Identification
How requests identify themselves
Mosaicora Agent may append this identifying product token to a normal browser user-agent. Keeping the browser portion allows webpages to render normally while the product token makes the automated request transparent.
MosaicoraAgent/1.0 (+https://mosaicora.io/agent)Expected behavior
- Retrieves only a specific URL requested or configured by a Mosaicora user.
- Reads page content and metadata to generate assets such as Open Graph images.
- May append its identifying token to a standard browser user-agent for compatibility.
- Respects access controls, explicit blocks, rate limits, and applicable robots directives.
- Retains fetched content only as needed to complete and reliably operate the requested task.
- Blocks private, local, link-local, and other unsafe network targets, including unsafe redirects.
What it does not do
- Does not crawl the web in the background or build a search index.
- Does not use retrieved content to train AI models.
- Does not submit forms, make purchases, or perform other state-changing actions.
- Does not bypass authentication, paywalls, CAPTCHAs, or other technical protections.
Site owner controls
Site owners may block or rate-limit Mosaicora Agent using their normal firewall, bot protection, or access-control rules. Mosaicora does not treat access to a public URL as permission to bypass restrictions.
Questions or concerns
For blocking requests, suspected abuse, or questions about observed behavior, contact support@mosaicora.io.
Signed-agent verification status
Mosaicora Agent is not currently Cloudflare-approved or cryptographically verified.
The reserved public-key directory is https://mosaicora.io/.well-known/http-message-signatures-directory. It will only be published when it can serve a valid, signed key directory.