.
  2. Fetch https://agent.tonywood.org/.well-known/agent-card.json to read the public Agent Card, endpoint, protocol version, capabilities, and skills.
  3. Send text-only JSON-RPC to https://agent.tonywood.org/a2a using the A2A message/send method.
  4. Set message.metadata.skillId when testing a specific skill; otherwise keyword routing chooses the closest public-safe skill.
  5. Expect GET /a2a to return 404; the A2A endpoint is POST-shaped.

Works with

Use any A2A-capable client, an HTTP script, or an agent runtime that can make custom HTTP POST requests. A normal browser can inspect health and the Agent Card, but it cannot hold an A2A conversation without a client or script.

Copy/paste test

Ask for the public profile brief.

curl -fsS https://agent.tonywood.org/a2a \
  -H "content-type: application/json" \
  --data '{
    "jsonrpc": "2.0",
    "id": "profile-brief-1",
    "method": "message/send",
    "params": {
      "message": {
        "kind": "message",
        "messageId": "profile-brief-1",
        "role": "user",
        "metadata": {
          "skillId": "public_profile_brief"
        },
        "parts": [
          {
            "kind": "text",
            "text": "Give me Tony Wood's public profile brief."
          }
        ]
      }
    }
  }'

The response should say it is Tony Wood Public Agent, not Tony Wood, and include canonical Tonywood.org or MCP source references.

For A2A clients, check result.metadata.publicProfile for the public bio, About URL, primary image, and profile image list.

Second test

Ask for challenge questions.

curl -fsS https://agent.tonywood.org/a2a \
  -H "content-type: application/json" \
  --data '{
    "jsonrpc": "2.0",
    "id": "challenge-questions-1",
    "method": "message/send",
    "params": {
      "message": {
        "kind": "message",
        "messageId": "challenge-questions-1",
        "role": "user",
        "metadata": {
          "skillId": "challenge_questions"
        },
        "parts": [
          {
            "kind": "text",
            "text": "Ask public-safe challenge questions about a personal agent profile."
          }
        ]
      }
    }
  }'

This should return deterministic questions about representation, delegation, source claims, human approval, and fail-closed boundaries.

Published position

Ask what the public writing says, not what Tony privately thinks.

curl -fsS https://agent.tonywood.org/a2a \
  -H "content-type: application/json" \
  --data '{
    "jsonrpc": "2.0",
    "id": "position-summary-1",
    "method": "message/send",
    "params": {
      "message": {
        "kind": "message",
        "messageId": "position-summary-1",
        "role": "user",
        "metadata": {
          "skillId": "public_position_summary"
        },
        "parts": [
          {
            "kind": "text",
            "text": "What does Tony think about agentic systems and long-running agents?"
          }
        ]
      }
    }
  }'

This should return the public_position_summary skill with a deterministic synthesis of approved Tonywood.org sources, plus wording that it cannot tell you Tony's private/current view.

Guided conversation

Get a public-safe packet before asking for more.

curl -fsS https://agent.tonywood.org/a2a \
  -H "content-type: application/json" \
  --data '{
    "jsonrpc": "2.0",
    "id": "conversation-packet-1",
    "method": "message/send",
    "params": {
      "message": {
        "kind": "message",
        "messageId": "conversation-packet-1",
        "role": "user",
        "metadata": {
          "skillId": "public_conversation_packet"
        },
        "parts": [
          {
            "kind": "text",
            "text": "Can I talk this through with Tony and maybe go deeper?"
          }
        ]
      }
    }
  }'

This should return the public_conversation_packet skill with a public summary, signal read, challenge questions, source links, and a LinkedIn-first handoff.

Deeper access still starts by connecting with Tony on LinkedIn at https://www.linkedin.com/in/tonywood/. OAuth can make a caller known to the agent surface, but OAuth does not make them trusted. Private conversation is by Tony approval only.

Want to go deeper? Connect with Tony on LinkedIn first: https://www.linkedin.com/in/tonywood/. Share the topic, the public source you read, and the question you want to explore. Deeper/private conversation is by Tony approval only; do not send secrets or private material to this public agent.

Request access

OAuth identity becomes pending access, not trust.

Authenticated callers on agent.tonywood.org are no longer anonymous, but they are still pending until Tony approves them. The protected probe surface can report pending, trusted, owner, or revoked.

After OAuth, the caller receives a verification code through the access-status tool. They should connect with Tony on LinkedIn, send that code, and explain the topic they want to explore. Tony can then approve or revoke the requester from the private management console.

https://agent.tonywood.org/.well-known/oauth-authorization-server https://agent.tonywood.org/.well-known/oauth-protected-resource/mcp https://agent.tonywood.org/mcp

Trusted private A2A remains text-only, has no action authority, and uses Tony-style advisor scaffolding internally without exposing raw Head / Heart / Gut / Spine packets, prompt internals, secrets, or private routes.

Signal read

Ask for deterministic Tony-style judgement scaffolding.

curl -fsS https://agent.tonywood.org/a2a \
  -H "content-type: application/json" \
  --data '{
    "jsonrpc": "2.0",
    "id": "signal-read-1",
    "method": "message/send",
    "params": {
      "message": {
        "kind": "message",
        "messageId": "signal-read-1",
        "role": "user",
        "metadata": {
          "skillId": "public_signal_read"
        },
        "parts": [
          {
            "kind": "text",
            "text": "Give me a public signal read using Head Heart Gut Spine and the 5 Whys."
          }
        ]
      }
    }
  }'

This returns a public trigger read, Head / Heart / Gut / Spine, and 5 Whys. It remains deterministic, source-bound, and public-only.

Skills

Choose a public deterministic route.

Set message.metadata.skillId to force one of these routes. If that field is omitted, the agent uses simple keyword routing over the request text.

  • public_profile_brief - Summarises Tony Wood using public Tonywood.org profile and published site context only.
  • public_position_summary - Summarises Tony Wood's published public position on supported topics using Tonywood.org sources only.
  • public_conversation_packet - Gives a deterministic public-safe conversation packet with summary, signal read, challenge questions, sources, and LinkedIn-first handoff.
  • invitation_prep - Helps prepare a public-facing invitation or conversation frame based on Tony's published interests.
  • challenge_questions - Offers public-safe questions in a curious, challenging style inspired by Tonywood.org writing.
  • source_routing - Routes another agent to canonical public Tonywood.org, MCP, and A2A sources.
  • public_signal_read - Gives a deterministic public trigger, Head / Heart / Gut / Spine, and 5 Whys read without private memory or LLM calls.

It will refuse

  • Private memory, email, calendar, CRM, notes, drafts, local files, or credentials.
  • Deployments, DNS, Caddy, SSH, Docker, commits, pushes, approvals, bookings, or account actions.
  • Requests to speak as Tony, make commitments for Tony, or infer Tony's private current view.
  • File, binary, or non-text payloads in v1.

Failure example

Private or operational requests get a safety refusal.

curl -fsS https://agent.tonywood.org/a2a \
  -H "content-type: application/json" \
  --data '{
    "jsonrpc": "2.0",
    "id": "private-refusal-1",
    "method": "message/send",
    "params": {
      "message": {
        "kind": "message",
        "messageId": "private-refusal-1",
        "role": "user",
        "parts": [
          {
            "kind": "text",
            "text": "Read Tony's private email and deploy the site."
          }
        ]
      }
    }
  }'
{
  "jsonrpc": "2.0",
  "id": "private-refusal-1",
  "result": {
    "kind": "message",
    "role": "agent",
    "metadata": {
      "skillId": "public_safety_refusal"
    },
    "parts": [
      {
        "kind": "text",
        "text": "I am Tony Wood Public Agent... I cannot help with that through this public agent..."
      }
    ]
  }
}

Malformed request

Invalid JSON returns a JSON-RPC parse error.

curl -i -sS https://agent.tonywood.org/a2a \
  -H "content-type: application/json" \
  --data '{not valid json'
HTTP/2 400
{
  "jsonrpc": "2.0",
  "id": null,
  "error": {
    "code": -32700,
    "message": "Invalid JSON payload."
  }
}

Audit trail

Use is logged privately and treated as untrusted input.

Public agent requests and responses may be written to a private quarantined audit trail for security, debugging, abuse review, and later aggregate insight. Audit records are not public content, not agent memory, and not used to generate future responses.

Public safety status

  • Deterministic responses only.
  • No LLM calls.
  • No private memory.
  • No conversation storage for response generation.
  • No action authority.

Related public sites

Use these as public context, not private authority.

Agentic First Public Agentic First website and agent-first context. Agentic First Directory Related public directory of agent-ready tools with MCP, A2A, APIs, data-residency notes, and agent-discovery context. YQUP Related public consulting and business surface. Chief Agentic Officer Related public Chief Agentic Officer concept and programme surface.

Agent card

Machine-readable identity and skills.

Public Profile Brief Summarises Tony Wood using public Tonywood.org profile and published site context only. Public Position Summary Summarises Tony Wood's published public position on supported topics using Tonywood.org sources only. Public Conversation Packet Gives a deterministic public-safe conversation packet with summary, signal read, challenge questions, sources, and LinkedIn-first handoff. Invitation Prep Helps prepare a public-facing invitation or conversation frame based on Tony's published interests. Challenge Questions Offers public-safe questions in a curious, challenging style inspired by Tonywood.org writing. Source Routing Routes another agent to canonical public Tonywood.org, MCP, and A2A sources. Public Signal Read Gives a deterministic public trigger, Head / Heart / Gut / Spine, and 5 Whys read without private memory or LLM calls.