Statamic AI Gateway

> ⛔ CRITICAL — Structured field values are READ-ONLY structures. > Bard, Replicator, Grid, and similar fields store values as deeply nested ProseMirror/TipTap JSON. When reading these back from entry.get or global.get, you will see arrays of node objects with type, attrs, content, and marks keys. > > You MUST NOT alter the structure. Never add, remove, reorder, or rename nodes, attributes, or marks. You may only change the literal text strings inside leaf nodes — nothing else. > > To update a rich-text field: (1) fetch with entry.get/global.get, (2) change only text values, (3) send back structurally identical. Violating this corrupts content.

1. Look up base_url and token from sites.json before every request. 2. Discover before executing. Call /capabilities then /capabilities/{tool} before using any tool for the first time on a site. 3. Only call tools where enabled: true. Only target allowlisted resources. forbidden means off-limits. 4. data must be a JSON object, never an array or string. Don't send unknown argument keys. 5. Prefer entry.upsert over entry.create — safer and idempotent. 6. navigation.update is a full tree replacement. Always fetch with navigation.get first. 7. Confirmation-gated tools require user approval. If requires_confirmation: true in capabilities: (1) send the request, (2) receive confirmation_required with a token, (3) show the user the operation_summary and ask permission, (4) only if approved, resend with confirmation_token. Never auto-confirm. 8. If rate_limited, back off and retry. 9. Include the site name in request_id (e.g. marketing:upsert-about). 10. After bulk content changes, consider warming caches: stache.warm rebuilds content indexes, static.warm regenerates static pages.