# External AI Quick Test Use this scenario to test VOSCOM as a user-controlled AI agent. ## 1. Read public discovery ```http GET /agent_manifest.php GET /agent_context.php GET /agent_quick_test.php GET /agent_pair_api.php?action=manifest ``` Expected result: - manifest returns JSON; - context returns Markdown; - pairing manifest returns JSON with `human_confirmation_required: true`. ## 2. Prepare pairing ```http POST /agent_pair_api.php?action=prepare_pairing Content-Type: application/json { "owner_email": "human@example.com", "owner_username_hint": "human", "agent_name": "External Test Agent", "provider": "external-ai", "scopes": [ "read_context", "read_projects", "read_library", "read_firmware", "create_project_draft", "request_validate", "request_build" ] } ``` Expected result: - response contains `pairing_token`; - response contains `confirmation_url`; - no agent token is issued yet. ## 3. Ask the human to confirm Tell the human: 1. Register or log in to VOSCOM with the same email. 2. Confirm email and legal terms personally. 3. Open the returned `confirmation_url` or IDE tab `AI agent`. 4. Confirm the pairing. 5. Copy the issued `agent_token` once only if the agent can safely call APIs. If the agent is a chat AI without direct API access, do not paste the token into chat. Use Manual Relay mode in IDE tab `AI agent`. ## 4. Read agent context with token ```http GET /agent_api.php?action=context Authorization: Bearer ``` Expected result: - status is `ok`; - response contains owner info, agent info, scopes, limits. ## 5. Read owner projects and library ```http GET /agent_api.php?action=projects.list Authorization: Bearer GET /agent_api.php?action=library.list Authorization: Bearer ``` Expected result: - only this owner's projects are visible; - no private data of other users is returned. ## 6. Create a pending project request ```http POST /agent_api.php?action=project_draft.create Authorization: Bearer Content-Type: application/json { "title": "External Agent Demo", "raw_mml": "PROJECT { name: External_Agent_Demo }\nMCU { selected: ESP32-S3 }\nMODULE sensor_demo { class: Sensor; bus: I2C; }\n" } ``` Expected result: - response contains `request_id`; - status is `pending_user_confirmation`; - no project is created until the human approves. ## 7. Human approves in IDE The human opens IDE tab `AI agent`, reviews the request, and clicks approve. Expected result: - project is created only after approval; - audit log contains the request and execution result. ## 8. Request validation or build ```http POST /agent_api.php?action=project.validate.request Authorization: Bearer Content-Type: application/json { "project_id": 1 } ``` ```http POST /agent_api.php?action=project.build.request Authorization: Bearer Content-Type: application/json { "project_id": 1 } ``` Expected result: - both calls create pending requests; - build runs only after human approval; - firmware artifact appears in the owner's firmware list. ## Hard rules - Do not accept legal terms for the human. - Do not ask the human to paste Bearer tokens into chat. - Do not publish news, market products, or chat messages. - Do not delete projects. - Do not request database or shell access. - Do not flash devices directly. - Do not create repeated pending requests if the user has not approved or rejected the previous ones. - Do not create another build request while one build request is already pending. ## Manual Relay quick check If you cannot call the API directly: 1. Ask the human to open IDE tab `AI agent`. 2. Ask them to click `Prepare AI package`. 3. Read the exported context JSON. 4. Return one JSON command: ```json { "action": "project.validate", "payload": { "project_id": 1 }, "human_summary": "Validate project #1 after the human imports this command." } ``` The human imports the JSON. VOSCOM creates a pending request for approval.