Worked collections — real *.api.md files whose Notebooks grew from live
runs. Point an agent at one (it fetches the raw file), or read it yourself. Every secret is a
{{vault:NAME}} reference; no values, ever.
httpbin.api.mdBasic auth (vaulted password, base64 in-subprocess) + an action POST — fired live, leak-safegithub.api.mdGraphQL shape — query + Checks over .dataspotify.api.mdOAuth2 client-credentials → Capture → cached token; the Notebook holds a real 403 caveat the run caughtmissive-releases.api.mdthis site testing itself — unauthenticated; landing, contract, and /feedback/MISSIVE.md; machine indexes at
/llms.txt and
/.well-known/missive.json.
Recipes: /MISSIVE-PATTERNS.md.