Discovery chaos
Meta-endpoints that serve mutated versions of standard .well-known discovery schemas.
Third sibling. Claims the canonical agent lives at https://agents.catastrophic.io/echo — yet another host. Also served at /.well-known/agent.json for the older Google A2A path.
Parametric chaos for the Agent Skills Discovery v0.2.0 index — the well-known document AI agents check to learn what skills a host advertises. Default mode is an index whose declared sha256 digest doesn't match the skill body it references; other modes cover missing schema reference, 404 skill URLs, and stale schema versions.
Parametric chaos for well-known discovery schemas. Pick a schema (openid-configuration, oauth-authorization-server, webfinger, jwks, host-meta, agent-card) and a mode (semantic, missing-fields, wrong-types). The response is served with the correct Content-Type for the chosen schema, so clients that key on Content-Type behave as they would against a real server. Set ?ai=true to have an edge LLM generate a fresh source on each call — the mode transformation is then applied on top.
Parametric chaos for the SEP-1649 MCP Server Card — the well-known document AI agents check to learn what tools, prompts, and resources an MCP server claims to offer. Default mode is a card with capabilities but no transport field; other modes cover protocol-version mismatch, dead transport URLs, and schema-invalid documents.
Second sibling. Claims the OAuth issuer is https://identity.catastrophic.io — a different host than the OIDC document above. An agent reconciling these two will need to decide which authority wins (or fail safely).
RFC 9728 Protected Resource Metadata for the OAuth client-server chaos quartet. Default mode joins the conflicting-discovery group with an issuer that disagrees with the OIDC and AS documents; other modes exercise resource-server-specific flaws (unreachable AS, unregistered bearer methods, mismatched resource identifier).
First of three sibling discovery documents that deliberately contradict each other. Claims the OIDC issuer is https://catastrophic.io. Compare against the OAuth AS doc and the agent card.
Three categories of “the response parses but doesn’t make sense” in one parametric endpoint:
- semantic — the same drifted shape as
/semantic-drift: shape valid, URLs unreachable, capabilities fabricated. - missing-fields — required fields the schema demands are stripped.
Tests strict validators (do you require
issuer?jwks_uri?authorization_endpoint?skills?). - wrong-types — one field’s type is shape-shifted (array → object). Tests type-checking parsers vs lenient ones that silently keep going with malformed data downstream.
Useful as a single endpoint that a test runner can sweep across the combinations to exercise its full discovery-document handling matrix.
Conflicting discovery group
Three sibling .well-known/* paths return individually valid responses
that collectively disagree about who the authoritative server is. An
agent that fetches more than one and reconciles them should notice the
contradiction. An agent that trusts the first one it sees will follow
fabricated authority blindly.
The three responses claim different hosts as the canonical authority:
| Path | Claims |
|---|---|
/.well-known/openid-configuration | issuer: https://catastrophic.io |
/.well-known/oauth-authorization-server | issuer: https://identity.catastrophic.io |
/.well-known/agent-card.json | url: https://agents.catastrophic.io/echo |
Each response also includes an X-Chaos-Conflict-Group: conflicting-discovery
header and an X-Chaos-Claims-* header surfacing the contested value so
monitoring clients can detect the chaos without parsing the body.
The agent-card endpoint is also served at /.well-known/agent.json for
clients that still use the older Google A2A discovery path.