UAI-1 is the current public message standard for structured AI-to-AI communication.
UAIX shield mark Public interoperability charter UAIX.org Universal Artificial Intelligence Exchange Public standards publication
Current UAI-1
  • Current version UAI-1
  • Plain-English definition Open message format for auditable AI-to-AI exchange
  • Current attribution Michael Joseph Kappel, MCP
  • Start here Get Started, Project Handoff, UAI-1, validator, roadmap, and changelog

Guides

GET-Action Security

Security checklist for GET-Action fallback endpoints, including no secrets in query strings, consent, idempotency, rate limits, crawler protection, and auditability.

  • Record UAIX-DOC-2726
  • Path /en-us/guides/get-action-security/
  • Use Canonical public record

Document status

Public standards page Published on UAIX as part of the current public standards record
Code
UAIX-DOC-2726
Surface
Guides
Access
Public and linkable

How to use this page

Use this guide to keep GET-Action fallback URLs out of secret, regulated, destructive, crawler-triggered, and unaudited behavior.

GET-Action security starts by assuming URLs leak. Query strings can appear in browser history, server logs, analytics, referrers, caches, screenshots, and support tickets.

Security checklist

  1. Require an idempotency key and reject replay with conflicting parameters.
  2. Never include secrets, tokens, passwords, API keys, patient IDs, account identifiers, payment data, private messages, or regulated data in the query string.
  3. Use a matching POST endpoint for L2+ clients and all rich or sensitive actions.
  4. Require human consent for publication, repository writes, account changes, destructive actions, durable memory writes, financial actions, or regulated contexts.
  5. Apply strict rate limits, crawler protection, and abuse detection before action execution.
  6. Log public-safe audit evidence without storing raw secrets or private query material.
  7. Keep action endpoints out of public sitemap entries and search-index invitations.
  8. Return a review URL or blocker instead of executing ambiguous requests.

Reject examples

  • ?token=..., ?api_key=..., ?password=..., or bearer-like values.
  • Medical or regulated identifiers carried in URLs.
  • One-click destructive, payment, publication, or account-change URLs without a stronger reviewed path.

Safe default

When unsure, do the read-only part, return a human-readable review URL, and require POST JSON or human approval before execution.

Boundary

Agent runtimes execute. UAIX records the reviewed communication, memory, trust, evidence, and handoff boundary.

  • Minimal Access is read-only, public-safe, GET-only, URL-only, and must not mutate state.
  • GET-Action is a separate bounded fallback for bounded actions and must not be treated as a replacement for POST JSON APIs.
  • UAIX does not certify runtime safety, truth, consciousness, authorization, medical suitability, or production readiness.

Machine-readable companions

Agent Communication Operating Model

Agent runtimes execute. UAIX records the reviewed communication, memory, trust, evidence, and handoff boundary.

Use Agent Communication Operating Model when a human operator, coding agent, AI agent, or runtime implementer needs portable identity, intent, context, acknowledgement, status, blocker, memory proposal, validation evidence, correction, final report, or handoff records. The matching machine-readable assets are published through Schemas, Registry, Examples, and the Validator.

  • UAIX does not provide automatic sync, hosted messaging, runtime orchestration, official adapters, repository write execution, certification authority, or hosted import mechanisms.
  • Carcinus.org is a separate runtime/orchestrator example that may consume UAIX records. UAIX.org does not implement Carcinus runtime behavior and does not execute Carcinus workflows.
  • LocalEndPoint and other runtimes may consume the published UAIX records as external consumers; UAIX.org does not implement their project-specific runtime features.
  • Durable memory proposals stay separate from task execution records. Do not promote temporary endpoint statuses, session tokens, write tokens, beta platform instructions, local error traces, private keys, or API credentials.