Summary
Volume 7 keeps the AI-Ready Web program honest after launch. Governance is the difference between a useful standards program and a pile of stale claims. Every new mechanism must move through maturity review, source updates, machine artifacts, tests, release notes, and translation checks before it becomes current public support.
Maturity register
| Status | Use it for | Examples | UAIX rule |
|---|---|---|---|
| Stable baseline | Requirements that should be implemented before any agent-specific claim. | WCAG 2.2, semantic HTML, HTTP semantics, robots.txt, sitemap, JSON Schema, OpenAPI, Problem Details, Trace Context, JSON-LD. | May be required language when relevant and tested. |
| Current optional | Useful capabilities with real implementations but environment-specific adoption. | MCP in compatible hosts, A2A where supported, signed non-human principal flows, structured alternate representations. | Label as supported only when the local implementation has public evidence. |
| Proposal or community convention | Helpful discovery or policy signals that are not formal web standards. | llms.txt, markdown mirrors, agent preference files, TDMRep-style rights signals. | Use as advisory signals and never as the only source of authority. |
| Research track | Ideas to monitor without current support claims. | WebMCP/browser-native tool declarations, DNS-based agent discovery, autonomous agent commerce credentials beyond published APIs. | Keep in roadmap language until specifications, implementations, tests, and release evidence exist. |
| Unsupported | Claims UAIX must not imply. | Hosted runtime execution, automatic repository writes, hidden credential validation, certification, endorsement, safety proof, consciousness proof. | Block or rewrite the claim. |
Roadmap
| Window | Deliverables | Gate |
|---|---|---|
| First 30 days | Publish the 7-volume source pages, machine JSON assets, route inventory, tests, and handoff evidence. | Source tests pass; no live-support claim until package build and upload complete. |
| Days 31-90 | Add rendered-page accessibility smoke automation, OpenAPI/API examples, framework starter guides, and translation QA. | Manual accessibility and privacy review complete. |
| Months 3-6 | Add richer readiness validator UI, evidence export package, WordPress and ASP.NET Core reference snippets, and anti-pattern library. | Validator output schema and examples stay aligned with public pages. |
| Months 6-12 | Track MCP/A2A adoption, mature capability profiles, refine identity/delegation guidance, and add operations dashboards. | Only implementation-evidenced mechanisms become current support. |
| Months 12-24 | Evaluate browser-native agent APIs, commerce delegation patterns, rights-preference signals, and external interop feedback. | Research-track ideas stay planned until standards, implementations, tests, and public release evidence agree. |
Claim-review process
- Name the claim and the affected profile.
- Identify the stable standard, current implementation, proposal, or research-track source behind it.
- Update the human page, machine artifact, validator/test, release note, roadmap state, and translation source together.
- Run automated checks and record skipped checks with reasons.
- Publish only after owner review and package/live evidence exist.
Security and privacy governance
AI-Ready Web publication must never expose credentials, private endpoints, private customer data, hidden prompts, non-public production logs, or unsupported legal/security claims. The program follows UAIX no-op behavior: when a request crosses declared authority, the site returns a safe review path instead of trying to execute.
Primary governance references
- NIST AI Risk Management Framework for risk language and governance framing.
- OWASP Top 10 for LLM Applications for common agent and LLM application security risks.
- W3C TDM Reservation Protocol community work for text and data mining preference context, treated as a rights-signal input rather than full authorization.
Machine-readable governance
- Requirement registry JSONStable ARW requirement identifiers, tests, evidence, and anti-patterns.
- Maturity register JSONCurrent stable, configuration-specific, proposal, research, and unsupported mechanisms.
- Route inventory JSONSource/live audit facts, publication boundary, and route exposure plan.
- AI-Ready site manifest schemaPortable declaration for discovery, capabilities, policies, evidence, and support boundaries.
- AI-Ready site manifest exampleConcrete UAIX-flavored example without claiming hosted runtime execution.
- Readiness result schemaAssessment result model for automated checks plus manual review evidence.
- Readiness result exampleExample scoring packet with warnings, blockers, and no certification claim.