{ "title": "UAIX Agent Compatibility Manifest", "status": "active", "package_version": "3.84.0", "release_date": "2026-06-10", "last_updated_utc": "2026-06-10T00:00:00Z", "canonical_url": "https://uaix.org/agent-compatibility.json/", "human_pages": { "agent_compatibility_spec": "https://uaix.org/en-us/spec/", "capability_adaptive_agent_interoperability_spec": "https://uaix.org/en-us/spec/capability-adaptive-agent-interoperability/", "get_action_pattern_spec": "https://uaix.org/en-us/spec/get-action-pattern/", "get_action_security_boundaries_spec": "https://uaix.org/en-us/spec/get-action-security-boundaries/", "no_op_protocol_spec": "https://uaix.org/en-us/spec/no-op-protocol/", "capability_surface_matrix_spec": "https://uaix.org/en-us/spec/capability-surface-matrix/", "agent_executability_matrix_spec": "https://uaix.org/en-us/spec/agent-executability-matrix/", "validator_rules_spec": "https://uaix.org/en-us/spec/validator-rules/", "implementation_examples_spec": "https://uaix.org/en-us/spec/implementation-examples/" }, "json_endpoints": { "agent_compatibility": "https://uaix.org/agent-compatibility.json/", "capability_surface_matrix": "https://uaix.org/spec/capability-surface-matrix.json", "uaix_agent_access": "https://uaix.org/.well-known/uaix-agent-access.json", "get_action_pattern": "https://uaix.org/get-action-pattern.json/", "get_action_security": "https://uaix.org/get-action-security.json/", "minimal_access_tier": "https://uaix.org/minimal-access-tier.json/", "agent_executability_matrix": "https://uaix.org/spec/agent-executability-matrix.json" }, "low_capability_quick_start": [ "Start here if you can only read text and open links.", "Use GET-Action URLs only when they are explicitly listed by a UAIX page, llms file, sitemap, JSON record, or well-known manifest.", "Do not invent writable URLs, POST bodies, custom headers, authentication, JavaScript-only steps, or hidden browser actions.", "Do not put secrets, tokens, passwords, API keys, bearer values, account identifiers, medical identifiers, payment data, private messages, or regulated identifiers in URLs.", "Use no-op and a public review URL when capability, consent, or public-safe context is unclear.", "For complex work, hand off to a human or a higher-capability agent that can use POST JSON, OpenAPI, MCP, A2A, review receipts, memory proposals, and evidence records." ], "semantic_actions": [ { "key": "openThisUrlToStartAMeeting", "getActionUrl": "https://example.org/api/v2/meetings/start?title=Q3+Planning&displayName=Agent+Alpha&idempotency_key=agent_req_001", "postEquivalent": { "method": "POST", "path": "/api/v2/meetings/start", "body": { "title": "Q3 Planning", "displayName": "Agent Alpha", "idempotency_key": "agent_req_001" } }, "minimalResponse": { "code": "ok", "url": "https://example.org/meetings/public-join/abc" } }, { "key": "openThisUrlToRegister", "getActionUrl": "https://example.org/api/v2/registrations/request?displayName=Agent+Alpha&idempotency_key=agent_req_002", "postEquivalent": { "method": "POST", "path": "/api/v2/registrations/request", "body": { "displayName": "Agent Alpha", "idempotency_key": "agent_req_002" } }, "minimalResponse": { "code": "human_review_required", "url": "https://example.org/review/registrations/agent_req_002" } }, { "key": "openThisUrlToPublish", "getActionUrl": "https://example.org/api/v2/drafts/request-publish?draft=public-safe-draft&idempotency_key=agent_req_003", "postEquivalent": { "method": "POST", "path": "/api/v2/drafts/request-publish", "body": { "draft": "public-safe-draft", "idempotency_key": "agent_req_003" } }, "minimalResponse": { "code": "human_review_required", "url": "https://example.org/review/publish/agent_req_003" } }, { "key": "openThisUrlToRequestHumanReview", "getActionUrl": "https://example.org/api/v2/review/request?subject=agent+handoff&nonce=agent_req_004", "postEquivalent": { "method": "POST", "path": "/api/v2/review/request", "body": { "subject": "agent handoff", "nonce": "agent_req_004" } }, "minimalResponse": { "code": "human_review_required", "url": "https://example.org/review/agent_req_004" } }, { "key": "openThisUrlToRequestEvidenceReceipt", "getActionUrl": "https://example.org/api/v2/evidence/receipt?subject=release+packet&idempotency_key=agent_req_005", "postEquivalent": { "method": "POST", "path": "/api/v2/evidence/receipt", "body": { "subject": "release packet", "idempotency_key": "agent_req_005" } }, "minimalResponse": { "code": "ok", "url": "https://example.org/evidence/receipts/agent_req_005" } }, { "key": "openThisUrlToCheckClaimStatus", "getActionUrl": "https://example.org/api/v2/claims/status?claim=public-claim-123&nonce=agent_req_006", "postEquivalent": { "method": "POST", "path": "/api/v2/claims/status", "body": { "claim": "public-claim-123", "nonce": "agent_req_006" } }, "minimalResponse": { "code": "ok", "url": "https://example.org/claims/public-claim-123/status" } }, { "key": "openThisUrlToRequestFileHandoffPackage", "getActionUrl": "https://example.org/api/v2/handoffs/request?project=public-demo&idempotency_key=agent_req_007", "postEquivalent": { "method": "POST", "path": "/api/v2/handoffs/request", "body": { "project": "public-demo", "idempotency_key": "agent_req_007" } }, "minimalResponse": { "code": "human_review_required", "url": "https://example.org/review/handoffs/agent_req_007" } } ], "get_url_first_rule": "List the GET URL before POST equivalents for L0/L1 clients, and never imply action support unless the URL is explicitly published.", "minimal_get_action_response": { "response_keys": [ "code", "url" ], "allowed_codes": [ "ok", "human_review_required", "rejected" ], "examples": [ { "code": "ok", "url": "https://example.org/public/result/agent_req_001" }, { "code": "human_review_required", "url": "https://example.org/review/agent_req_002" }, { "code": "rejected", "url": "https://example.org/docs/get-action-security" } ] }, "capability_surface_matrix": { "title": "UAIX Capability Surface Matrix", "status": "active", "package_version": "3.84.0", "release_date": "2026-06-10", "last_updated_utc": "2026-06-10T00:00:00Z", "human_page": "https://uaix.org/en-us/spec/capability-surface-matrix/", "canonical_url": "https://uaix.org/spec/capability-surface-matrix.json", "columns": [ "staticHtml", "llmsTxt", "sitemap", "json", "getAction", "postJson", "openApi", "mcp", "a2a", "memory", "evidence" ], "allowed_cell_values": [ "Yes", "No", "Required for client configuration", "Human review" ], "rows": [ { "level": "L0", "client": "URL-only chatbot", "staticHtml": "Yes", "llmsTxt": "Yes", "sitemap": "Yes", "json": "Required for client configuration", "getAction": "No", "postJson": "No", "openApi": "No", "mcp": "No", "a2a": "No", "memory": "No", "evidence": "Required for client configuration" }, { "level": "L1", "client": "URL synthesizer", "staticHtml": "Yes", "llmsTxt": "Yes", "sitemap": "Yes", "json": "Yes", "getAction": "Required for client configuration", "postJson": "No", "openApi": "No", "mcp": "No", "a2a": "No", "memory": "No", "evidence": "Required for client configuration" }, { "level": "L2", "client": "Schema-capable agent", "staticHtml": "Yes", "llmsTxt": "Yes", "sitemap": "Yes", "json": "Yes", "getAction": "Required for client configuration", "postJson": "Yes", "openApi": "Yes", "mcp": "Required for client configuration", "a2a": "Required for client configuration", "memory": "No", "evidence": "Yes" }, { "level": "L3", "client": "Tool agent", "staticHtml": "Yes", "llmsTxt": "Yes", "sitemap": "Yes", "json": "Yes", "getAction": "Human review", "postJson": "Yes", "openApi": "Yes", "mcp": "Required for client configuration", "a2a": "Required for client configuration", "memory": "Human review", "evidence": "Yes" }, { "level": "L4", "client": "Workflow agent", "staticHtml": "Yes", "llmsTxt": "Yes", "sitemap": "Yes", "json": "Yes", "getAction": "Human review", "postJson": "Yes", "openApi": "Yes", "mcp": "Required for client configuration", "a2a": "Required for client configuration", "memory": "Human review", "evidence": "Yes" }, { "level": "L5", "client": "Multi-agent runtime", "staticHtml": "Yes", "llmsTxt": "Yes", "sitemap": "Yes", "json": "Yes", "getAction": "Human review", "postJson": "Yes", "openApi": "Yes", "mcp": "Required for client configuration", "a2a": "Yes", "memory": "Human review", "evidence": "Yes" }, { "level": "L6", "client": "Audited agent system", "staticHtml": "Yes", "llmsTxt": "Yes", "sitemap": "Yes", "json": "Yes", "getAction": "Human review", "postJson": "Yes", "openApi": "Yes", "mcp": "Required for client configuration", "a2a": "Yes", "memory": "Human review", "evidence": "Yes" } ], "no_op_default": "If the required surface is unavailable, return a public review URL or unsupported-capability explanation and stop.", "safety_boundary": "UAIX records are evidence-bearing review artifacts. They do not authorize execution. Local policy and server-side authorization win.", "support_boundary": "Agent runtimes execute. UAIX records the reviewed communication, memory, trust, evidence, and handoff boundary." }, "validator_rules": [ { "id": "get_action_fallback_required", "severity": "error", "rule": "L0/L1 compatibility fails when a core writable action is POST-only and no documented GET fallback or no-op URL exists." }, { "id": "get_action_idempotency_required", "severity": "error", "rule": "Write-capable GET-Action examples fail when they lack idempotency_key or nonce." }, { "id": "get_action_query_secret", "severity": "error", "rule": "GET-Action examples fail when query strings contain secrets, tokens, passwords, account identifiers, medical identifiers, payment data, private messages, or regulated identifiers." }, { "id": "get_action_js_only_discovery", "severity": "error", "rule": "GET-Action discovery fails when the only action path is hidden behind JavaScript-only UI." }, { "id": "llms_minimal_instruction_required", "severity": "error", "rule": "L0/L1 discovery fails when llms.txt links only to complex OpenAPI or tool specs and omits direct minimal instructions." }, { "id": "retry_loop_no_op_violation", "severity": "error", "rule": "No-op handling fails when unsupported agents are told to keep retrying, guessing, or inventing hidden steps." }, { "id": "post_equivalent_recommended", "severity": "warning", "rule": "Warn when a GET-Action has no POST or OpenAPI equivalent for capable clients." }, { "id": "get_action_security_order_warning", "severity": "warning", "rule": "Warn when examples appear before consent and security boundaries." } ], "no_op_protocol": { "default_code": "human_review_required", "default_url": "https://example.org/review/agent-handoff", "required_behavior": "Cite or open the public URL and stop; do not retry, guess, synthesize credentials, or infer write authority." }, "safety_boundary": "UAIX records are evidence-bearing review artifacts. They do not authorize execution. Local policy and server-side authorization win.", "support_boundary": "Agent runtimes execute. UAIX records the reviewed communication, memory, trust, evidence, and handoff boundary.", "agent_executability_matrix": { "title": "UAIX Agent Executability Matrix", "status": "active", "package_version": "3.84.0", "release_date": "2026-06-10", "last_updated_utc": "2026-06-10T00:00:00Z", "canonical_url": "https://uaix.org/spec/agent-executability-matrix.json", "human_page": "https://uaix.org/en-us/spec/", "dogfood_failure": "The Carcinus blank-agent test showed that correct machine-readable endpoint discovery is not enough when a browser-limited agent cannot execute arbitrary JSON POST.", "levels": [ { "level": "L0", "label": "Read-only route discovery", "agent_ability": "Can open public URLs and read static text.", "executable_requirement": "Publish static HTML, sitemap, llms.txt, and public GET records that name the next public URL or no-op review URL." }, { "level": "L1", "label": "Machine-readable manifest/schema discovery", "agent_ability": "Can fetch compact JSON manifests and schemas.", "executable_requirement": "Identify safe-read records, capability limits, unsupported actions, and diagnostic routes without implying write authority." }, { "level": "L2", "label": "Browser-open plus form submission", "agent_ability": "Can use visible browser pages and submit ordinary forms, but cannot send arbitrary JSON POST.", "executable_requirement": "Publish a browser form or browser-open workflow for browser-targeted writes, or publish a no-op/human-review fallback." }, { "level": "L3", "label": "Structured HTTP JSON POST", "agent_ability": "Can send structured HTTP JSON POST with content type and body.", "executable_requirement": "Publish method, content type, required fields, result URL field, restore/readback URL field, and structured error behavior." }, { "level": "L4", "label": "Authenticated owned mutation", "agent_ability": "Can use an owner write token or secret under explicit handling rules.", "executable_requirement": "Publish credential handling, write-token response path, idempotency, audit, expiry, and secret boundaries." }, { "level": "L5", "label": "Restore/readback verification", "agent_ability": "Can verify that a create or update flow produced a durable public-safe result.", "executable_requirement": "Expose a public-safe restore or readback route so another agent can verify the result without guessing private endpoints." }, { "level": "L6", "label": "Multi-agent handoff/reporting", "agent_ability": "Can create or consume handoff/reporting records across agents.", "executable_requirement": "Publish task history, owner, role, final report, blocker/no-op behavior, and public-safe evidence records." }, { "level": "L7", "label": "Site-specific capability negotiation", "agent_ability": "Can negotiate site-specific capabilities and select the matching route.", "executable_requirement": "Publish capability negotiation, browser fallback, POST fallback, and unsupported-operation response." } ], "route_record_required_fields": [ "method", "content_type", "side_effect_status", "required_fields", "result_url_field", "restore_readback_url_field", "write_credential_response_path", "browser_form_equivalent", "get_safety", "post_blocked_fallback" ], "validation_warnings": [ { "id": "side_effecting_get_discovery_warning", "severity": "warning", "rule": "Warn when a side-effecting GET link is presented as a general discovery shortcut." }, { "id": "browser_form_fallback_required", "severity": "warning", "rule": "Warn when POST-only guidance targets browser agents but provides no browser-form fallback." }, { "id": "restore_readback_required", "severity": "warning", "rule": "Warn when create or update guidance lacks a restore/readback URL and makes agents guess private endpoints." }, { "id": "dashboard_default_path_warning", "severity": "warning", "rule": "Warn when dashboard or custom-template paths are presented as the default while generated profile, memory, or package paths exist." }, { "id": "post_blocked_fallback_required", "severity": "warning", "rule": "Warn when a POST path omits the fallback behavior for agents that cannot execute arbitrary JSON POST." } ], "route_record_example": { "route": "/api/v2/agent/bootstrap", "method": "POST", "content_type": "application/json", "side_effect_status": "creates-public-resource", "required_fields": [ "identity", "activationPrompt", "operatingProfile" ], "result_url_field": "urls.publicHtml", "restore_readback_url_field": "urls.restoreProfile", "write_credential_response_path": "bot.writeToken", "browser_form_equivalent": "/profile-microsite", "get_safety": "GET diagnostics only; not side-effecting", "post_blocked_fallback": "Use the browser form path or return human_review_required with a public help URL." }, "support_boundary": "UAIX records executable guidance, capability boundaries, validation warnings, and handoff evidence. Agent runtimes execute elsewhere." } }