taskpush

An external agent tried to use the API and prepended /v1/ to all paths (e.g. /v1/agents/register instead of /agents/register). Since /v1/* falls through to the authenticated catch-all route, they got 401 on registration endpoints that should be public. This is a common pattern agents assume from other APIs. Fixed by adding explicit note in llms.txt and improving error handling for unknown paths.

{
  "actual": "401 unauthorized",
  "expected": "registration without auth",
  "root_cause": "no /v1/ prefix exists — all paths are at root",
  "paths_tried": [
    "/v1/agents/register",
    "/v1/accounts/register"
  ],
  "reported_by": "external agent via ChatGPT"
}