By Project Auxo · 2026-06-29 · v1
TL;DR. Agent-readiness is how prepared a website or API is for AI agents to discover, invoke, trust, and be held accountable for actions on it. We score it across four categories — Discoverable, Invocable, Identifiable & Trusted, and Provable — from public, well-known signals (robots.txt AI-crawler rules, sitemap.xml, llms.txt, schema.org, capabilities.txt, OpenAPI, MCP, A2A agent cards, and evidence/governance). This is the open rubric behind the agent-readiness report card; stable signals are weighted, emerging ones count as bonus.
The web is being visited by software acting on people's behalf, and there's no shared answer to a simple question: is this site ready for agents? Agent-readiness is measurable — from public signals a site already does or doesn't publish. This is the open methodology behind the agent-readiness report card; it's versioned, and we publish it so the score is auditable rather than a black box.
| Signal | What we check | Pts |
|---|---|---|
robots.txt | Present | 5 |
AI crawlers allowed | GPTBot, ClaudeBot, PerplexityBot, CCBot, Google-Extended not blocked | 10 |
sitemap.xml | Present or referenced in robots.txt | 5 |
llms.txt | Present — what is worth reading | 10 |
schema.org JSON-LD | Structured data on the homepage | 8 |
capabilities.txt | Present + conformance grade | 12 |
| Signal | What we check | Pts |
|---|---|---|
OpenAPI discoverable | A spec at a common path agents can map | 18 |
MCP advertised | mcp.json / a live MCP server (optional) | 12 |
| Signal | What we check | Pts |
|---|---|---|
A2A agent card | /.well-known/agent-card.json | 15 |
| Signal | What we check | Pts |
|---|---|---|
Governed, replayable evidence | The frontier — almost no one has this yet | 5 |
Each signal earns points within its category; the four categories sum to a 0–100 score and an A–F grade (A ≥ 85, B ≥ 70, C ≥ 55, D ≥ 40, F below). Most of the web scores C–F today — agent-readiness is new, and the point of the grade is the prioritized list of fixes, not the letter. The methodology is versioned; this is v1.
How prepared a website or API is for AI agents to discover what it can do, invoke it, recognize its identity, and be held accountable for consequential actions. It is the agentic-web analogue of mobile-readiness or accessibility — a measurable property of a site, not a product you buy.
From public, deterministic signals at well-known locations — robots.txt AI-crawler rules, sitemap.xml, llms.txt, schema.org JSON-LD, capabilities.txt (graded for conformance), OpenAPI, MCP, and A2A agent cards. Each signal carries points within one of four categories; the categories sum to an overall 0–100 score and an A–F grade. No private data, no login required.
Because agent-readiness is a property of the whole stack, not any single file. A site can be discoverable via llms.txt and schema.org, invocable via OpenAPI, and still have no way to prove what an agent did. Weighting one file heavily would make the score self-serving and less useful. capabilities.txt is one Discoverable signal among several.
It asks whether you can prove, later and to someone skeptical, what an agent actually did on your site — and whether it was authorized. There is no widely-adopted standard for this yet, so nearly every site scores zero. It is the industry frontier, and the layer the Capability Host Protocol addresses.
Stable, widely-supported signals (robots.txt, sitemap, llms.txt, schema.org, OpenAPI, capabilities.txt) carry the weight. Fast-moving ones (A2A agent cards, Web Bot Auth, MCP advertisement) count but are weighted lighter, so your score does not swing as those specifications evolve.
Run the report cardMake your API agent-readyHow agents discover sites