fanful_agent_surface_list
ShippedNo-network catalog of current Fanful agent surfaces, safe-use policy, and linked issue family.
Fanful developers and agents
Build against Fanful without scraping the creator dashboard.
Fanful exposes agent-safe contracts through MCP, HTTP manifests, markdown mirrors, public discovery files, and docs.fanful.net. This hub names what is shipped, what is planned, and where authorization stops.
Shipped
Agent setup
One central place for agents to start
Fanful now has a Cloudflare-style setup page plus a copy-paste prompt that points agents to MCP, API docs, CLI, skills, recipes, and safety rules.
Shipped
API reference
Recipes, webhooks, and SDK plan
The public API reference documents current executable manifests/MCP/action contracts plus integration recipes and the release checklist for official Python/TypeScript SDKs.
Shipped
Skills
Copyable prompts for common agent jobs
The skills page gives provider-neutral prompts for setup, MCP operation, webhooks, creator commerce, listener community chat, and SDK release planning.
Shipped
Developer docs
docs.fanful.net is the deep reference
Task-first developer docs now cover Fanful MCP, manifests, CLI, ChatGPT readiness, and confirmed-write boundaries.
Shipped
SDK starter
Typed examples plus no-SDK fallback
Provider-neutral examples show external agents how to discover manifests, handle auth boundaries, and validate confirmation envelopes.
Contract-only
Hosted runtime
External-first before worker hosting
Fanful does not run arbitrary agent code. Future hosted workers need redacted run records, limits, approvals, cancellation, retries, and audit links before implementation.
Shipped
MCP transport
Public HTTP plus local stdio
The same Fanful server factory runs locally with stdio and publicly through stateless Streamable HTTP at /mcp.
Shipped
API manifests
Server-side contracts before UI automation
Agent clients can read Fanful community, room, live, commerce, artist analytics, listener, idea-board, ChatGPT, action-contract, workflow-trigger, session, and sync-job manifests.
Planned
ChatGPT app
Readiness manifest, not a submitted app
Fanful maps MCP tools to Apps SDK requirements, including the auth-needed listener display-name write, but OAuth, write-confirmation widgets, metadata, and submission assets are still blockers.
Contract-only
Write boundary
Reads, previews, then confirmed writes
Live schedule/status, lesson price, lesson Stripe Price, membership Stripe Price, membership tier lifecycle, and shop product create/visibility/details/Stripe Price writes are confirmed and audited; unsupported billing, destructive, public-write, moderation, and creator-speech actions still require confirmation and audit before executable tools ship.
Manifest-only
Workflow triggers
Signed event contracts before delivery
The trigger manifest defines webhook envelopes, sample payloads, retry keys, signatures, and redaction rules so external agents can eventually react without polling.
Manifest-only
Agent sessions
Run history before hosted execution
The session manifest defines multi-step external agent runs, redacted event replay, pending approvals, completed tool calls, and cancellation semantics.
Sync worker ready
Sync jobs
Manual worker before hosted imports
The sync-job surface now runs the first authenticated Stripe catalog app-reference drift worker and stores redacted checkpoints; arbitrary hosted provider workers remain out of scope.
Status glossary
- Manifest-only
- A model-readable HTTP/MCP manifest exists so agents can discover the shape, fields, redactions, and future workflow. It is not an executable feature yet.
- Contract-only
- A safety contract exists for the action, including auth, confirmation, audit, idempotency, and redaction rules. Fanful still blocks execution until a narrow confirmed write wrapper ships.
- API-only
- The server endpoint exists outside the current MCP catalog. Agents can use it only with the documented HTTP contract and required scoped credentials.
Current surfaces
MCP catalog plus API-only contracts.
| Surface | Status | HTTP | MCP resource | Boundary |
|---|---|---|---|---|
| Community chat | Shipped | /api/agent/community-chat | fanful://agent/community-chat/manifest | Public channel/message reads ship; posting, moderation, and creator automation stay confirmation-gated. |
| Embedded rooms | Shipped | /api/agent/embedded-rooms | fanful://agent/embedded-rooms/manifest | Guest/listener callers see the contract; private room summaries and roster controls require approved admin or automation credentials. |
| Live controls | Shipped | /api/agent/live-controls | fanful://agent/live-controls/manifest | Public live state and admin readiness descriptors ship; scheduling, status, moderation, and stage controls stay permissioned. |
| Creator commerce | Entitlement metadata ready | /api/agent/creator-commerce | fanful://agent/creator-commerce/manifest | Public offer/shop reads, non-mutating service price/policy previews, confirmed lesson price, Stripe, policy settings, tier lifecycle including inactive tier creation, and community channel tier-access metadata writes ship; product, credit ledger, cancellation/refund execution, and broader entitlement writes stay blocked. |
| Artist analytics | Read-only | /api/agent/artist-analytics | fanful://agent/artist-analytics/manifest | Guest calls return 401, listener-only calls return 403, and authorized creator/admin callers get aggregate source funnels, top content outcomes, listener cohorts, and recent signals with raw listener rows redacted. |
| Media upload sessions | Preview-ready | /api/agent/media-upload-sessions | fanful://agent/media-upload-sessions/manifest | Agents confirm metadata, provenance, idempotency, and audit intent; binary media/artwork bytes stay outside model-visible input and complete through agentUploadSessionId. |
| Listener experience | Shipped | /api/agent/listener-experience | fanful://agent/listener-experience/manifest | Public fan state, signed-in account summaries, and confirmed display-name writes redact raw ids, media URLs, invite tokens, device ids, and payment identifiers. |
| Member idea board | Member idea writes ready | /api/agent/idea-board | fanful://agent/idea-board/manifest | Visible ideas, vote counts, board settings, and signed-in viewer state ship; scoped listener agents can submit and vote with exact confirmation, idempotency, and audit correlation. Creator review/settings writes remain contract-only. |
| ChatGPT app readiness | Shipped | /api/agent/chatgpt-app | fanful://agent/chatgpt-app/manifest | The manifest is executable and honest: Fanful is not submitted as a ChatGPT app yet. |
| Action contracts | Shipped | /api/agent/action-contracts | fanful://agent/action-contracts/manifest | Shared auth, confirmation, audit, idempotency, rate-limit, and redaction rules ship as a contract manifest, not write authorization. |
| Workflow triggers | Member idea fan-out ready | /api/agent/workflow-triggers | fanful://agent/workflow-triggers/manifest | Signed payload contracts, samples, retry/idempotency rules, redacted subscriptions, manual test delivery, and member.idea.submitted runtime fan-out ship; other trigger families remain planned. |
| Agent sessions | Manifest-only | /api/agent/sessions | fanful://agent/sessions/manifest | Run/session contracts, pending approvals, event replay, and cancellation semantics ship; durable storage and hosted execution are planned separately. |
| Sync jobs | Sync worker ready | /api/agent/sync-jobs | fanful://agent/sync-jobs/manifest | Authenticated manual run/status endpoints persist redacted Stripe catalog app-reference checkpoints and drift output; provider writes and arbitrary hosted sync execution are planned separately. |
| Domain setup | Read-only | /api/agent/domains | fanful://agent/domains/manifest | Domain status and Registrar readiness are readable through MCP; checkout and final registration remain web/admin confirmed actions. |
MCP server
The runnable slice is deliberately small.
The local server file is scripts/fanful-mcp-server.mjs. The public route at /mcp uses the same shared server factory and does not accept admin secrets as prompt-visible tool input.
npm run mcp:servernpm run mcp:smokenpm run mcp:smoke:httpfanful_agent_manifest_read
ShippedFetches community-chat, embedded-room, live-controls, commerce, artist-analytics, media-upload-session, listener, idea-board, ChatGPT, action-contract, workflow-trigger, agent-session, sync-job, or domain setup manifests.
fanful_domain_setup_read
Read-onlyReads Fanful subdomain, BYO-domain DNS, Registrar quote/checkout, and guarded final-registration boundaries without executing payment or registrar writes.
fanful_creator_analytics_read
Read-onlyReads aggregate creator analytics for authorized creator/admin callers; unauthenticated calls return 401 and listener-only calls return 403.
fanful_agent_action_contracts_read
ShippedReads the #608 action-contract manifest with optional audience and domain filters.
fanful_member_idea_board_read
ShippedReads visible member ideas, vote state, and authorized admin-redacted review fields without scraping /ideas.
fanful_member_idea_submit
Member idea writes readySubmits one visible member idea through the confirmed write envelope with scoped listener auth, exact confirmation, idempotency, and audit correlation.
fanful_member_idea_vote_toggle
Member idea writes readyToggles or sets one listener vote on a visible idea through the confirmed write envelope with scoped listener auth, exact confirmation, idempotency, and audit correlation.
fanful_creator_lesson_price_preview
Preview-readyPreviews lesson or coaching price/policy impact without mutating Fanful, Stripe, checkout, or public pages.
fanful_creator_service_price_policy_update
Price writes readyExecutes confirmed lesson price writes with shared-envelope confirmation, idempotency, stale-state, and creator-commerce audit checks.
fanful_creator_lesson_policy_update
Policy settings readyCreates or updates lesson policy settings with exact confirmation, idempotency, stale-state, and audit checks while leaving refunds, credits, and cancellation execution blocked.
fanful_creator_lesson_availability_update
Availability readyCreates or updates future open/cancelled lesson availability windows with exact confirmation, idempotency, stale-state, and audit checks while preserving meeting URLs and private notes.
fanful_creator_lesson_stripe_price_select
Stripe mapping readySelects or clears one already-known lesson Stripe Price mapping with exact confirmation, stale-state, catalog, idempotency, and audit checks.
fanful_creator_lesson_stripe_price_create
Stripe creation readyCreates and selects one replacement lesson Stripe Price through the server route with exact confirmation, server-side Stripe credentials, stale-state, idempotency, and audit checks.
fanful_creator_membership_stripe_price_select
Stripe mapping readySelects or clears one already-known membership tier Stripe Price mapping with exact confirmation, stale-state, catalog, idempotency, and audit checks.
fanful_creator_membership_stripe_price_create
Stripe creation readyCreates and selects one replacement monthly membership Stripe Price through the server route with exact confirmation, server-side Stripe credentials, stale-state, idempotency, and audit checks.
fanful_creator_membership_tier_create
Tier lifecycle readyCreates one inactive membership tier draft with exact confirmation, profile and benefit copy, monthly amount, idempotency, and audit checks.
fanful_creator_membership_tier_update
Tier lifecycle readyUpdates one membership tier profile or benefit copy with exact confirmation, stale-state, idempotency, and audit checks.
fanful_creator_membership_tier_archive_state
Tier lifecycle readyArchives or restores one membership tier for future joins with exact confirmation, stale-state, idempotency, and audit checks.
fanful_creator_shop_product_create
Shop product readyCreates one safe shop product with exact confirmation, observed product ids, duplicate id/slug checks, idempotency, and audit checks.
fanful_creator_shop_product_visibility_update
Shop product readyToggles active/show-in-shop state on one editable shop product with exact confirmation, stale-state, idempotency, and audit checks.
fanful_creator_shop_product_details_update
Shop product readyUpdates safe existing shop product copy, inventory, fulfillment note, download display metadata, and sort order while leaving checkout, orders, and refunds blocked.
fanful_creator_shop_product_stripe_price_select
Shop product readySelects or clears one compatible app-state Stripe Price mapping on an existing shop product with exact confirmation, stale-state, catalog, idempotency, and audit checks.
fanful_creator_shop_product_stripe_price_create
Shop product readyCreates and selects one replacement one-time shop product Stripe Price through the server route with exact confirmation, server-side Stripe credentials, Product context, stale-state, idempotency, and audit checks.
fanful_creator_entitlement_metadata_update
Entitlement metadata readyUpdates one non-default community channel's signed-in or membership-tier access metadata with exact confirmation, stale-state, idempotency, and audit checks.
fanful_listener_community_messages_read
ShippedReads the latest visible messages from accessible community channels such as #general or #intros, defaulting to 10 messages.
fanful_listener_community_message_post
ShippedPosts one visible community message or reply after scoped/session listener auth, exact public-message confirmation, idempotency, and channel-access checks.
fanful_creator_embedded_room_roster_update
Roster writes readyExecutes confirmed embedded-room invite, co-host, stage, removal, or restore changes with shared-envelope confirmation, idempotency, stale-state, and embedded-room audit checks.
fanful_listener_live_support_preview
Preview-readyReads live-room support CTA readiness and generic support/donation purchase preview copy before confirmed checkout.
fanful_listener_checkout_confirmation_render
Widget-readyRenders ChatGPT confirmation summaries for support, membership, or signed-CD shop checkout starts before the separate scoped listener write tool.
fanful_listener_support_checkout_start
API-onlyStarts support-only checkout after exact listener confirmation, idempotency, reason, audit correlation, and scoped listener credentials.
fanful_listener_membership_checkout_start
API-onlyStarts membership checkout after exact listener confirmation, idempotency, reason, audit correlation, server-owned Stripe Price mapping, and scoped listener credentials.
fanful_listener_shop_checkout_start
API-onlyStarts signed-CD shop checkout after exact listener confirmation, idempotency, reason, audit correlation, active shop product checks, and scoped listener credentials.
fanful_listener_purchase_link_status
Read-onlyReads redacted support, membership, or shop checkout intent status by reference or idempotency key after checkout start.
fanful_sync_job_status_read
Read-onlyReads the latest or addressed durable Stripe catalog app-reference sync run, checkpoint, and redacted drift output.
fanful_sync_job_run
Sync worker readyRuns the first-party Stripe catalog app-reference drift worker and persists a redacted run record with idempotency and cursor semantics.
fanful_live_schedule_preview
Preview-readyPreviews live create, schedule edit, or reschedule impact without mutating live state or audit rows.
fanful_creator_live_schedule_create
ShippedExecutes confirmed new live-event creation with shared-envelope confirmation, idempotency, blocker checks, and audit correlation.
fanful_creator_live_schedule_update
ShippedExecutes confirmed existing-event live schedule changes with shared-envelope confirmation, idempotency, stale-state, and audit correlation.
fanful_live_status_preview
Preview-readyPreviews go-live, end, cancel, or scheduled-status impact without mutating live state, sockets, or audit rows.
fanful_creator_live_status_update
ShippedExecutes confirmed live status changes with shared-envelope confirmation, idempotency, stale-state, and audit correlation.
Markdown, sitemap, and crawl paths
Readable pages for humans and model clients.
Shipped
Agent setup
Cloudflare-style central start page for coding agents that need Fanful MCP, API, CLI, skills, recipes, and safety rules.
Shipped
Agent setup prompt
Copy-paste prompt URL for Codex, Claude, ChatGPT, Cursor, and other coding agents.
Shipped
API reference
Current HTTP agent manifests, MCP/action-contract map, workflow-trigger recipes, code examples, and official SDK release plan.
Shipped
Agent skills
Provider-neutral Fanful prompt skills for setup, MCP operation, API/webhook integration, creator commerce, listener community chat, and SDK planning.
Shipped
Public agent overview
Human-readable overview for MCP clients, ChatGPT apps, Claude Code, Codex, and other assistants.
Shipped
Model discovery file
Canonical crawl/discovery entry point with current agent URLs and safe-use rules.
Shipped
Developer docs
docs.fanful.net is live as the deeper task-first documentation surface for humans and AI agents.
Shipped
Agent markdown guide
Concise markdown instructions for current tools, resources, auth posture, and safety boundaries.
Shipped
Agent SDK starter
Provider-neutral TypeScript helper and no-SDK HTTP fallback for external agent clients.
Shipped
Agent Q&A smoke matrix
Source-backed prompts for what Fanful is, who it serves, competitor tradeoffs, agent actions, and not-ready boundaries.
Member idea fan-out ready
Workflow trigger manifest
JSON contract for signed webhook-style events plus an authenticated subscription registry, manual signed test deliveries, and member.idea.submitted runtime fan-out.
Manifest-only
Agent session manifest
JSON contract for external agent runs, event cursors, pending approvals, completed tool calls, and cancellation.
Manifest-only
Sync job manifest
JSON contract for imported-data cursors, checkpoints, duplicate-safe resume behavior, stats, and redacted drift reporting.
Shipped
Fanful marketing mirrors
Markdown mirrors include /fanful.md, /roadmap.md, /features.md, /pricing.md, /docs.md, /developers-and-agents.md, /compare.md, focused comparison pages, migration guides, and guide posts.
Shipped
Roadmap data
The browser roadmap ships at fanful.net/roadmap, the live JSON snapshot ships at /api/roadmap, and the markdown mirror ships at /roadmap.md.
Shipped
Sitemap coverage
The Fanful sitemap now includes the developer docs and this developers-and-agents hub.
agent-chatgpt-app.v1
The readiness page is visual proof of the current direction, not proof that Fanful has been submitted to ChatGPT.
ChatGPT app direction
MCP first, ChatGPT layer second.
The current Fanful manifest points to OpenAI Apps SDK requirements and keeps ChatGPT-specific metadata as an optional layer over the same MCP tools used by other clients.
Apps SDK quickstartMCP is the canonical contract
Fanful keeps MCP portable for ChatGPT, Codex, Claude Code, CLI, and other clients instead of creating a ChatGPT-only action layer.
Public /mcp transport exists
Network clients can connect to the stateless Streamable HTTP endpoint. Local operators can still use npm run mcp:server.
Descriptor metadata and widgets are optional layers
Tool _meta, security schemes, invocation copy, output templates, CSP, domains, and screenshots should land only where ChatGPT-specific UI improves the workflow.
OAuth/session mapping blocks private ChatGPT use
Environment-gated admin reads are useful for local MCP clients, but ChatGPT needs first-party OAuth or session mapping before private creator/listener reads.
Confirmed writes are exposed
Fanful now enforces confirmation, audit attribution, idempotency, stale-state guards, and redaction for live status, tier lifecycle, and community channel tier-access metadata writes; remaining write families stay contract-gated.
Authorization and safety
Where agent access stops.
No prompt-visible secrets
Admin credentials stay in the MCP process environment. Do not pass admin tokens, bearer tokens, Stripe ids, payment identifiers, raw media URLs, private invite links, or device ids through model-visible input.
Same authorization as product clients
Agent surfaces inherit the same guest, listener, artist-admin, automation, and platform-owner boundaries used by web, iOS, Android, and admin APIs.
Explicit confirmation before risky writes
Public posts, moderation, creator speech, checkout, pricing, go-live, domain registration, destructive changes, and billing-impacting actions need confirmed intent before execution.
Auditable client attribution
Creator/admin and automation writes need actor identity, client/tool name, reason, before/after summaries, idempotency, and durable audit rows before they become MCP tools.
Listener data is redacted
Raw listener ids, device ids, media URLs, offline download URLs, invite tokens, purchase ids, and payment ids stay out of model-visible output.
Live controls stay permissioned
Agents can inspect readiness and descriptors, but schedule, status, moderation, channel-link, and stage changes remain admin or automation actions.
Discovery is linked
This hub, its markdown mirror, and docs.fanful.net are now connected from navigation, command search, llms.txt, and sitemap paths.