Pillar 4 — Bot Access & Trust
Layer A — Agent Readiness. Owner: Engineering. Weight: 10 pts.
Items in this pillar
Section titled “Items in this pillar”| # | Item | Status | Authority |
|---|---|---|---|
| 14 | content-signal response header on public HTML | recommended | Cloudflare convention; IETF AI Preferences WG (draft-ietf-aipref-vocab) in progress |
| 15 | Web Bot Auth verification, origin-side (sign requests per RFC 9421; publish keys at /.well-known/http-message-signatures-directory) | conditional — only if the site originates bot traffic | IETF Web Bot Auth WG (chartered early 2026); Google testing in production for its agent fleet |
| 16 | /.well-known/agent-statement.json (site identity, AI usage policy summary, endpoint URLs) | framix convention | House rule |
Full item descriptions: Universal Requirements § Pillar 4.
Where this gets enforced
Section titled “Where this gets enforced”Gate A — Technical checks A.8 (content-signal header on public pages only), A.9 (agent-statement.json), and A.13 (Web Bot Auth — if the site originates bot traffic) against these items before any property ships.