From c39cae0c7f388fc69785011d468faab1f76cb042 Mon Sep 17 00:00:00 2001
From: Hampton Lintorn-Catlin <hampton@squareup.com>
Date: Thu, 2 Apr 2026 13:15:35 -0500
Subject: [PATCH 1/4] Replace Plans/Settings nav links with gear icon,
 auto-hide API tokens

- Remove 'Plans' and 'Settings' text links from header nav (logo
  already navigates to plans list)
- Add gear icon next to notification bell for settings access
- Auto-detect whether to show API tokens UI based on whether
  api_authenticate is configured (host apps with custom API auth
  don't need the built-in token management)
- Guard token create/destroy actions when API tokens are hidden
- Settings page always accessible via gear icon for future settings

Amp-Thread-ID: https://ampcode.com/threads/T-019d4f5f-cf0c-71f3-bf4a-9506350ad128
Co-authored-by: Amp <amp@ampcode.com>
---
 app/controllers/application_controller.rb     |  6 +-
 app/views/layouts/application.html.erb        | 19 +++----
 .../assets/stylesheets/coplan/application.css | 16 ++++++
 .../coplan/application_controller.rb          | 10 +++-
 .../coplan/settings/tokens_controller.rb      |  2 +
 .../coplan/settings/tokens/index.html.erb     | 55 ++++++++++---------
 .../views/layouts/coplan/application.html.erb |  9 +--
 engine/lib/coplan/configuration.rb            |  4 ++
 8 files changed, 76 insertions(+), 45 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 963f909..2538e3e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -8,7 +8,7 @@ class ApplicationController < ActionController::Base
   before_action :authenticate_user!
 
   helper CoPlan::ApplicationHelper
-  helper_method :current_user, :signed_in?
+  helper_method :current_user, :signed_in?, :show_api_tokens?
 
   private
 
@@ -20,6 +20,10 @@ def signed_in?
     current_user.present?
   end
 
+  def show_api_tokens?
+    CoPlan.configuration.show_api_tokens?
+  end
+
   def authenticate_user!
     unless signed_in?
       redirect_to main_app.sign_in_path, alert: "Please sign in."
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 92ac883..eca8640 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -26,18 +26,15 @@
           CoPlan
         <% end %>
 
-        <ul class="site-nav__links">
-          <% if signed_in? %>
-            <li><%= link_to "Plans", coplan.plans_path %></li>
-            <li><%= link_to "Settings", coplan.settings_tokens_path %></li>
-          <% end %>
-          <%# TODO: Phase 8.2 — Notifications bell %>
-        </ul>
-
         <% if signed_in? %>
-          <div class="site-nav__user">
-            <span><%= current_user.name %></span>
-            <%= link_to "Sign out", sign_out_path, data: { turbo_method: :delete } %>
+          <div class="site-nav__right">
+            <%= link_to coplan.settings_tokens_path, class: "site-nav__icon-link", aria: { label: "Settings" } do %>
+              <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1-2.83 2.83l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-4 0v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83-2.83l.06-.06A1.65 1.65 0 0 0 4.68 15a1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1 0-4h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 2.83-2.83l.06.06A1.65 1.65 0 0 0 9 4.68a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 4 0v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 2.83l-.06.06A1.65 1.65 0 0 0 19.4 9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 0 4h-.09a1.65 1.65 0 0 0-1.51 1z"/></svg>
+            <% end %>
+            <div class="site-nav__user">
+              <span><%= current_user.name %></span>
+              <%= link_to "Sign out", sign_out_path, data: { turbo_method: :delete } %>
+            </div>
           </div>
         <% end %>
       </div>
diff --git a/engine/app/assets/stylesheets/coplan/application.css b/engine/app/assets/stylesheets/coplan/application.css
index 2059f89..60230e5 100644
--- a/engine/app/assets/stylesheets/coplan/application.css
+++ b/engine/app/assets/stylesheets/coplan/application.css
@@ -1390,6 +1390,22 @@ body:has(.comment-toolbar) .main-content {
   position: relative;
 }
 
+.site-nav__icon-link {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  color: var(--color-text-muted);
+  padding: var(--space-xs);
+  border-radius: var(--radius);
+  transition: color 0.15s, background 0.15s;
+}
+
+.site-nav__icon-link:hover {
+  color: var(--color-text);
+  background: var(--color-bg);
+  text-decoration: none;
+}
+
 .site-nav__bell {
   position: relative;
   display: inline-flex;
diff --git a/engine/app/controllers/coplan/application_controller.rb b/engine/app/controllers/coplan/application_controller.rb
index 0d9929b..6a678d3 100644
--- a/engine/app/controllers/coplan/application_controller.rb
+++ b/engine/app/controllers/coplan/application_controller.rb
@@ -17,7 +17,7 @@ def self.controller_path
     before_action :authenticate_coplan_user!
     before_action :set_coplan_current
 
-    helper_method :current_user, :signed_in?
+    helper_method :current_user, :signed_in?, :show_api_tokens?
 
     class NotAuthorizedError < StandardError; end
 
@@ -67,6 +67,14 @@ def set_coplan_current
       CoPlan::Current.user = current_user
     end
 
+    def show_api_tokens?
+      CoPlan.configuration.show_api_tokens?
+    end
+
+    def require_api_tokens_enabled
+      head :not_found unless show_api_tokens?
+    end
+
     def authorize!(record, action)
       policy_class = "CoPlan::#{record.class.name.demodulize}Policy".constantize
       policy = policy_class.new(current_user, record)
diff --git a/engine/app/controllers/coplan/settings/tokens_controller.rb b/engine/app/controllers/coplan/settings/tokens_controller.rb
index 0c36d14..b08e67f 100644
--- a/engine/app/controllers/coplan/settings/tokens_controller.rb
+++ b/engine/app/controllers/coplan/settings/tokens_controller.rb
@@ -1,6 +1,8 @@
 module CoPlan
   module Settings
     class TokensController < ApplicationController
+      before_action :require_api_tokens_enabled, only: [:create, :destroy]
+
       def index
         @api_tokens = current_user.api_tokens.order(created_at: :desc)
       end
diff --git a/engine/app/views/coplan/settings/tokens/index.html.erb b/engine/app/views/coplan/settings/tokens/index.html.erb
index 6f3db1f..0a2ff5b 100644
--- a/engine/app/views/coplan/settings/tokens/index.html.erb
+++ b/engine/app/views/coplan/settings/tokens/index.html.erb
@@ -1,32 +1,35 @@
 <div class="page-header">
   <h1>Settings</h1>
-  <p class="page-header__subtitle">Manage API tokens for agent access</p>
 </div>
 
-<div id="token-reveal">
-  <% if flash[:raw_token].present? %>
-    <%= render "token_reveal", raw_token: flash[:raw_token] %>
-  <% end %>
-</div>
+<% if show_api_tokens? %>
+  <p class="settings-section-subtitle">Manage API tokens for agent access</p>
 
-<div class="card" id="create-token-form">
-  <%= render "form" %>
-</div>
+  <div id="token-reveal">
+    <% if flash[:raw_token].present? %>
+      <%= render "token_reveal", raw_token: flash[:raw_token] %>
+    <% end %>
+  </div>
 
-<div class="card" id="tokens-card">
-  <h2>Your Tokens</h2>
-  <table class="data-table">
-    <thead>
-      <tr>
-        <th>Name</th>
-        <th>Status</th>
-        <th>Last Used</th>
-        <th>Created</th>
-        <th></th>
-      </tr>
-    </thead>
-    <tbody id="tokens-list">
-      <%= render partial: "token_row", collection: @api_tokens, as: :token %>
-    </tbody>
-  </table>
-</div>
+  <div class="card" id="create-token-form">
+    <%= render "form" %>
+  </div>
+
+  <div class="card" id="tokens-card">
+    <h2>Your Tokens</h2>
+    <table class="data-table">
+      <thead>
+        <tr>
+          <th>Name</th>
+          <th>Status</th>
+          <th>Last Used</th>
+          <th>Created</th>
+          <th></th>
+        </tr>
+      </thead>
+      <tbody id="tokens-list">
+        <%= render partial: "token_row", collection: @api_tokens, as: :token %>
+      </tbody>
+    </table>
+  </div>
+<% end %>
diff --git a/engine/app/views/layouts/coplan/application.html.erb b/engine/app/views/layouts/coplan/application.html.erb
index 19e3b52..80291a7 100644
--- a/engine/app/views/layouts/coplan/application.html.erb
+++ b/engine/app/views/layouts/coplan/application.html.erb
@@ -21,14 +21,11 @@
           CoPlan
           <%= coplan_environment_badge %>
         <% end %>
-        <ul class="site-nav__links">
-          <% if signed_in? %>
-            <li><%= link_to "Plans", coplan.plans_path %></li>
-            <li><%= link_to "Settings", coplan.settings_tokens_path %></li>
-          <% end %>
-        </ul>
         <% if signed_in? %>
           <div class="site-nav__right">
+            <%= link_to coplan.settings_tokens_path, class: "site-nav__icon-link", aria: { label: "Settings" } do %>
+              <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1-2.83 2.83l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-4 0v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83-2.83l.06-.06A1.65 1.65 0 0 0 4.68 15a1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1 0-4h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 2.83-2.83l.06.06A1.65 1.65 0 0 0 9 4.68a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 4 0v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 2.83l-.06.06A1.65 1.65 0 0 0 19.4 9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 0 4h-.09a1.65 1.65 0 0 0-1.51 1z"/></svg>
+            <% end %>
             <div class="inbox-dropdown" data-controller="coplan--inbox">
               <%= turbo_stream_from "coplan_notifications:#{current_user.id}" %>
               <button type="button" class="site-nav__bell" data-action="coplan--inbox#toggle" aria-label="Notifications">
diff --git a/engine/lib/coplan/configuration.rb b/engine/lib/coplan/configuration.rb
index 97bcfcc..091c6ad 100644
--- a/engine/lib/coplan/configuration.rb
+++ b/engine/lib/coplan/configuration.rb
@@ -13,5 +13,9 @@ def initialize
       @error_reporter = ->(exception, context) { Rails.error.report(exception, context: context) }
       @notification_handler = nil
     end
+
+    def show_api_tokens?
+      @api_authenticate.nil?
+    end
   end
 end

From 2632d8a5b7abbc6c09ce764dc51e433c17fbd8bf Mon Sep 17 00:00:00 2001
From: Hampton Lintorn-Catlin <hampton@squareup.com>
Date: Thu, 2 Apr 2026 14:44:09 -0500
Subject: [PATCH 2/4] Add settings index page, fix gear/bell alignment

- Add Settings::SettingsController with index action and view
- Extract API tokens into a _tokens partial rendered on settings index
- Gear icon links to /settings instead of /settings/tokens
- Fix gear/bell vertical alignment (add inline-flex to inbox-dropdown,
  line-height: normal to icon-link)

Amp-Thread-ID: https://ampcode.com/threads/T-019d4f5f-cf0c-71f3-bf4a-9506350ad128
Co-authored-by: Amp <amp@ampcode.com>
---
 app/views/layouts/application.html.erb        |  2 +-
 .../assets/stylesheets/coplan/application.css |  2 ++
 .../coplan/settings/settings_controller.rb    |  9 ++++++
 .../coplan/settings/settings/index.html.erb   |  7 +++++
 .../coplan/settings/tokens/_tokens.html.erb   | 30 +++++++++++++++++++
 .../views/layouts/coplan/application.html.erb |  2 +-
 engine/config/routes.rb                       |  1 +
 7 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 engine/app/controllers/coplan/settings/settings_controller.rb
 create mode 100644 engine/app/views/coplan/settings/settings/index.html.erb
 create mode 100644 engine/app/views/coplan/settings/tokens/_tokens.html.erb

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index eca8640..defdd5b 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -28,7 +28,7 @@
 
         <% if signed_in? %>
           <div class="site-nav__right">
-            <%= link_to coplan.settings_tokens_path, class: "site-nav__icon-link", aria: { label: "Settings" } do %>
+            <%= link_to coplan.settings_root_path, class: "site-nav__icon-link", aria: { label: "Settings" } do %>
               <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1-2.83 2.83l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-4 0v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83-2.83l.06-.06A1.65 1.65 0 0 0 4.68 15a1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1 0-4h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 2.83-2.83l.06.06A1.65 1.65 0 0 0 9 4.68a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 4 0v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 2.83l-.06.06A1.65 1.65 0 0 0 19.4 9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 0 4h-.09a1.65 1.65 0 0 0-1.51 1z"/></svg>
             <% end %>
             <div class="site-nav__user">
diff --git a/engine/app/assets/stylesheets/coplan/application.css b/engine/app/assets/stylesheets/coplan/application.css
index 60230e5..265c883 100644
--- a/engine/app/assets/stylesheets/coplan/application.css
+++ b/engine/app/assets/stylesheets/coplan/application.css
@@ -1388,6 +1388,7 @@ body:has(.comment-toolbar) .main-content {
 /* Inbox dropdown */
 .inbox-dropdown {
   position: relative;
+  display: inline-flex;
 }
 
 .site-nav__icon-link {
@@ -1397,6 +1398,7 @@ body:has(.comment-toolbar) .main-content {
   color: var(--color-text-muted);
   padding: var(--space-xs);
   border-radius: var(--radius);
+  line-height: normal;
   transition: color 0.15s, background 0.15s;
 }
 
diff --git a/engine/app/controllers/coplan/settings/settings_controller.rb b/engine/app/controllers/coplan/settings/settings_controller.rb
new file mode 100644
index 0000000..7c0e84b
--- /dev/null
+++ b/engine/app/controllers/coplan/settings/settings_controller.rb
@@ -0,0 +1,9 @@
+module CoPlan
+  module Settings
+    class SettingsController < ApplicationController
+      def index
+        @api_tokens = current_user.api_tokens.order(created_at: :desc) if show_api_tokens?
+      end
+    end
+  end
+end
diff --git a/engine/app/views/coplan/settings/settings/index.html.erb b/engine/app/views/coplan/settings/settings/index.html.erb
new file mode 100644
index 0000000..127d6ff
--- /dev/null
+++ b/engine/app/views/coplan/settings/settings/index.html.erb
@@ -0,0 +1,7 @@
+<div class="page-header">
+  <h1>Settings</h1>
+</div>
+
+<% if show_api_tokens? %>
+  <%= render "coplan/settings/tokens/tokens", api_tokens: @api_tokens %>
+<% end %>
diff --git a/engine/app/views/coplan/settings/tokens/_tokens.html.erb b/engine/app/views/coplan/settings/tokens/_tokens.html.erb
new file mode 100644
index 0000000..593efba
--- /dev/null
+++ b/engine/app/views/coplan/settings/tokens/_tokens.html.erb
@@ -0,0 +1,30 @@
+<h2>API Tokens</h2>
+<p class="settings-section-subtitle">Manage API tokens for agent access</p>
+
+<div id="token-reveal">
+  <% if flash[:raw_token].present? %>
+    <%= render "coplan/settings/tokens/token_reveal", raw_token: flash[:raw_token] %>
+  <% end %>
+</div>
+
+<div class="card" id="create-token-form">
+  <%= render "coplan/settings/tokens/form" %>
+</div>
+
+<div class="card" id="tokens-card">
+  <h3>Your Tokens</h3>
+  <table class="data-table">
+    <thead>
+      <tr>
+        <th>Name</th>
+        <th>Status</th>
+        <th>Last Used</th>
+        <th>Created</th>
+        <th></th>
+      </tr>
+    </thead>
+    <tbody id="tokens-list">
+      <%= render partial: "coplan/settings/tokens/token_row", collection: api_tokens, as: :token %>
+    </tbody>
+  </table>
+</div>
diff --git a/engine/app/views/layouts/coplan/application.html.erb b/engine/app/views/layouts/coplan/application.html.erb
index 80291a7..a36b921 100644
--- a/engine/app/views/layouts/coplan/application.html.erb
+++ b/engine/app/views/layouts/coplan/application.html.erb
@@ -23,7 +23,7 @@
         <% end %>
         <% if signed_in? %>
           <div class="site-nav__right">
-            <%= link_to coplan.settings_tokens_path, class: "site-nav__icon-link", aria: { label: "Settings" } do %>
+            <%= link_to coplan.settings_root_path, class: "site-nav__icon-link", aria: { label: "Settings" } do %>
               <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1-2.83 2.83l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-4 0v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83-2.83l.06-.06A1.65 1.65 0 0 0 4.68 15a1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1 0-4h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 2.83-2.83l.06.06A1.65 1.65 0 0 0 9 4.68a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 4 0v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 2.83l-.06.06A1.65 1.65 0 0 0 19.4 9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 0 4h-.09a1.65 1.65 0 0 0-1.51 1z"/></svg>
             <% end %>
             <div class="inbox-dropdown" data-controller="coplan--inbox">
diff --git a/engine/config/routes.rb b/engine/config/routes.rb
index 0eb616b..18fb108 100644
--- a/engine/config/routes.rb
+++ b/engine/config/routes.rb
@@ -15,6 +15,7 @@
   end
 
   namespace :settings do
+    root "settings#index"
     resources :tokens, only: [:index, :create, :destroy]
   end
 

From 287eb20deb7049885a37aff4a69ba7d1ec667a23 Mon Sep 17 00:00:00 2001
From: Hampton Lintorn-Catlin <hampton@squareup.com>
Date: Fri, 3 Apr 2026 10:15:20 -0500
Subject: [PATCH 3/4] Agent-first discovery: self-describing API for the
 agentic era

Make CoPlan self-describing so agents can discover and use the API
without installing skills or reading static docs.

Features:
- /agent-instructions endpoint serving live API docs as markdown,
  with configurable auth section (agent_auth_instructions) and
  curl prefix (agent_curl_prefix) per host app
- /llms.txt endpoint following the llms.txt standard
- User-agent detection: non-browser clients hitting web UI URLs get
  helpful markdown pointing to /agent-instructions instead of a
  login redirect
- X-Agent-Instructions response header on all responses (web + API)
- Onboarding banner for new users linking to agent instructions
- Plan status lifecycle documentation in agent instructions
- EXAMPLE_SKILL.md reduced to a thin pointer to /agent-instructions

Configuration (host app initializer):
  config.agent_curl_prefix = 'sq curl -s'
  config.agent_auth_instructions = '## Auth\n\nUse sq curl...'
  config.onboarding_banner = 'Custom banner HTML'

Amp-Thread-ID: https://ampcode.com/threads/T-019d4ffd-9cbb-7626-aeba-9e03685aa4dc
Co-authored-by: Amp <amp@ampcode.com>
---
 EXAMPLE_SKILL.md                              | 315 +-----------------
 .../assets/stylesheets/coplan/application.css |  16 +
 .../coplan/agent_instructions_controller.rb   |  11 +
 .../coplan/api/v1/base_controller.rb          |   5 +
 .../coplan/application_controller.rb          |  29 +-
 .../app/controllers/coplan/llms_controller.rb |   9 +
 .../controllers/coplan/plans_controller.rb    |   3 +
 engine/app/models/coplan/user.rb              |   1 +
 .../coplan/agent_instructions/show.text.erb   | 258 ++++++++++++++
 engine/app/views/coplan/llms/show.text.erb    |   9 +
 .../views/layouts/coplan/application.html.erb |   3 +
 engine/config/routes.rb                       |   3 +
 engine/lib/coplan/configuration.rb            |  27 ++
 spec/rails_helper.rb                          |   2 +
 spec/requests/plans_spec.rb                   |  32 ++
 15 files changed, 411 insertions(+), 312 deletions(-)
 create mode 100644 engine/app/controllers/coplan/agent_instructions_controller.rb
 create mode 100644 engine/app/controllers/coplan/llms_controller.rb
 create mode 100644 engine/app/views/coplan/agent_instructions/show.text.erb
 create mode 100644 engine/app/views/coplan/llms/show.text.erb

diff --git a/EXAMPLE_SKILL.md b/EXAMPLE_SKILL.md
index 1666a45..79d0929 100644
--- a/EXAMPLE_SKILL.md
+++ b/EXAMPLE_SKILL.md
@@ -1,317 +1,10 @@
 ---
 name: coplan
-description: "Upload, edit, and comment on plans via the CoPlan API. Use when asked to create plans, edit plan documents, manage edit leases, or leave review comments on plans."
+description: "Create, edit, and review engineering design docs via the CoPlan API."
 ---
 
-# CoPlan API
+# CoPlan
 
-Interact with the CoPlan app to create, read, edit, and comment on plan documents.
+Read the full API instructions at: BASE_URL/agent-instructions
 
-## Setup
-
-Credentials are stored at `~/.config/planning-department/credentials.json`:
-
-```json
-{
-  "base_url": "http://localhost:3000",
-  "token": "your-token-here"
-}
-```
-
-On first use:
-
-1. Read `~/.config/planning-department/credentials.json` to get `token` and `base_url`.
-2. If the file does not exist, tell the user: "Go to **Settings → API Tokens** in the CoPlan web UI to create a token." Ask for the token and base URL, then save to `~/.config/planning-department/credentials.json` with `chmod 600`.
-3. If any API call returns 401, the token is invalid or revoked. Prompt the user to create a new token in Settings and update the credentials file.
-
-Use the values from the credentials file in all API calls below. Read the file once at the start of the session:
-
-```bash
-PLANNING_BASE_URL=$(cat ~/.config/planning-department/credentials.json | jq -r '.base_url')
-PLANNING_API_TOKEN=$(cat ~/.config/planning-department/credentials.json | jq -r '.token')
-```
-
-## API Reference
-
-All requests use `Authorization: Bearer $PLANNING_API_TOKEN` header.
-
-### List Plans
-
-```bash
-curl -s -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  "$PLANNING_BASE_URL/api/v1/plans" | jq .
-```
-
-Optional query param: `?status=considering`
-
-### Get Plan
-
-```bash
-curl -s -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID" | jq .
-```
-
-Returns: `id`, `title`, `status`, `current_content` (markdown), `current_revision`.
-
-### Create Plan
-
-```bash
-curl -s -X POST \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  -H "Content-Type: application/json" \
-  -d '{"title": "My Plan", "content": "# My Plan\n\nContent here."}' \
-  "$PLANNING_BASE_URL/api/v1/plans" | jq .
-```
-
-### Update Plan
-
-Update plan metadata (title, status, tags). Only fields included in the request body are changed.
-
-```bash
-curl -s -X PATCH \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  -H "Content-Type: application/json" \
-  -d '{"status": "considering"}' \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID" | jq .
-```
-
-Allowed fields: `title` (string), `status` (string — one of `brainstorm`, `considering`, `developing`, `live`, `abandoned`), `tags` (array of strings).
-
-### Get Versions
-
-```bash
-curl -s -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/versions" | jq .
-```
-
-### Get Comments
-
-```bash
-curl -s -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/comments" | jq .
-```
-
-## Editing Plans (Lease + Operations)
-
-Editing requires three steps: acquire lease → apply operations → release lease.
-
-### 1. Acquire Edit Lease
-
-```bash
-LEASE_RESPONSE=$(curl -s -X POST \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  -H "Content-Type: application/json" \
-  -d '{"lease_token": "'$(openssl rand -hex 32)'"}' \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/lease")
-echo "$LEASE_RESPONSE" | jq .
-LEASE_TOKEN=$(echo "$LEASE_RESPONSE" | jq -r '.lease_token')
-```
-
-Leases expire after 5 minutes. Renew with PATCH, release with DELETE.
-
-### 2. Apply Operations
-
-```bash
-curl -s -X POST \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "lease_token": "'$LEASE_TOKEN'",
-    "base_revision": 1,
-    "change_summary": "Updated goals section",
-    "operations": [
-      {
-        "op": "replace_exact",
-        "old_text": "old text here",
-        "new_text": "new text here",
-        "count": 1
-      }
-    ]
-  }' \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/operations" | jq .
-```
-
-**Important:** Set `base_revision` to the plan's `current_revision`. Returns 409 if stale.
-
-### 3. Release Edit Lease
-
-```bash
-curl -s -X DELETE \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  -H "Content-Type: application/json" \
-  -d '{"lease_token": "'$LEASE_TOKEN'"}' \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/lease"
-```
-
-### Renew Lease (if needed for long edits)
-
-```bash
-curl -s -X PATCH \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  -H "Content-Type: application/json" \
-  -d '{"lease_token": "'$LEASE_TOKEN'"}' \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/lease" | jq .
-```
-
-## Available Operations
-
-### replace_exact
-
-Find and replace exact text. Fails if text not found or count exceeded.
-
-```json
-{
-  "op": "replace_exact",
-  "old_text": "We should use MySQL",
-  "new_text": "We should use PostgreSQL",
-  "count": 1
-}
-```
-
-### insert_under_heading
-
-Insert content after a markdown heading. Fails if heading not found or ambiguous.
-
-```json
-{
-  "op": "insert_under_heading",
-  "heading": "## Testing Strategy",
-  "content": "- Add integration tests\n- Mock external providers"
-}
-```
-
-### delete_paragraph_containing
-
-Delete the paragraph containing a needle string. Fails if 0 or >1 paragraphs match.
-
-```json
-{
-  "op": "delete_paragraph_containing",
-  "needle": "This approach is deprecated"
-}
-```
-
-## Commenting
-
-### Create Comment Thread
-
-```bash
-curl -s -X POST \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "body_markdown": "This section needs more detail.",
-    "anchor_text": "the exact text you are commenting on",
-    "agent_name": "Amp"
-  }' \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/comments" | jq .
-```
-
-- `anchor_text`: the exact text from the plan content that this comment is about. It will be highlighted in the UI and the comment will be anchored to it.
-- Omit `anchor_text` for a general (non-anchored) comment.
-- `agent_name`: optional identifier for the agent (e.g., `"Amp"`, `"Claude"`). Displayed in the UI as "User Name (Agent Name)".
-
-### Reply to Thread
-
-```bash
-curl -s -X POST \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  -H "Content-Type: application/json" \
-  -d '{"body_markdown": "Good point, I will address this.", "agent_name": "Amp"}' \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/comments/$THREAD_ID/reply" | jq .
-```
-
-### Resolve Thread
-
-Mark a comment thread as resolved (addressed by the plan author or thread creator).
-
-```bash
-curl -s -X PATCH \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/comments/$THREAD_ID/resolve" | jq .
-```
-
-### Dismiss Thread
-
-Dismiss a comment thread (plan author only — for comments that are out of scope or not applicable).
-
-```bash
-curl -s -X PATCH \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/comments/$THREAD_ID/dismiss" | jq .
-```
-
-## Reviewing a Plan
-
-When asked to review a plan (given a plan URL or ID), follow this workflow:
-
-### 1. Read the Plan and Comments
-
-Fetch the plan content and all comment threads:
-
-```bash
-curl -s -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID" | jq .
-
-curl -s -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/comments" | jq .
-```
-
-### 2. Triage Comments
-
-Review each open comment thread and categorize it:
-
-- **Just do it** — Clear, actionable feedback that can be applied directly (typos, clarifications, missing details where the fix is obvious). Apply these edits without asking.
-- **Confirm first** — Substantive changes where the right fix is clear but the scope is large enough to warrant confirmation. Summarize the proposed change and ask the user before applying.
-- **Discuss** — Ambiguous feedback, disagreements, or comments that require a design decision. Present these to the user for discussion — do not attempt to resolve them.
-
-### 3. Present Summary
-
-Before making any changes, present a summary to the user:
-
-> **Plan Review: [Title]**
->
-> **Will apply (N comments):** [list each with a one-line summary of the change]
->
-> **Need confirmation (N comments):** [list each with the proposed change]
->
-> **For discussion (N comments):** [list each with the question/issue]
->
-> Shall I proceed with the "just do it" edits?
-
-### 4. Apply Edits
-
-For approved changes:
-
-1. Acquire an edit lease
-2. Apply operations (use `replace_exact`, `insert_under_heading`, or `delete_paragraph_containing`)
-3. Release the lease
-4. Resolve each comment thread that was addressed
-
-### 5. Resolve Threads
-
-After applying edits, resolve the comment threads that were addressed:
-
-```bash
-curl -s -X PATCH \
-  -H "Authorization: Bearer $PLANNING_API_TOKEN" \
-  "$PLANNING_BASE_URL/api/v1/plans/$PLAN_ID/comments/$THREAD_ID/resolve" | jq .
-```
-
-## Typical Workflow
-
-1. **Read** the plan: `GET /api/v1/plans/:id`
-2. **Acquire lease**: `POST /api/v1/plans/:id/lease`
-3. **Apply operations**: `POST /api/v1/plans/:id/operations` (can call multiple times while lease is held)
-4. **Release lease**: `DELETE /api/v1/plans/:id/lease`
-5. **Comment** on changes: `POST /api/v1/plans/:id/comments`
-
-## Error Codes
-
-| Code | Meaning |
-|------|---------|
-| 401 | Invalid or expired API token |
-| 403 | Not authorized for this action |
-| 404 | Plan not found (or no access) |
-| 409 | Edit lease conflict or stale revision |
-| 422 | Validation error or operation failed |
+Replace `BASE_URL` with the CoPlan instance URL (e.g. `https://coplan.example.com`).
diff --git a/engine/app/assets/stylesheets/coplan/application.css b/engine/app/assets/stylesheets/coplan/application.css
index 265c883..a3d8793 100644
--- a/engine/app/assets/stylesheets/coplan/application.css
+++ b/engine/app/assets/stylesheets/coplan/application.css
@@ -414,6 +414,22 @@ img, svg {
   resize: vertical;
 }
 
+/* Onboarding banner */
+.onboarding-banner {
+  background: var(--color-primary-light);
+  border-bottom: 1px solid var(--color-primary);
+  padding: var(--space-sm) var(--space-lg);
+  font-size: var(--text-sm);
+  color: var(--color-text);
+  text-align: center;
+}
+
+.onboarding-banner a {
+  color: var(--color-primary);
+  font-weight: 600;
+  text-decoration: underline;
+}
+
 /* Empty states */
 .empty-state {
   text-align: center;
diff --git a/engine/app/controllers/coplan/agent_instructions_controller.rb b/engine/app/controllers/coplan/agent_instructions_controller.rb
new file mode 100644
index 0000000..cc4cb1e
--- /dev/null
+++ b/engine/app/controllers/coplan/agent_instructions_controller.rb
@@ -0,0 +1,11 @@
+module CoPlan
+  class AgentInstructionsController < ApplicationController
+    skip_before_action :authenticate_coplan_user!
+
+    def show
+      @auth_instructions = CoPlan.configuration.agent_auth_instructions
+      @curl = CoPlan.configuration.agent_curl_prefix
+      render layout: false, content_type: "text/markdown", formats: [:text]
+    end
+  end
+end
diff --git a/engine/app/controllers/coplan/api/v1/base_controller.rb b/engine/app/controllers/coplan/api/v1/base_controller.rb
index f2ab554..924f6ad 100644
--- a/engine/app/controllers/coplan/api/v1/base_controller.rb
+++ b/engine/app/controllers/coplan/api/v1/base_controller.rb
@@ -3,9 +3,14 @@ module Api
     module V1
       class BaseController < ActionController::API
         before_action :authenticate_api!
+        after_action :set_agent_instructions_header
 
         private
 
+        def set_agent_instructions_header
+          response.headers["X-Agent-Instructions"] = "/agent-instructions"
+        end
+
         def authenticate_api!
           token = request.headers["Authorization"]&.delete_prefix("Bearer ")
           if token.present?
diff --git a/engine/app/controllers/coplan/application_controller.rb b/engine/app/controllers/coplan/application_controller.rb
index 6a678d3..f3d37a5 100644
--- a/engine/app/controllers/coplan/application_controller.rb
+++ b/engine/app/controllers/coplan/application_controller.rb
@@ -16,6 +16,7 @@ def self.controller_path
 
     before_action :authenticate_coplan_user!
     before_action :set_coplan_current
+    after_action :set_agent_instructions_header
 
     helper_method :current_user, :signed_in?, :show_api_tokens?
 
@@ -43,7 +44,9 @@ def authenticate_coplan_user!
 
       attrs = callback.call(request)
       unless attrs && attrs[:external_id].present?
-        if CoPlan.configuration.sign_in_path
+        if agent_request?
+          render plain: agent_redirect_instructions, content_type: "text/markdown", status: :unauthorized
+        elsif CoPlan.configuration.sign_in_path
           redirect_to CoPlan.configuration.sign_in_path, alert: "Please sign in."
         else
           head :unauthorized
@@ -82,5 +85,29 @@ def authorize!(record, action)
         raise NotAuthorizedError
       end
     end
+
+    def set_agent_instructions_header
+      response.headers["X-Agent-Instructions"] = "/agent-instructions"
+    end
+
+    def agent_request?
+      ua = request.user_agent.to_s
+      ua.present? && !ua.start_with?("Mozilla")
+    end
+
+    def agent_redirect_instructions
+      base = request.base_url
+      <<~MARKDOWN
+        # CoPlan API
+
+        You're accessing CoPlan's web UI, which requires browser authentication.
+
+        To interact with CoPlan programmatically, use the API. Full instructions are at:
+
+        #{base}/agent-instructions
+
+        Read that document for authentication setup, endpoint reference, and usage examples.
+      MARKDOWN
+    end
   end
 end
diff --git a/engine/app/controllers/coplan/llms_controller.rb b/engine/app/controllers/coplan/llms_controller.rb
new file mode 100644
index 0000000..7496cf1
--- /dev/null
+++ b/engine/app/controllers/coplan/llms_controller.rb
@@ -0,0 +1,9 @@
+module CoPlan
+  class LlmsController < ApplicationController
+    skip_before_action :authenticate_coplan_user!
+
+    def show
+      render layout: false, content_type: "text/markdown", formats: [:text]
+    end
+  end
+end
diff --git a/engine/app/controllers/coplan/plans_controller.rb b/engine/app/controllers/coplan/plans_controller.rb
index fdb3082..9586838 100644
--- a/engine/app/controllers/coplan/plans_controller.rb
+++ b/engine/app/controllers/coplan/plans_controller.rb
@@ -11,6 +11,9 @@ def index
         .where(plan_id: @plans.select(:id))
         .group(:plan_id)
         .count
+
+      @show_onboarding_banner = CoPlan.configuration.onboarding_banner.present? &&
+        !current_user.created_plans.exists?
     end
 
     def show
diff --git a/engine/app/models/coplan/user.rb b/engine/app/models/coplan/user.rb
index 0a15b65..0ee945d 100644
--- a/engine/app/models/coplan/user.rb
+++ b/engine/app/models/coplan/user.rb
@@ -1,6 +1,7 @@
 module CoPlan
   class User < ApplicationRecord
     has_many :api_tokens, dependent: :destroy
+    has_many :created_plans, class_name: "CoPlan::Plan", foreign_key: :created_by_user_id, dependent: :nullify, inverse_of: :created_by_user
     has_many :plan_collaborators, dependent: :destroy
     has_many :notifications, dependent: :destroy
 
diff --git a/engine/app/views/coplan/agent_instructions/show.text.erb b/engine/app/views/coplan/agent_instructions/show.text.erb
new file mode 100644
index 0000000..d603dfd
--- /dev/null
+++ b/engine/app/views/coplan/agent_instructions/show.text.erb
@@ -0,0 +1,258 @@
+# CoPlan API
+
+Interact with the CoPlan app to create, read, edit, and comment on plan documents.
+
+<%= @auth_instructions %>
+
+## API Reference
+
+### List Plans
+
+```bash
+<%= @curl %> \
+  "BASE_URL/api/v1/plans" | jq .
+```
+
+Optional query param: `?status=considering`
+
+### Get Plan
+
+```bash
+<%= @curl %> \
+  "BASE_URL/api/v1/plans/$PLAN_ID" | jq .
+```
+
+Returns: `id`, `title`, `status`, `current_content` (markdown), `current_revision`.
+
+### Create Plan
+
+```bash
+<%= @curl %> -X POST \
+  -H "Content-Type: application/json" \
+  -d '{"title": "My Plan", "content": "# My Plan\n\nContent here."}' \
+  "BASE_URL/api/v1/plans" | jq .
+```
+
+### Update Plan
+
+Update plan metadata (title, status, tags). Only fields included in the request body are changed.
+
+```bash
+<%= @curl %> -X PATCH \
+  -H "Content-Type: application/json" \
+  -d '{"status": "considering"}' \
+  "BASE_URL/api/v1/plans/$PLAN_ID" | jq .
+```
+
+Allowed fields: `title` (string), `status` (string), `tags` (array of strings).
+
+### Plan Statuses
+
+Plans move through a lifecycle. **Keep the status current** — update it as the plan progresses.
+
+| Status | Meaning | When to use |
+|--------|---------|-------------|
+| `brainstorm` | Private draft, only visible to the author | Initial creation, not ready for anyone else to see |
+| `considering` | Published, open for review and feedback | Ready for others to read and comment on |
+| `developing` | Actively being implemented | Work has started based on the plan |
+| `live` | Shipped, in production | Implementation is complete |
+| `abandoned` | No longer pursuing | Plan was dropped or superseded |
+
+When you create a plan, it starts as `brainstorm`. Promote it to `considering` when it's ready for review. Move to `developing` when implementation begins. Don't leave plans in stale states.
+
+### Get Versions
+
+```bash
+<%= @curl %> \
+  "BASE_URL/api/v1/plans/$PLAN_ID/versions" | jq .
+```
+
+### Get Comments
+
+```bash
+<%= @curl %> \
+  "BASE_URL/api/v1/plans/$PLAN_ID/comments" | jq .
+```
+
+## Editing Plans (Lease + Operations)
+
+Editing requires three steps: acquire lease → apply operations → release lease.
+
+### 1. Acquire Edit Lease
+
+```bash
+LEASE_RESPONSE=$(<%= @curl %> -X POST \
+  -H "Content-Type: application/json" \
+  -d '{"lease_token": "'$(openssl rand -hex 32)'"}' \
+  "BASE_URL/api/v1/plans/$PLAN_ID/lease")
+echo "$LEASE_RESPONSE" | jq .
+LEASE_TOKEN=$(echo "$LEASE_RESPONSE" | jq -r '.lease_token')
+```
+
+Leases expire after 5 minutes. Renew with PATCH, release with DELETE.
+
+### 2. Apply Operations
+
+```bash
+<%= @curl %> -X POST \
+  -H "Content-Type: application/json" \
+  -d '{
+    "lease_token": "'$LEASE_TOKEN'",
+    "base_revision": 1,
+    "change_summary": "Updated goals section",
+    "operations": [
+      {
+        "op": "replace_exact",
+        "old_text": "old text here",
+        "new_text": "new text here",
+        "count": 1
+      }
+    ]
+  }' \
+  "BASE_URL/api/v1/plans/$PLAN_ID/operations" | jq .
+```
+
+**Important:** Set `base_revision` to the plan's `current_revision`. Returns 409 if stale.
+
+### 3. Release Edit Lease
+
+```bash
+<%= @curl %> -X DELETE \
+  -H "Content-Type: application/json" \
+  -d '{"lease_token": "'$LEASE_TOKEN'"}' \
+  "BASE_URL/api/v1/plans/$PLAN_ID/lease"
+```
+
+### Renew Lease (if needed for long edits)
+
+```bash
+<%= @curl %> -X PATCH \
+  -H "Content-Type: application/json" \
+  -d '{"lease_token": "'$LEASE_TOKEN'"}' \
+  "BASE_URL/api/v1/plans/$PLAN_ID/lease" | jq .
+```
+
+## Available Operations
+
+### replace_exact
+
+Find and replace exact text. Fails if text not found or count exceeded.
+
+```json
+{
+  "op": "replace_exact",
+  "old_text": "We should use MySQL",
+  "new_text": "We should use PostgreSQL",
+  "count": 1
+}
+```
+
+### insert_under_heading
+
+Insert content after a markdown heading. Fails if heading not found or ambiguous.
+
+```json
+{
+  "op": "insert_under_heading",
+  "heading": "## Testing Strategy",
+  "content": "- Add integration tests\n- Mock external providers"
+}
+```
+
+### delete_paragraph_containing
+
+Delete the paragraph containing a needle string. Fails if 0 or >1 paragraphs match.
+
+```json
+{
+  "op": "delete_paragraph_containing",
+  "needle": "This approach is deprecated"
+}
+```
+
+## Commenting
+
+### Create Comment Thread
+
+```bash
+<%= @curl %> -X POST \
+  -H "Content-Type: application/json" \
+  -d '{
+    "body_markdown": "This section needs more detail.",
+    "anchor_text": "the exact text you are commenting on",
+    "agent_name": "Amp"
+  }' \
+  "BASE_URL/api/v1/plans/$PLAN_ID/comments" | jq .
+```
+
+- `anchor_text`: the exact text from the plan content that this comment is about. It will be highlighted in the UI and the comment will be anchored to it.
+- Omit `anchor_text` for a general (non-anchored) comment.
+- `agent_name`: optional identifier for the agent (e.g., `"Amp"`, `"Claude"`). Displayed in the UI as "User Name (Agent Name)".
+
+### Reply to Thread
+
+```bash
+<%= @curl %> -X POST \
+  -H "Content-Type: application/json" \
+  -d '{"body_markdown": "Good point, I will address this.", "agent_name": "Amp"}' \
+  "BASE_URL/api/v1/plans/$PLAN_ID/comments/$THREAD_ID/reply" | jq .
+```
+
+### Resolve Thread
+
+Mark a comment thread as resolved (addressed by the plan author or thread creator).
+
+```bash
+<%= @curl %> -X PATCH \
+  "BASE_URL/api/v1/plans/$PLAN_ID/comments/$THREAD_ID/resolve" | jq .
+```
+
+### Dismiss Thread
+
+Dismiss a comment thread (plan author only — for comments that are out of scope or not applicable).
+
+```bash
+<%= @curl %> -X PATCH \
+  "BASE_URL/api/v1/plans/$PLAN_ID/comments/$THREAD_ID/dismiss" | jq .
+```
+
+## Reviewing a Plan
+
+When asked to review a plan (given a plan URL or ID), follow this workflow:
+
+### 1. Read the Plan and Comments
+
+```bash
+<%= @curl %> "BASE_URL/api/v1/plans/$PLAN_ID" | jq .
+<%= @curl %> "BASE_URL/api/v1/plans/$PLAN_ID/comments" | jq .
+```
+
+### 2. Triage Comments
+
+Review each open comment thread and categorize it:
+
+- **Just do it** — Clear, actionable feedback that can be applied directly. Apply these edits without asking.
+- **Confirm first** — Substantive changes where the right fix is clear but the scope is large. Summarize and ask before applying.
+- **Discuss** — Ambiguous feedback or design decisions. Present to the user for discussion.
+
+### 3. Apply Edits
+
+For approved changes: acquire lease → apply operations → release lease → resolve threads.
+
+## Typical Workflow
+
+1. **Read** the plan: `GET /api/v1/plans/:id`
+2. **Acquire lease**: `POST /api/v1/plans/:id/lease`
+3. **Apply operations**: `POST /api/v1/plans/:id/operations` (can call multiple times while lease is held)
+4. **Release lease**: `DELETE /api/v1/plans/:id/lease`
+5. **Comment** on changes: `POST /api/v1/plans/:id/comments`
+
+## Error Codes
+
+| Code | Meaning |
+|------|---------|
+| 401 | Not authenticated |
+| 403 | Not authorized for this action |
+| 404 | Plan not found (or no access) |
+| 409 | Edit lease conflict or stale revision |
+| 422 | Validation error or operation failed |
diff --git a/engine/app/views/coplan/llms/show.text.erb b/engine/app/views/coplan/llms/show.text.erb
new file mode 100644
index 0000000..ee5f1c5
--- /dev/null
+++ b/engine/app/views/coplan/llms/show.text.erb
@@ -0,0 +1,9 @@
+# CoPlan
+
+> CoPlan is a collaborative engineering design doc platform. Humans write plans, domain experts leave inline feedback, and AI agents respond to that feedback and apply edits automatically. Every change is versioned with full provenance.
+
+CoPlan has a REST API that AI agents can use to create plans, apply edits, and leave review comments.
+
+## API
+
+- [Agent Instructions](<%= coplan.agent_instructions_path %>): Full API reference for AI agents, including authentication, endpoints, editing workflow, and commenting.
diff --git a/engine/app/views/layouts/coplan/application.html.erb b/engine/app/views/layouts/coplan/application.html.erb
index a36b921..ac128ec 100644
--- a/engine/app/views/layouts/coplan/application.html.erb
+++ b/engine/app/views/layouts/coplan/application.html.erb
@@ -49,6 +49,9 @@
         <% end %>
       </div>
     </nav>
+    <% if @show_onboarding_banner %>
+      <div class="onboarding-banner"><%= CoPlan.configuration.onboarding_banner.html_safe %></div>
+    <% end %>
     <main class="main-content">
       <% if notice.present? %>
         <div class="flash flash--notice"><%= notice %></div>
diff --git a/engine/config/routes.rb b/engine/config/routes.rb
index 18fb108..032bebb 100644
--- a/engine/config/routes.rb
+++ b/engine/config/routes.rb
@@ -47,5 +47,8 @@
     end
   end
 
+  get "llms.txt", to: "llms#show", as: :llms_txt
+  get "agent-instructions", to: "agent_instructions#show", as: :agent_instructions
+
   root "plans#index"
 end
diff --git a/engine/lib/coplan/configuration.rb b/engine/lib/coplan/configuration.rb
index 091c6ad..a52801a 100644
--- a/engine/lib/coplan/configuration.rb
+++ b/engine/lib/coplan/configuration.rb
@@ -4,6 +4,9 @@ class Configuration
     attr_accessor :ai_base_url, :ai_api_key, :ai_model
     attr_accessor :error_reporter
     attr_accessor :notification_handler
+    attr_accessor :onboarding_banner
+    attr_accessor :agent_auth_instructions
+    attr_accessor :agent_curl_prefix
 
     def initialize
       @authenticate = nil
@@ -12,6 +15,30 @@ def initialize
       @ai_model = "gpt-4o"
       @error_reporter = ->(exception, context) { Rails.error.report(exception, context: context) }
       @notification_handler = nil
+      @onboarding_banner = 'Want to upload Agentic plans? Give your agent <a href="/agent-instructions">these instructions</a>.'
+      @agent_curl_prefix = 'curl -s -H "Authorization: Bearer $TOKEN"'
+      @agent_auth_instructions = <<~MARKDOWN
+        ## Authentication
+
+        Credentials are stored at `~/.config/coplan/credentials.json`:
+
+        ```json
+        {
+          "base_url": "BASE_URL",
+          "token": "your-token-here"
+        }
+        ```
+
+        On first use:
+
+        1. Read `~/.config/coplan/credentials.json` to get `token` and `base_url`.
+        2. If the file does not exist, tell the user: "Go to **Settings → API Tokens** in the CoPlan web UI to create a token." Ask for the token and base URL, then save to `~/.config/coplan/credentials.json` with `chmod 600`.
+        3. If any API call returns 401, the token is invalid or revoked. Prompt the user to create a new token in Settings and update the credentials file.
+
+        Use the values from the credentials file in all API calls below.
+
+        All requests use `Authorization: Bearer $TOKEN` header.
+      MARKDOWN
     end
 
     def show_api_tokens?
diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
index 2706b70..e873bbd 100644
--- a/spec/rails_helper.rb
+++ b/spec/rails_helper.rb
@@ -23,6 +23,8 @@
 
 
 
+
+
   def sign_in_as(coplan_user)
     coplan_user.update!(email: "#{coplan_user.external_id}@test.example.com") unless coplan_user.email.present?
     post sign_in_path, params: { email: coplan_user.email }
diff --git a/spec/requests/plans_spec.rb b/spec/requests/plans_spec.rb
index 0b642dd..ae778bc 100644
--- a/spec/requests/plans_spec.rb
+++ b/spec/requests/plans_spec.rb
@@ -109,4 +109,36 @@
     get plan_path(brainstorm_plan)
     expect(response).to have_http_status(:ok)
   end
+
+  describe "onboarding banner" do
+    it "shows banner when user has no plans" do
+      sign_in_as(bob)
+      get plans_path
+      expect(response.body).to include("onboarding-banner")
+    end
+
+    it "hides banner when user has created a plan" do
+      plan # alice has a plan
+      get plans_path
+      expect(response.body).not_to include("onboarding-banner")
+    end
+
+    it "hides banner when onboarding_banner config is nil" do
+      sign_in_as(bob)
+      original = CoPlan.configuration.onboarding_banner
+      CoPlan.configuration.onboarding_banner = nil
+      get plans_path
+      expect(response.body).not_to include("onboarding-banner")
+      CoPlan.configuration.onboarding_banner = original
+    end
+
+    it "displays custom banner text from configuration" do
+      sign_in_as(bob)
+      original = CoPlan.configuration.onboarding_banner
+      CoPlan.configuration.onboarding_banner = "Custom onboarding message"
+      get plans_path
+      expect(response.body).to include("Custom onboarding message")
+      CoPlan.configuration.onboarding_banner = original
+    end
+  end
 end

From 33e863020b55fb642e5a5424f0b77fddaa3c20e6 Mon Sep 17 00:00:00 2001
From: Hampton Lintorn-Catlin <hampton@squareup.com>
Date: Fri, 3 Apr 2026 10:31:05 -0500
Subject: [PATCH 4/4] Use route helpers for agent-instructions paths

Fixes mount-prefix issue: when engine is mounted at /coplan,
the header and agent redirect now correctly resolve to
/coplan/agent-instructions instead of /agent-instructions.

Amp-Thread-ID: https://ampcode.com/threads/T-019d4ffd-9cbb-7626-aeba-9e03685aa4dc
Co-authored-by: Amp <amp@ampcode.com>
---
 engine/app/controllers/coplan/api/v1/base_controller.rb | 2 +-
 engine/app/controllers/coplan/application_controller.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/engine/app/controllers/coplan/api/v1/base_controller.rb b/engine/app/controllers/coplan/api/v1/base_controller.rb
index 924f6ad..4542c36 100644
--- a/engine/app/controllers/coplan/api/v1/base_controller.rb
+++ b/engine/app/controllers/coplan/api/v1/base_controller.rb
@@ -8,7 +8,7 @@ class BaseController < ActionController::API
         private
 
         def set_agent_instructions_header
-          response.headers["X-Agent-Instructions"] = "/agent-instructions"
+          response.headers["X-Agent-Instructions"] = CoPlan::Engine.routes.url_helpers.agent_instructions_path
         end
 
         def authenticate_api!
diff --git a/engine/app/controllers/coplan/application_controller.rb b/engine/app/controllers/coplan/application_controller.rb
index f3d37a5..c368c1b 100644
--- a/engine/app/controllers/coplan/application_controller.rb
+++ b/engine/app/controllers/coplan/application_controller.rb
@@ -87,7 +87,7 @@ def authorize!(record, action)
     end
 
     def set_agent_instructions_header
-      response.headers["X-Agent-Instructions"] = "/agent-instructions"
+      response.headers["X-Agent-Instructions"] = coplan.agent_instructions_path
     end
 
     def agent_request?
@@ -104,7 +104,7 @@ def agent_redirect_instructions
 
         To interact with CoPlan programmatically, use the API. Full instructions are at:
 
-        #{base}/agent-instructions
+        #{base}#{coplan.agent_instructions_path}
 
         Read that document for authentication setup, endpoint reference, and usage examples.
       MARKDOWN