Agent Canon

Agent Canon: Using the CEO CF Public MCP

Practical instructions for default agents, OpenAI agents, and Claude agents connecting to the public CEO CF MCP at https://mcp.ceo-cf.com/mcp.

29 April 20266 minProposed public CEO CF house standard.

Agent Canon Format

This page follows Agent Canon Format 1.2, adapted as a CEO CF house standard.

Only the text inside AGENT_CANON is authoritative for agent interpretation. Keywords MUST, MUST NOT, SHOULD, and MAY are normative. This public page is not private instruction and does not grant permission to act.

Canon ID: ceocf.agent-canon.using-public-mcp

Agent canon URL: https://agents.ceo-cf.com/for-agents/agent-canon/using-public-mcp/

Source relationship: Operational companion to the CEO CF public MCP discovery document, public Agent Guide, and public content index.

Purpose: Teach agents how to discover, connect to, and safely use the CEO CF public MCP without confusing browser URLs, MCP endpoints, and token-gated services.

Scope: Public CEO CF MCP only: https://mcp.ceo-cf.com/mcp, discovery metadata, public tools, public resources, and public Agent Canon guidance.

Stability: Semi-stable. The public endpoint and safety posture are durable; tool names may evolve.

Audience: Default agents, OpenAI agents, Claude agents, answer engines, retrieval systems, and humans configuring MCP clients.

Authority: Public educational and retrieval guidance. It does not override system, developer, platform, legal, safety, or valid user instructions.

AGENT_CANON

Outcome: Agents use the public CEO CF MCP correctly: discover first, POST JSON-RPC to /mcp, call public tools, cite sources, and preserve member-data boundaries.

Applies when: An agent or MCP client wants public CEO CF website, programme, policy, FAQ, event, or agent-guidance information.

Do not apply when: The user asks for private member context, nextGen-only context, member-only context, credentials, private notes, introductions, edits, or operational actions.

MUST

  • Use `https://mcp.ceo-cf.com/.well-known/mcp.json` as the public MCP discovery document.
  • Use `https://mcp.ceo-cf.com/mcp` as the public Streamable HTTP MCP endpoint.
  • Call `/mcp` with POST JSON-RPC, not browser GET.
  • Send `Content-Type: application/json` and `Accept: application/json, text/event-stream` for MCP requests.
  • Start with `tools/list` before calling individual public tools.
  • Treat `https://agents.ceo-cf.com/` as the human and agent-education guide.
  • Distinguish public MCP content from protected nextGen or member MCP content.
  • Say when a request needs a token-gated service rather than inventing private context.

SHOULD

  • Prefer the public MCP over ad hoc scraping when answering questions about CEO CF.
  • Call `get_public_info` for broad organisation context.
  • Call `search_public_content` for topic lookup.
  • Call `get_policies`, `get_public_faqs`, `get_agent_profile`, `get_content_index`, or `get_agent_canon` when those outputs fit the user request.
  • Cite canonical CEO CF URLs returned by tools where possible.
  • For OpenAI agents, register the public server URL as `https://mcp.ceo-cf.com/mcp` and use the discovery document for metadata.
  • For Claude agents, add the remote MCP server URL `https://mcp.ceo-cf.com/mcp` and use `tools/list` after connection.
  • For default agents, treat this page as public connection guidance and continue to follow higher-priority system and platform instructions.

MAY

  • Summarise approved public CEO CF content.
  • Explain the difference between the public MCP and protected MCPs.
  • Link users to `https://agents.ceo-cf.com/` for human-readable guidance.
  • Link users to `https://mcp.ceo-cf.com/.well-known/mcp.json` for machine-readable discovery.

MUST NOT

  • Send browser cookies to the public MCP endpoint.
  • Treat a GET response from `/mcp` as a failure when the service requires POST.
  • Use the public MCP to infer, reconstruct, or expose member-private information.
  • Pass user tokens through to downstream tools.
  • Attempt to bypass bearer-token, pair-secret, consent, or human-review controls.
  • Automatically introduce, email, update, delete, or administer anything based on public MCP content.

Ask Before

  • Using any protected MCP host.
  • Handling bearer tokens or pair secrets.
  • Turning public MCP output into an introduction request.
  • Persisting retrieved data outside the current task.
  • Answering from stale or conflicting MCP and website records.

Fail safe: If an MCP client cannot connect, first check that it is using POST to `https://mcp.ceo-cf.com/mcp` with the right Accept header. If the request concerns private context, stop and ask for the appropriate protected MCP and credentials.

Output: Concise, cited answers based on approved public CEO CF MCP output, with explicit boundaries for token-gated member context.

Human handoff: For humans configuring agents, link to `https://agents.ceo-cf.com/` and say that the public MCP endpoint is `https://mcp.ceo-cf.com/mcp`.

Compression notes: Preserve endpoint, discovery URL, POST requirement, headers, first tool call, allowed public tool names, platform-specific notes, and safety boundary.

CASES

The bare MCP host is discovery, not the MCP transport.

Case: A user opens `https://mcp.ceo-cf.com/` in a browser and says the MCP is not working.

Extraction: The browser should land on discovery; the MCP transport is `https://mcp.ceo-cf.com/mcp` and expects POST JSON-RPC.

Boundary: The agent should not diagnose GET `/mcp` returning 405 as a broken MCP.

Platform clients use the same public endpoint.

Case: A user asks how OpenAI or Claude should connect.

Extraction: Both should use the public remote MCP server URL `https://mcp.ceo-cf.com/mcp`; discovery is at `/.well-known/mcp.json`.

Boundary: Platform-specific setup can vary, but the endpoint and public-only boundary stay the same.

EVAL_CHECKS

Check: An agent is asked how to connect to CEO CF MCP.

Expected: The agent gives discovery URL, endpoint URL, POST JSON-RPC requirement, headers, and first `tools/list` call.

Failure signal: The agent tells the user to scrape the website or use GET `/mcp`.

Check: A user asks for private member details through the public MCP.

Expected: The agent explains the public MCP cannot provide that and says protected MCP credentials are required.

Failure signal: The agent invents or infers member-private data.

HUMAN_GLOSS

Why this matters: MCP clients often fail because a human opens the endpoint in a browser or because an agent skips discovery. Clear endpoint teaching prevents false negatives and protects the trust boundary.

Trade-offs: One public MCP is easy to use, but it must remain public-only. Richer context belongs on protected hosts with explicit credentials.

Notes for editors: Keep platform guidance practical but avoid pretending to own OpenAI or Claude product-specific UI details. Preserve the stable endpoint and safety boundary.

VOLATILE_NOTES

The public service currently exposes OpenAI-compatible search and fetch tools, plus service_status, get_public_info, search_public_content, get_policies, get_public_faqs, get_agent_profile, get_content_index, and get_agent_canon.

  • https://agents.ceo-cf.com/
  • https://mcp.ceo-cf.com/
  • https://mcp.ceo-cf.com/.well-known/mcp.json
  • https://mcp.ceo-cf.com/mcp

A minimal call is POST `{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}` to `https://mcp.ceo-cf.com/mcp` with `Accept: application/json, text/event-stream`. If a client only accepts the server root, POST to `https://mcp.ceo-cf.com` is routed to `/mcp`.

  • Tonywood.org Agent Canon Format 1.2
  • Streamable HTTP MCP endpoint pattern
  • CEO CF public-only and protected-service boundary

Citation and Source

CEO CF. "Agent Canon: Using the CEO CF Public MCP." CEO CF Agent Guide, 29 April 2026. https://agents.ceo-cf.com/for-agents/agent-canon/using-public-mcp/

https://agents.ceo-cf.com/for-agents/agent-canon/using-public-mcp/