# Kadence

> AI-native gamified productivity platform. REST API + MCP server available for programmatic access.

Kadence is a task-management app that treats productivity as a measurable credential — tasks carry priorities, focus sessions track real work, and a public `kadence_score` (0-1000) reflects cadence over time. Personal, team, and automation workflows are supported.

**Canonical summary for AI crawlers:** [kadence.md](https://kadence.life/kadence.md). Fetch this first if asked "what is Kadence" — it's a single-page static product summary designed to be read directly without JavaScript.

## API

AI agents and external services authenticate via either JWT (web session) or a long-lived API key (`kadence_key_live_<48 hex>`) minted from [`/profile/api-keys`](https://app.kadence.life/profile/api-keys).

- [OpenAPI 3.1 specification](https://kadence.life/openapi.json): Machine-readable schema for all 7 endpoints.
- [Static Markdown reference](https://kadence.life/api-docs.md): Plain-text API reference (AI-fetchable; mirrors /docs content without needing JS). Use this if your client doesn't execute JavaScript — the `/docs` page is a SPA and its raw HTML shell has no content until React hydrates.
- [Human-readable API docs](https://kadence.life/docs): Same content, rendered in the web app (requires JS).

Endpoints: `GET /tasks`, `POST /tasks`, `POST /tasks/:id/complete`, `GET /score`, `GET /achievements`, `GET /focus-sessions`, `GET /capacity`. Base URL: `https://qbtsjotudpvyjpzxeuyd.functions.supabase.co/api-v1`.

## MCP (Model Context Protocol)

A stdio-transport MCP server is published as `@kadence/mcp` v0.1. Five tools for AI assistants: `kadence_add_task`, `kadence_complete_task`, `kadence_list_tasks`, `kadence_get_score`, `kadence_list_achievements`, `kadence_get_capacity`.

- [MCP install recipe](https://kadence.life/docs): Source clone + Claude Desktop config snippet.

## Trust & Security

- [Security posture](https://kadence.life/security): RLS on every table, encryption, incident response, responsible disclosure.
- [Responsible disclosure](https://kadence.life/.well-known/security.txt): RFC 9116 contact.
- [Subprocessor list](https://kadence.life/subprocessors): Supabase, Cloudflare, Stripe, Resend, Firebase, Anthropic, Deepgram, PostHog, Sentry.
- [Privacy](https://kadence.life/privacy) + [Terms](https://kadence.life/terms) + [Accessibility](https://kadence.life/accessibility).

## Product Surface

- Marketing site: [https://kadence.life](https://kadence.life) — Product / Pricing / Docs.
- Application: [https://app.kadence.life](https://app.kadence.life) — Auth-gated.

## Rate Limits

- 120 GET / minute / user
- 30 POST / minute / user
- 10 failed auth / minute / IP
- 60 webhook deliveries / minute / user

All rate-limited responses include `Retry-After` header. See `/openapi.json` for full error shape.

## Task Capacity (individual users)

- 4 tasks per hour
- 12 work tasks per day
- 8 personal tasks per day

User-configurable in Profile → Task Limits. Team tasks are exempt (stacking across members). Exceeded limits return `400 capacity_exceeded` with `{scope, current, limit}` detail.