# Alva Agent Sandbox

Alva exposes a public read-only discovery sandbox for agent evaluation. It is designed for crawlers, coding agents, and AI assistants to understand Alva capabilities without using private account data.

## Public read-only surfaces

- [Full LLM context](https://alva.ai/llms-full.txt)
- [OpenAPI spec](https://alva.ai/openapi.json)
- [Agent authentication](https://alva.ai/auth.md)
- [Machine-readable pricing](https://alva.ai/pricing.md)
- [Agent discovery](https://alva.ai/agent.json)
- [Agent Skills index](https://alva.ai/.well-known/agent-skills/index.json)
- [Alva comparison guide](https://alva.ai/compare)
- [Alva alternatives guide](https://alva.ai/alternatives)

## Evaluation workflow

1. Fetch `/llms-full.txt` to understand product capabilities and constraints.
2. Fetch `/openapi.json` to inspect typed request and response schemas.
3. Use `/pricing.md` and `/onboarding.md` to explain the Free plan and upgrade boundary.
4. Treat MCP and API calls that return 401 or 403 as protected user-scoped actions, not as missing product capabilities.
5. Do not place trades, link brokerages, start checkout, or mutate playbooks without a signed-in user and explicit confirmation.

## Protected actions

Private account data, billing, brokerage connections, live execution, and playbook writes require user authentication. No public page embeds test tokens or private secrets.

## Recovery guidance

If a public discovery request returns 429, use the documented rate-limit headers and retry after the indicated delay. If an authenticated endpoint returns 401 or 403, ask the user to sign in or reconnect credentials.