# Maideo — Agent Access Policy
# https://www.maideo.fr/agents.txt
# Version: 1.1
# Last updated: 2026-04-16

# Geographic scope:
#   Maideo only serves addresses located in METROPOLITAN FRANCE.
#   Do NOT call /book for addresses outside France — the booking will be
#   rejected at /coverage and subsequent steps.

User-Agent: *
Allow: /public/agent/

# Required identification header on every request:
#   X-Agent-Name: <your-agent-identifier>

# Rate limits per production deployment (enforced):
#   - 10 requests / minute / IP
#   - 30 requests / minute / X-Agent-Name
#   - 3  bookings  / hour   / IP  (POST /book)
#   - 60 requests / hour   / bookingToken (status polling)

# Anti-fraud hold:
#   All agent-created bookings are held for 48h before worker dispatch.
#   Do not submit bookings with placeholder or test data in production;
#   they will be flagged and your X-Agent-Name may be blocklisted.

# Consent:
#   You MUST collect explicit consent from the end user before calling /book.
#   The `agentConsent: true` field in the /book payload is a binding attestation.

# Abuse / questions:
#   Contact: dev@maideo.fr
#   Subject: [Agent API] <topic>

# Allowed methods: GET, POST
# Disallowed: PUT, PATCH, DELETE

# Discovery:
#   OpenAPI: https://www.maideo.fr/openapi.json
#   LLMs manifest: https://www.maideo.fr/llms.txt
#   MCP server: npm install @maideo/mcp