anc.dev
relative to the checks that apply to this site; global measures it against a maximally agent-ready site.
Discoverability
MUST 4 / 5/robots.txt present PASS
Goal: Publish robots.txt and state your crawl policy explicitly.
Result: Verified (https://anc.dev/robots.txt -> 200)
/sitemap.xml present PASS
Goal: Publish sitemap.xml so agents can enumerate your content URLs.
Result: Verified (https://anc.dev/sitemap.xml -> 200)
Resources: sitemaps.org · Fix skill
Homepage sends RFC 8288 Link headers pointing at agent resources MISSING
Goal: Advertise machine surfaces in a Link response header on / for header-only discovery.
Result: Not found (https://anc.dev/ -> 200 (header link no match /rel="?(service-desc|describedby|api-catalog|service-doc)"?/))
Fix: Send a `Link` response header on `/` (RFC 8288) whose `rel` points at your machine surfaces, so an agent reading only response headers finds them without parsing HTML or probing `/.well-known`. Use the RFC 8631 service trio and the RFC 9727 catalog: `rel="service-desc"` at a machine-readable description (OpenAPI, or an MCP server card), `rel="service-doc"` at the human-readable doc, `rel="service-meta"` at the service-context declaration, and `rel="api-catalog"` at your `/.well-known/api-catalog` index. Example: `Link: </.well-known/api-catalog>; rel="api-catalog", </.well-known/mcp/server-card.json>; rel="service-desc"`.
Resources: RFC 8288 (Link) · RFC 8631 (service links) · RFC 9727 (api-catalog) · Fix skill
Root HTML links to machine surfaces via <link rel> PASS
Goal: Point link rel elements at your machine surfaces from the root HTML head.
Result: Verified (https://anc.dev/ -> 200)
Resources: RFC 8631 (service-desc/doc) · Fix skill
DNS for AI Discovery (DNS-AID) records under _agents (IETF draft) PASS
Goal: Publish DNSSEC-signed SVCB records under _agents for DNS-level agent discovery.
Result: Verified (_index._agents.anc.dev: 1 record(s) via https://cloudflare-dns.com/dns-query)
Resources: DNS-AID draft · Fix skill
Content for agents
MUST 6 / 7/llms.txt present with a summary and link index PASS
Goal: Serve /llms.txt with a title, summary, and categorized link index.
Result: Verified (https://anc.dev/llms.txt -> 200)
Resources: llmstxt.org · Fix skill
/llms-full.txt present (single-fetch full corpus) PASS
Goal: Serve the whole docs corpus as markdown at /llms-full.txt for one-fetch ingestion.
Result: Verified (https://anc.dev/llms-full.txt -> 200)
Resources: llmstxt.org · Fix skill
Per-section llms.txt files resolve under content subdirectories N/A
Goal: Serve a scoped llms.txt inside each major content section.
Result: Not implemented, optional (https://anc.dev/.well-known/llms.txt -> 404)
Resources: llmstxt.org · Fix skill
Per-section llms-full.txt files resolve under content subdirectories N/A
Goal: Serve a scoped llms-full.txt corpus inside each major content section.
Result: Not implemented, optional (https://anc.dev/.well-known/llms-full.txt -> 404)
Resources: llmstxt.org · Fix skill
Root HTML has a descriptive <meta name="description"> PASS
Goal: Add a meta description naming what the service does and its agent entry points.
Result: Verified (https://anc.dev/ -> 200)
Resources: MDN meta description · Fix skill
Root HTML embeds Schema.org JSON-LD PASS
Goal: Embed Schema.org JSON-LD so agents get typed facts without inference.
Result: Verified (https://anc.dev/ -> 200)
Resources: Schema.org · Fix skill
Root HTML uses semantic landmarks PASS
Goal: Use semantic landmarks so the HTML path is parseable structure, not div soup.
Result: Verified (https://anc.dev/ -> 200)
Resources: MDN content sectioning · Fix skill
Root HTML has a <noscript> with machine entry points MISSING
Goal: Give non-JS agents a noscript block listing your machine entry points.
Result: Not found (https://anc.dev/ -> 200 (body no match /<noscript/))
Fix: Add a `<noscript>` block to your root HTML that links your machine entry points: `llms.txt`, your OpenAPI or MCP endpoint, and any `.well-known` cards. It hands a fetch-only crawler or a non-JS agent a concrete, in-body list of where the structured surfaces live, so it never has to run the client bundle or infer them from the visible page.
Resources: MDN noscript · Fix skill
Accept text/markdown content negotiation returns markdown PASS
Goal: Honor Accept text/markdown on content URLs with raw markdown, not HTML chrome.
Result: Verified (https://anc.dev/ -> 200)
Resources: RFC 7763 (text/markdown) · Fix skill
Bot & crawl policy
SHOULD 3 / 3robots.txt declares AI-crawler rules (RFC 9309) PASS
Goal: State your AI-crawler policy in robots.txt with explicit User-agent rules.
Result: Verified (https://anc.dev/robots.txt -> 200)
robots.txt declares Content-Signal AI-usage preferences PASS
Goal: Declare Content-Signal AI-usage preferences in robots.txt.
Result: Verified (https://anc.dev/robots.txt -> 200)
Resources: contentsignals.org · Fix skill
Web Bot Auth signature directory present (informational) N/A
Goal: Publish an HTTP Message Signatures directory if your site sends signed bot traffic.
Result: Not implemented, optional (https://anc.dev/.well-known/http-message-signatures-directory -> 404 (status 404 not in [200]))
Resources: Web Bot Auth draft · Fix skill
MCP & API
MUST 8 / 12initialize handshake returns serverInfo + protocolVersion PASS
Goal: Answer JSON-RPC initialize with serverInfo and protocolVersion so clients can begin a session.
Result: Verified (serverInfo anc, protocol 2025-06-18)
Resources: MCP lifecycle · Fix skill
An OpenAPI description is published MISSING
Goal: Publish an OpenAPI description so non-MCP agents can call your HTTP API.
Result: Not found (https://anc.dev/openapi.json -> 404 (status 404 not in [200]))
Fix: If your service exposes an HTTP/REST API (separate from any MCP endpoint), publish an OpenAPI 3.1 description of it at `/openapi.json` (or `/openapi.yaml`, or `/.well-known/openapi.json`). Non-MCP agents use it to discover endpoints, parameters, and response shapes, and to generate typed clients. A service whose only machine surface is MCP has no REST API to describe here.
Resources: OpenAPI 3.1 · Fix skill
Referenced JSON Schemas resolve as application/schema+json N/A
Goal: Serve the JSON Schemas your API references so agents can validate payloads pre-flight.
Result: Not applicable (no JSON Schema references detected)
Resources: JSON Schema · Fix skill
CORS preflight (OPTIONS) succeeds with Access-Control-Allow-* headers MISSING
Goal: Answer OPTIONS preflights on the MCP endpoint with Access-Control-Allow-* headers.
Result: Not found (405 allow-origin absent)
Fix: Answer the `OPTIONS` preflight on your MCP endpoint with `204` (or `200`) and the `Access-Control-Allow-Origin`, `Access-Control-Allow-Methods`, and `Access-Control-Allow-Headers` response headers, so a browser-origin agent can call the endpoint. If your MCP surface is deliberately server-to-agent only (no browser clients), this SHOULD is a considered choice, not a defect.
Resources: MDN CORS preflight · Fix skill
unknown JSON-RPC method returns -32601 PASS
Goal: Reject unknown JSON-RPC methods with error -32601 instead of a hang or 500.
Result: Verified (error code -32601)
Resources: JSON-RPC 2.0 · Fix skill
POST response carries Access-Control-Allow-Origin MISSING
Goal: Echo Access-Control-Allow-Origin on the actual MCP POST response.
Result: Not found (allow-origin absent)
Fix: Echo `Access-Control-Allow-Origin` on the actual `POST` response, not only on the preflight. A browser blocks the response body when the header is absent even if the preflight passed. Omit it deliberately only if browser-origin agents are not a supported client.
tools/list returns a tools array with input schemas PASS
Goal: Return tools/list entries with name, description, and a JSON inputSchema.
Result: Verified (13 tools, 13 with input schema)
Root HTML exposes WebMCP browser tools PASS
Goal: Expose page tools to browser agents via WebMCP.
Result: Verified (https://anc.dev/ -> 200)
Resources: WebMCP spec · Fix skill
initialize advertises capabilities (tools / resources / prompts) PASS
Goal: Advertise the capability groups your MCP server implements in the initialize result.
Result: Verified (serverInfo anc, protocol 2025-06-18)
Resources: MCP lifecycle · Fix skill
GET on the MCP endpoint fast-fails (not a held-open hang) BROKEN
Goal: Answer GET on the MCP endpoint fast (a fast-fail status or a documented surface), never a held-open hang.
Result: Present but broken (https://anc.dev/mcp -> 200 (status 200 not in [405, 400, 404, 406]))
Fix: Answer a `GET` on the MCP endpoint promptly; this check fails only when the connection is held open. A streamable-HTTP `GET` routed into the transport opens the server-to-client SSE notification stream, and a stateless server (nothing to push) parks that connection until the caller times out. Answer one of two ways instead: fast-fail non-`POST` at the router with `405 Method Not Allowed` and an `Allow: POST` header; or serve a documented surface on `GET` (a human- and agent-readable docs page, or a redirect to your `.well-known` MCP server card) so the `GET` returns content rather than a rejection. Any prompt, completed response passes (a fast-fail status, or a documented `2xx`/redirect); only a held-open hang or a `5xx` fails.
Resources: MCP transports · Fix skill
A .well-known MCP server card is published (SEP-1649) PASS
Goal: Publish an MCP server card at the canonical SEP-1649 path and 301 the legacy aliases to it.
Result: Verified (https://anc.dev/.well-known/mcp/server-card.json -> 200)
/.well-known/api-catalog published (RFC 9727) PASS
Goal: Serve an RFC 9727 api-catalog linkset indexing your API descriptions.
Result: Verified (https://anc.dev/.well-known/api-catalog -> 200)
A human/agent usage doc for the server resolves PASS
Goal: Publish a one-fetch markdown usage doc for your MCP server.
Result: Verified (https://anc.dev/mcp-skill.md -> 200)
Resources: anc.dev example · Fix skill
Agent discovery & auth
MAY 4 / 4OAuth/OIDC discovery metadata published PASS
Goal: Publish OAuth/OIDC discovery metadata if agents authenticate to your service.
Result: Verified (https://anc.dev/.well-known/oauth-authorization-server -> 200)
A2A Agent Card published for agent-to-agent discovery N/A
Goal: Publish an A2A Agent Card for agent-to-agent discovery.
Result: Not implemented, optional (https://anc.dev/.well-known/agent-card.json -> 404 (status 404 not in [200]))
Resources: A2A protocol · Fix skill
OAuth Protected Resource Metadata published (RFC 9728) PASS
Goal: Publish RFC 9728 protected-resource metadata for your authenticated MCP server.
Result: Verified (https://anc.dev/.well-known/oauth-protected-resource -> 200)
Agent-skills discovery index published PASS
Goal: Publish an agent-skills discovery index so agents can enumerate your skills.
Result: Verified (https://anc.dev/.well-known/agent-skills/index.json -> 200)
Resources: Agent Skills Discovery · Fix skill
Agent auth/registration metadata doc published PASS
Goal: Publish an auth.md telling agents how to obtain credentials.
Result: Verified (https://anc.dev/auth.md -> 200)
Resources: anc.dev example · Fix skill
This scorecard reflects the target's public agent-facing surface at audit time. Re-run the audit from anc.dev/web-audit to refresh it, or call the audit_website MCP tool.