anc.dev

Website https://anc.dev/ · agent-readiness audit

25 pass5 missing1 broken5 n/a

relative to the checks that apply to this site; global measures it against a maximally agent-ready site.

76site score
65global-ready
C1

Discoverability

MUST 4 / 5
/robots.txt present PASS

Goal: Publish robots.txt and state your crawl policy explicitly.

Result: Verified (https://anc.dev/robots.txt -> 200)

Resources: RFC 9309 · Fix skill

/sitemap.xml present PASS

Goal: Publish sitemap.xml so agents can enumerate your content URLs.

Result: Verified (https://anc.dev/sitemap.xml -> 200)

Resources: sitemaps.org · Fix skill

Homepage sends RFC 8288 Link headers pointing at agent resources MISSING

Goal: Advertise machine surfaces in a Link response header on / for header-only discovery.

Result: Not found (https://anc.dev/ -> 200 (header link no match /rel="?(service-desc|describedby|api-catalog|service-doc)"?/))

Fix: Send a `Link` response header on `/` (RFC 8288) whose `rel` points at your machine surfaces, so an agent reading only response headers finds them without parsing HTML or probing `/.well-known`. Use the RFC 8631 service trio and the RFC 9727 catalog: `rel="service-desc"` at a machine-readable description (OpenAPI, or an MCP server card), `rel="service-doc"` at the human-readable doc, `rel="service-meta"` at the service-context declaration, and `rel="api-catalog"` at your `/.well-known/api-catalog` index. Example: `Link: </.well-known/api-catalog>; rel="api-catalog", </.well-known/mcp/server-card.json>; rel="service-desc"`.

Resources: RFC 8288 (Link) · RFC 8631 (service links) · RFC 9727 (api-catalog) · Fix skill

Root HTML links to machine surfaces via <link rel> PASS

Goal: Point link rel elements at your machine surfaces from the root HTML head.

Result: Verified (https://anc.dev/ -> 200)

Resources: RFC 8631 (service-desc/doc) · Fix skill

DNS for AI Discovery (DNS-AID) records under _agents (IETF draft) PASS

Goal: Publish DNSSEC-signed SVCB records under _agents for DNS-level agent discovery.

Result: Verified (_index._agents.anc.dev: 1 record(s) via https://cloudflare-dns.com/dns-query)

Resources: DNS-AID draft · Fix skill

C2

Content for agents

MUST 6 / 7
/llms.txt present with a summary and link index PASS

Goal: Serve /llms.txt with a title, summary, and categorized link index.

Result: Verified (https://anc.dev/llms.txt -> 200)

Resources: llmstxt.org · Fix skill

/llms-full.txt present (single-fetch full corpus) PASS

Goal: Serve the whole docs corpus as markdown at /llms-full.txt for one-fetch ingestion.

Result: Verified (https://anc.dev/llms-full.txt -> 200)

Resources: llmstxt.org · Fix skill

Per-section llms.txt files resolve under content subdirectories N/A

Goal: Serve a scoped llms.txt inside each major content section.

Result: Not implemented, optional (https://anc.dev/.well-known/llms.txt -> 404)

Resources: llmstxt.org · Fix skill

Per-section llms-full.txt files resolve under content subdirectories N/A

Goal: Serve a scoped llms-full.txt corpus inside each major content section.

Result: Not implemented, optional (https://anc.dev/.well-known/llms-full.txt -> 404)

Resources: llmstxt.org · Fix skill

Root HTML has a descriptive <meta name="description"> PASS

Goal: Add a meta description naming what the service does and its agent entry points.

Result: Verified (https://anc.dev/ -> 200)

Resources: MDN meta description · Fix skill

Root HTML embeds Schema.org JSON-LD PASS

Goal: Embed Schema.org JSON-LD so agents get typed facts without inference.

Result: Verified (https://anc.dev/ -> 200)

Resources: Schema.org · Fix skill

Root HTML uses semantic landmarks PASS

Goal: Use semantic landmarks so the HTML path is parseable structure, not div soup.

Result: Verified (https://anc.dev/ -> 200)

Resources: MDN content sectioning · Fix skill

Root HTML has a <noscript> with machine entry points MISSING

Goal: Give non-JS agents a noscript block listing your machine entry points.

Result: Not found (https://anc.dev/ -> 200 (body no match /<noscript/))

Fix: Add a `<noscript>` block to your root HTML that links your machine entry points: `llms.txt`, your OpenAPI or MCP endpoint, and any `.well-known` cards. It hands a fetch-only crawler or a non-JS agent a concrete, in-body list of where the structured surfaces live, so it never has to run the client bundle or infer them from the visible page.

Resources: MDN noscript · Fix skill

Accept text/markdown content negotiation returns markdown PASS

Goal: Honor Accept text/markdown on content URLs with raw markdown, not HTML chrome.

Result: Verified (https://anc.dev/ -> 200)

Resources: RFC 7763 (text/markdown) · Fix skill

C3

Bot & crawl policy

SHOULD 3 / 3
robots.txt declares AI-crawler rules (RFC 9309) PASS

Goal: State your AI-crawler policy in robots.txt with explicit User-agent rules.

Result: Verified (https://anc.dev/robots.txt -> 200)

Resources: RFC 9309 · Fix skill

robots.txt declares Content-Signal AI-usage preferences PASS

Goal: Declare Content-Signal AI-usage preferences in robots.txt.

Result: Verified (https://anc.dev/robots.txt -> 200)

Resources: contentsignals.org · Fix skill

Web Bot Auth signature directory present (informational) N/A

Goal: Publish an HTTP Message Signatures directory if your site sends signed bot traffic.

Result: Not implemented, optional (https://anc.dev/.well-known/http-message-signatures-directory -> 404 (status 404 not in [200]))

Resources: Web Bot Auth draft · Fix skill

/.well-known/security.txt present (RFC 9116) PASS

Goal: Publish security.txt with a Contact and Expires field.

Result: Verified (https://anc.dev/.well-known/security.txt -> 200)

Resources: RFC 9116 · Fix skill

C4

MCP & API

MUST 8 / 12
initialize handshake returns serverInfo + protocolVersion PASS

Goal: Answer JSON-RPC initialize with serverInfo and protocolVersion so clients can begin a session.

Result: Verified (serverInfo anc, protocol 2025-06-18)

Resources: MCP lifecycle · Fix skill

An OpenAPI description is published MISSING

Goal: Publish an OpenAPI description so non-MCP agents can call your HTTP API.

Result: Not found (https://anc.dev/openapi.json -> 404 (status 404 not in [200]))

Fix: If your service exposes an HTTP/REST API (separate from any MCP endpoint), publish an OpenAPI 3.1 description of it at `/openapi.json` (or `/openapi.yaml`, or `/.well-known/openapi.json`). Non-MCP agents use it to discover endpoints, parameters, and response shapes, and to generate typed clients. A service whose only machine surface is MCP has no REST API to describe here.

Resources: OpenAPI 3.1 · Fix skill

Referenced JSON Schemas resolve as application/schema+json N/A

Goal: Serve the JSON Schemas your API references so agents can validate payloads pre-flight.

Result: Not applicable (no JSON Schema references detected)

Resources: JSON Schema · Fix skill

CORS preflight (OPTIONS) succeeds with Access-Control-Allow-* headers MISSING

Goal: Answer OPTIONS preflights on the MCP endpoint with Access-Control-Allow-* headers.

Result: Not found (405 allow-origin absent)

Fix: Answer the `OPTIONS` preflight on your MCP endpoint with `204` (or `200`) and the `Access-Control-Allow-Origin`, `Access-Control-Allow-Methods`, and `Access-Control-Allow-Headers` response headers, so a browser-origin agent can call the endpoint. If your MCP surface is deliberately server-to-agent only (no browser clients), this SHOULD is a considered choice, not a defect.

Resources: MDN CORS preflight · Fix skill

unknown JSON-RPC method returns -32601 PASS

Goal: Reject unknown JSON-RPC methods with error -32601 instead of a hang or 500.

Result: Verified (error code -32601)

Resources: JSON-RPC 2.0 · Fix skill

POST response carries Access-Control-Allow-Origin MISSING

Goal: Echo Access-Control-Allow-Origin on the actual MCP POST response.

Result: Not found (allow-origin absent)

Fix: Echo `Access-Control-Allow-Origin` on the actual `POST` response, not only on the preflight. A browser blocks the response body when the header is absent even if the preflight passed. Omit it deliberately only if browser-origin agents are not a supported client.

Resources: MDN CORS · Fix skill

tools/list returns a tools array with input schemas PASS

Goal: Return tools/list entries with name, description, and a JSON inputSchema.

Result: Verified (13 tools, 13 with input schema)

Resources: MCP tools · Fix skill

Root HTML exposes WebMCP browser tools PASS

Goal: Expose page tools to browser agents via WebMCP.

Result: Verified (https://anc.dev/ -> 200)

Resources: WebMCP spec · Fix skill

initialize advertises capabilities (tools / resources / prompts) PASS

Goal: Advertise the capability groups your MCP server implements in the initialize result.

Result: Verified (serverInfo anc, protocol 2025-06-18)

Resources: MCP lifecycle · Fix skill

GET on the MCP endpoint fast-fails (not a held-open hang) BROKEN

Goal: Answer GET on the MCP endpoint fast (a fast-fail status or a documented surface), never a held-open hang.

Result: Present but broken (https://anc.dev/mcp -> 200 (status 200 not in [405, 400, 404, 406]))

Fix: Answer a `GET` on the MCP endpoint promptly; this check fails only when the connection is held open. A streamable-HTTP `GET` routed into the transport opens the server-to-client SSE notification stream, and a stateless server (nothing to push) parks that connection until the caller times out. Answer one of two ways instead: fast-fail non-`POST` at the router with `405 Method Not Allowed` and an `Allow: POST` header; or serve a documented surface on `GET` (a human- and agent-readable docs page, or a redirect to your `.well-known` MCP server card) so the `GET` returns content rather than a rejection. Any prompt, completed response passes (a fast-fail status, or a documented `2xx`/redirect); only a held-open hang or a `5xx` fails.

Resources: MCP transports · Fix skill

A .well-known MCP server card is published (SEP-1649) PASS

Goal: Publish an MCP server card at the canonical SEP-1649 path and 301 the legacy aliases to it.

Result: Verified (https://anc.dev/.well-known/mcp/server-card.json -> 200)

Resources: SEP-1649 · Fix skill

/.well-known/api-catalog published (RFC 9727) PASS

Goal: Serve an RFC 9727 api-catalog linkset indexing your API descriptions.

Result: Verified (https://anc.dev/.well-known/api-catalog -> 200)

Resources: RFC 9727 · Fix skill

A human/agent usage doc for the server resolves PASS

Goal: Publish a one-fetch markdown usage doc for your MCP server.

Result: Verified (https://anc.dev/mcp-skill.md -> 200)

Resources: anc.dev example · Fix skill

C5

Agent discovery & auth

MAY 4 / 4
OAuth/OIDC discovery metadata published PASS

Goal: Publish OAuth/OIDC discovery metadata if agents authenticate to your service.

Result: Verified (https://anc.dev/.well-known/oauth-authorization-server -> 200)

Resources: RFC 8414 · Fix skill

A2A Agent Card published for agent-to-agent discovery N/A

Goal: Publish an A2A Agent Card for agent-to-agent discovery.

Result: Not implemented, optional (https://anc.dev/.well-known/agent-card.json -> 404 (status 404 not in [200]))

Resources: A2A protocol · Fix skill

OAuth Protected Resource Metadata published (RFC 9728) PASS

Goal: Publish RFC 9728 protected-resource metadata for your authenticated MCP server.

Result: Verified (https://anc.dev/.well-known/oauth-protected-resource -> 200)

Resources: RFC 9728 · Fix skill

Agent-skills discovery index published PASS

Goal: Publish an agent-skills discovery index so agents can enumerate your skills.

Result: Verified (https://anc.dev/.well-known/agent-skills/index.json -> 200)

Resources: Agent Skills Discovery · Fix skill

Agent auth/registration metadata doc published PASS

Goal: Publish an auth.md telling agents how to obtain credentials.

Result: Verified (https://anc.dev/auth.md -> 200)

Resources: anc.dev example · Fix skill

This scorecard reflects the target's public agent-facing surface at audit time. Re-run the audit from anc.dev/web-audit to refresh it, or call the audit_website MCP tool.