Agent-readiness
isittrustready.ai
Trust-ready — exemplary Trust A+ · 100/100Access A+ · 100/100MCP A+ · 100/100Breakdown
Trust
-
PassPublishes an A2A agent cardconventionemerging
agent card present with a name and declared capabilities
-
PassAgent card is cryptographically verifiable (signed / DID / VC)standardemerging
agent card carries a cryptographic signature / proof / DID binding
-
PassPublishes an MCP server card (if it runs MCP)conventionemerging
MCP server card present with name and advertised tools
-
Passinitialize advertises server identitystandardestablished
serverInfo name+version and instructions present
-
PassExposes cryptographically verifiable artifactsstandardestablished
2 signed resource(s) verified
-
PassPublishes an alignment / values cardconventionemerging
alignment card declares values plus scope/refusals
-
PassDeclared capabilities are present and coherentconventionemerging
agent card enumerates concrete capabilities/skills
-
PassDeclares values / scope (alignment card or equivalent)conventionemerging
values + scope/refusals declared
-
PassDeclares known limitations / non-goalsconventionemerging
known limitations / non-goals declared
-
PassTools do what they say (output matches declared schema)standardestablished
all 2 tool outputs validating against their schema ok
-
PassPublishes signed attestations / verifiable credentialsstandardemerging
publishes signed attestations / verifiable credentials
-
PassBuild / behaviour provenance (Sigstore / SLSA)standardemerging
publishes signed SLSA/in-toto provenance
-
PassOffers verifiable provenance / attestationstandardemerging
provenance verifies
-
PassServes security.txtstandardestablished
security.txt served with Contact and Expires
-
PassPublishes a dated, signed re-verification statusconventionemerging
publishes a dated, machine-readable verification status
-
PassPublishes advisories / a STIX IoC feedstandardemerging
STIX bundle published (1 objects)
-
PassVerification discriminates real from tamperedstandardestablished
verify rejects tampered input
-
PassWell-formed errors, no internal leakagestandardestablished
well-formed JSON-RPC errors, no internal leakage
-
N/ADiscloses caching / freshness honestlyconventionemerging
no caching observed to disclose
-
PassAccountable maintainer contactconventionemerging
reachable maintainer contact published
-
N/AOAuth protected-resource metadatastandardestablished
not applicable — service declares no delegated/OAuth authorization
-
N/AOAuth authorization-server metadatastandardestablished
not applicable — service declares no delegated/OAuth authorization
-
PassDocuments agent authenticationconventionemerging
publishes a substantive agent authentication guide
-
PassServes coherent RFC 9728 protected-resource metadatastandardestablished
PRM coherent (resource + authorization_servers)
-
PassAuthed / write tools fail closedstandardestablished
authed tool returns 401 + WWW-Authenticate
-
PassPublic reads leak no private/owner dataconventionestablished
8 anon read(s) leak no private fields
-
PassDynamic Client Registration handles loopback safelystandardemerging
loopback accepted, non-loopback rejected
Access & discoverabilityscored separately — never blended with Trust
-
PassServes a parseable robots.txtstandardestablished
serves a parseable robots.txt
-
PassPublishes a sitemapstandardestablished
serves a sitemap (valid XML / sitemap index)
-
PassEmits HTTP Link relationsstandardestablished
emits 4 HTTP Link relation(s)
-
PassServes markdown via content negotiationconventionemerging
serves text/markdown via content negotiation
-
PassPublishes an llms.txt indexconventionemerging
publishes /llms.txt with an H1 title
-
PassEmbeds structured data (JSON-LD / OpenGraph)standardestablished
embeds schema.org JSON-LD (Organization, WebApplication)
-
PassDeclares explicit AI-bot rulesstandardestablished
declares explicit rules for 15 known AI crawler(s): amazonbot, anthropic-ai, applebot-extended, bytespider, ccbot, chatgpt-user, claude-user, claudebot, cohere-ai, google-extended, gptbot, meta-externalagent, oai-searchbot, perplexity-user, perplexitybot
-
PassPublishes Content Signalsconventionemerging
publishes Content Signals (ai-train / ai-input / search)
-
PassPublishes an API catalogstandardestablished
publishes an RFC 9727 API catalog (linkset+json) with ≥1 link
-
PassPublishes an OpenAPI documentstandardestablished
publishes a discoverable OpenAPI document (v3.1.0) at https://isittrustready.ai/openapi.json
-
PassPublishes an MCP server cardconventionemerging
MCP server card present with name and advertised tools
-
PassForegrounds the primary agent channel (agents.txt → MCP)conventionemerging
/agents.txt foregrounds the MCP channel (references the MCP endpoint / server card)
-
PassDNS-AID agent discovery (DNSSEC-validated)conventionemerging
DNS-AID record published and DNSSEC-validated at _index._agents.isittrustready.ai
-
N/AOAuth protected-resource metadatastandardestablished
not applicable — service declares no delegated/OAuth authorization
-
N/AOAuth authorization-server metadatastandardestablished
not applicable — service declares no delegated/OAuth authorization
-
Passinitialize returns protocolVersion + capabilitiesstandardestablished
protocolVersion + capabilities advertised
-
PassAdvertised capabilities are actually servedstandardestablished
advertised capabilities are all served
-
Passtools/resources/prompts lists are well-formedstandardestablished
all 69 tools with name + inputSchema ok
-
PassZero-auth orientation for arriving agentsconventionemerging
zero-auth orientation with a surface map
-
Failagents.txt / llms.txt surface the server doorconventionemerging
no agents.txt / llms.txt
Copy-paste fix promptPublish `/agents.txt` and/or `/llms.txt` (and an agent-native markdown root) that name your MCP endpoint URL and orientation entrypoint in the first screenful, so an arriving agent finds the door without guessing. Verify: `curl -s <site>/agents.txt` (or /llms.txt) references your /mcp endpoint near the top. Spec: https://llmstxt.org/
-
PassExample calls execute verbatim, anonymouslyconventionemerging
all 5 examples running verbatim ok
-
PassOne canonical public home, resolvable from the registryconventionestablished
canonical home with server.json + connect + auth, resolvable from registry
-
PassMeaningful presence in the canonical MCP registryconventionemerging
present in the canonical MCP registry
MCPcapability quality of the associated MCP server — scored separately
-
PassEvery tool has a meaningful descriptionconventionemerging
all 69 tools with a description ok
-
PassEvery input parameter is describedconventionemerging
all 65 parameterized tools with described params ok
-
PassEvery tool declares a real outputSchemastandardestablished
all 69 tools declaring an outputSchema ok
-
PassTyped request bodies (no opaque blobs)standardestablished
all 69 tools with typed (non-opaque) bodies ok
-
PassTools carry human-readable titlesconventionemerging
all 69 tools with a title ok
-
PassTools carry behaviour annotationsstandardestablished
all 69 tools with all four behaviour annotations ok
-
PassAnnotations are accurateconventionemerging
69 annotated tools are self-consistent
-
PassComplete server metadataconventionemerging
name + description + homepage + icon
-
PassConsistent tool naming (preferences flagged, not penalized)conventionemerging
tool names follow one consistent scheme
-
PassClear configuration UXconventionemerging
required configuration declared with defaults
Make your domain trust-ready.
Mnemom publishes signed identity, alignment & attestation surfaces for your agents — and keeps them verified.
Re-scan isittrustready.ai →