# marly.studio

> Upload videos or supported public URLs to marly.studio, then review AI-selected moments, vertical clips, captions, and optional YouTube publishing.

## Start here

- [Human help](https://marly.studio/help)
- [Agent guide JSON](https://marly.studio/help/agent.json)
- [Well-known agent guide](https://marly.studio/.well-known/marly-agent.json)
- [Well-known agent alias](https://marly.studio/.well-known/agent.json)
- [MCP endpoint](https://marly.studio/api/mcp)

## Public pages

- [Home](https://marly.studio): brand and upload/import entry point. Last modified 2026-06-13.
- [Legal](https://marly.studio/legal): privacy, terms, Google/YouTube disclosures, and data handling. Last modified 2026-06-13.
- [Help](https://marly.studio/help): human help, product boundaries, and public agent-discovery guide. Last modified 2026-06-12.
- [Support](https://marly.studio/donate): optional one-time support payments without product entitlements. Last modified 2026-06-01.
- [Sitemap](https://marly.studio/sitemap.xml): canonical public page inventory.
- [Robots policy](https://marly.studio/robots.txt): crawler access rules for public discovery.

## How an agent gets authorized

1. Ask the user to open Settings.
2. The user signs in and opens Settings > Agent & MCP access.
3. The user creates a scoped Agent token, chooses scopes, and copies the token once.
4. Send the token as: Authorization: Bearer <token>.
5. Read the authenticated manifest before creating jobs or polling results.

## Current safe agent workflow

- Discover the contract with [human help](https://marly.studio/help), [agent guide JSON](https://marly.studio/help/agent.json), [llms.txt](https://marly.studio/llms.txt), or [well-known agent guide](https://marly.studio/.well-known/marly-agent.json).
- Create supported public video URL import jobs when the token has job.import.create.
- Create file upload jobs when the token has job.upload.create; PUT the bytes to the returned upload URL (large files return a multipart plan — PUT each part) then complete the upload, or in relay-transport deployments stream the bytes to the returned relay target (which finalizes the job).
- List recent owned jobs when the token has job.list.read.
- Read job status when the token has job.status.read.
- Read safe result metadata when the token has job.results.read.
- Read safe clip metadata only when the token also has clip.metadata.read.

## Scopes

- agent.manifest.read
- job.list.read
- job.status.read
- job.import.create
- job.upload.create
- job.results.read
- clip.metadata.read

## Hard boundaries

- Do not use browser cookies as agent API authentication.
- Do not ask users for passwords, cookies, raw OAuth tokens, payment details, private keys, or provider console secrets.
- Do not publish clips, change billing, disconnect Google, delete accounts, administer the app, fetch source media, or fetch signed media read URLs through v1 agent routes.
- Route publishing, billing, Google disconnect, account deletion, and admin actions back to the normal browser UI or support.

## Troubleshooting evidence

- For stuck jobs: job ID, visible failure text, and last visible stage.
- For clip quality: job ID, clip title or time range, and what claim/edit is wrong.
- For account or billing: account email only when relevant.
- Never include raw tokens, cookies, private media URLs, payment card details, or provider secrets in support notes.