Fix: Web Bot Auth signature directory present (informational)

Web-audit fix skill for the web-bot-auth check (Bot & crawl policy, MAY).

Goal

Publish an HTTP Message Signatures directory if your site sends signed bot traffic.

Fix

Informational only. If your site sends authenticated bot traffic, publish an HTTP Message Signatures JWKS directory at /.well-known/http-message-signatures-directory so recipients can verify your bot's signatures. Skip it if you do not send signed bot requests.

Resources

Copy-paste prompt

Paste this into your coding agent, replacing the Issue line with the Result line from your audit:

Verify

Re-run the audit at https://anc.dev/web-audit or call the audit_website MCP tool; the web-bot-auth check should report pass.