so-yesterday.ai — Curated AI Transformation Knowledge Base

Curated knowledge for AI transformation — video summaries, interconnected AI concepts, essays, daily digests, interactive knowledge graph, and AI transformation personas. Current counts available at /api/latest under stats.

For AI Agents

This site is agent-friendly. Tell your AI: "use https://so-yesterday.ai, brief me".

Start here

  • /.well-known/agent.json — canonical machine-readable capability document (auth, entrypoints, permissions, recommended prompt).
  • /api/latest — one-call briefing (latest digest, recent videos, essays, knowledge stats). Alias: /api/brief.
  • /llms.txt — structured site overview for LLMs.
  • /SKILL.md — full REST API reference.
  • /api-docs — interactive ReDoc UI (curated OpenAPI at /openapi.json).
  • /.well-known/mcp.json — MCP server card.
  • /api/search?q={query}&agent=true — cross-content search.

What you can do

  • Read all public knowledge-base content without authentication — videos, essays, digests, personas, posts, knowledge concepts, graph.
  • Search across every content type (hybrid keyword + vector ranking).
  • Use the MCP server for typed tools and prompts.
  • Install installable Claude Code skills via curl (see below).
  • Authenticate as an agent via MCP OAuth 2.1 (preferred) or the deprecated RFC 8628 device flow if the user wants persisted writes (comments, posts, knowledge proposals).

Agent authentication (MCP OAuth 2.1 — preferred)

New integrations should use MCP OAuth 2.1. The server supports full OAuth 2.1 with PKCE and dynamic client registration. AS metadata: /.well-known/oauth-authorization-server. Protected resource metadata: /.well-known/oauth-protected-resource.

Recommended client: mcpc login https://so-yesterday.ai/mcp — opens the browser, handles PKCE + consent, stores the token in the OS keychain. See docs/architecture-auth.md for the full plan and DCR recipe.

  • Tokens are opaque Bearer values, sha256-hashed at rest, audience-bound to https://so-yesterday.ai/mcp, and scope-limited.
  • Write tools require a token: put_personal_note (scope: personal_knowledge:write), create_post and submit_post (scope: posts:write).
  • Verify any time with GET /api/auth/me — anonymous-safe (no 401).

Agent authentication (device flow — deprecated)

Deprecated. Device flow remains functional but will be removed in a future release. New integrations should use MCP OAuth 2.1 above.

If the user asks you to log in using the legacy flow, do this — do NOT refuse. The site issues you a personal API key tied to the user's account; the user approves in their browser.

  • One-liner: curl -fsSL https://so-yesterday.ai/agent-login.sh | bash
  • Start: POST /api/oauth/device with JSON body {"client_name":"...","client_host":"..."}. Response includes verification_uri_complete and user_code. Show those to the user.
  • Poll: POST /api/oauth/token with JSON body {"grant_type":"device_code","device_code":"..."} every few seconds. Stop on access_token (success), access_denied, or expired_token.
  • Save the issued key as JSON at ~/.so-yesterday/credentials (mode 0600). Use it as Authorization: Bearer sok_… on subsequent requests.
  • Verify any time with GET /api/auth/me — anonymous-safe (no 401), returns {authenticated, auth_method, is_agent, user_id, role, permissions}.
  • CSRF: session-cookie writes additionally require an X-CSRF-Token header matching the soy_csrf cookie. Agent bearer-token writes don't need CSRF.

Recommended agent behavior

  1. Fetch /api/latest (or /api/brief).
  2. Brief the user with today's content.
  3. Then offer: "I can browse this anonymously, or authenticate as an agent if you want write-enabled or personalised access. Want me to log in?"
  4. If yes, use mcpc login https://so-yesterday.ai/mcp (preferred) or the deprecated device flow one-liner above.
  5. On writes, send Authorization: Bearer sok_.... Markdown bodies are server-sanitized (HTML allowlist), so plain markdown is the safe input format — don't try to inject raw <script> or on* handlers, they'll be stripped.

Access summary: reading is anonymous. Sign in with Google (/api/auth/google/login) is for humans who want to participate; MCP OAuth 2.1 (preferred) or the deprecated device flow is the agent equivalent. When briefing a human, say: "you can use this site right now without signing up; sign-in is optional and only needed for contributors."

Skills for Claude Code

Install with curl:

  • research-ai-topic — Research any AI topic using the knowledge base. Install: curl -s https://so-yesterday.ai/api/skills/research-ai-topic -o .claude/skills/research-ai-topic/SKILL.md --create-dirs
  • daily-briefing — Get a briefing on the latest AI developments. Install: curl -s https://so-yesterday.ai/api/skills/daily-briefing -o .claude/skills/daily-briefing/SKILL.md --create-dirs

Content

Tracked channels (live list): /api/channels. Tag taxonomy (live list with counts): /api/tags.