UAI-1 es la norma pública actual de mensajes para comunicación estructurada de IA a IA.
UAIX shield mark Carta pública de interoperabilidad UAIX.org 通用人工智能交换 Publicación pública de normas
Actual UAI-1
  • Versión actual UAI-1
  • Definición en lenguaje claro Formato de mensaje abierto para intercambio IA-a-IA auditable
  • Atribución actual Michael Joseph Kappel, MCP
  • Empiece aquí Inicio, Traspaso de proyecto, UAI-1, validador, hoja de ruta y registro de cambios

Gobernanza

Launch Readiness

Go-live checklist for response checks, package evidence, accessibility QA, locale QA, release-trail alignment, and support-claim boundaries across the UAIX launch surface.

  • Record UAIX-GOVR-0083
  • Path /es-es/governance/launch-readiness/
  • Use Canonical public record

Document status

Public standards page Published on UAIX as part of the current public standards record
Code
UAIX-GOVR-0083
Surface
Gobernanza
Access
Public and linkable

如何使用本页

Use this page as the public go-live gate for response checks, package evidence, accessibility QA, locale QA, release-trail alignment, and support-claim boundaries.

Launch gate

Policy and SecurityPaquete de conformidadValidadorAccessibility

Go-Live Gate

Tie launch claims to observable evidence before the public push

This page collects response checks, package evidence, accessibility QA, locale QA, release notes, and support boundaries so launch readiness stays reviewable instead of implicit.

Resolve

Inventory first

Check clean routes, discovery files, sitemap output, API reference, and public page inventory before treating the site as launch-ready.

Prove

Evidence travels together

Package smoke tests, validator output, conformance pack data, and implementation evidence should be attached to the same release trail.

Localize

El contenido de los idiomas activados se mantiene actualizado

Any public launch route or support claim should ship with matching zh-CN page content, guidance, metadata, and audit coverage.

Content quality

Claims must line up everywhere

Before a page adds a support claim, confirm the canonical copy, machine artifacts, route audit, metadata, locale coverage, and release trail all say the same thing.

Launch gate

Policy and SecurityResponse hardening and trust-policy boundary.Paquete de conformidadReusable evidence packet for launch review.ValidadorGenerate the proof run that belongs in the packet.AccessibilityManual readability, keyboard, and mobile QA posture.Contacto y revisiónReview packets that name route, evidence, and locale impact.Registro de cambiosDated public trail for launch-affecting changes.
Launch checksResolve the evidence surface directly
curl -s https://uaix.org/.well-known/uaix.json
curl -s https://uaix.org/sitemap.xml
curl -s https://uaix.org/wp-json/uaix/v1/catalog
curl -s https://uaix.org/wp-json/uaix/v1/conformance-pack
curl -s https://uaix.org/wp-json/uaix/v1/roadmap

Use these routes as the machine-facing starting point for public launch review, then attach package and locale-audit output from the release scripts.

Launch readiness gate

How go-live evidence should line up before broad publication

Use this matrix to keep response posture, package proof, QA, locale parity, and release notes attached to the same public launch record.

GatePublished nowVerify hereNot yet public
Public response surfaceWordPress-rendered pages and REST responses publish a narrow app-level security-header baseline, including HSTS on HTTPS requests, while redirect enforcement, static-file parity, and version-header cleanup remain launch-host checks.Do not describe this as a full production security program, incident desk, or runtime assurance service.
Package and evidence packetThe supported release path packages distributable ZIP files, smoke-tests installability, and attaches validator, conformance pack, and implementation evidence before support claims widen.One passing validator result is not a certification badge or blanket ecosystem support claim.
Accessibility and content QAManual keyboard, mobile, overflow, heading, code-block, search, validator, and sitemap checks should travel with launch-impacting template or content changes.The current page is not a third-party accessibility certification or legal compliance attestation.
Locale parityEl contenido público en inglés, zh-CN, francés y español debe avanzar junto para nuevas rutas, paneles de soporte, guía de páginas, metadatos, notas de publicación y expectativas de auditoría.Do not leave a public launch route English-only when localized readers can resolve the same canonical record.
Release trail alignmentLaunch-affecting route, policy, package, validator, localization, and discovery changes should be recorded through changelog and news before the new state is treated as current public truth.Do not ask external readers to trust private notes, screenshots, or local package output as the durable public record.

Launch readiness is an evidence gate, not a certification mark. A release is ready to describe publicly only when observable behavior, artifacts, audits, translations, and the dated trail agree.

Go-live sequence

What to do before a public launch push

Use this sequence when a release changes public routes, launch claims, packages, validation behavior, policy posture, or localized content.

  1. Step 1

    Resolve public routes and discovery files

  2. Step 2

    Run package, smoke-test, launch-surface, and locale audits

  3. Step 3

    Check response headers and deployment-side follow-through

  4. Step 4

    Complete manual accessibility, mobile, and content QA

  5. Step 5

    Publicar juntos el registro de cambios, las noticias, la hoja de ruta y las actualizaciones de idiomas activados

The last step is not paperwork: it is how the site avoids splitting public truth across pages, machine artifacts, release notes, and translations.

What this page is for

Use this page as the public go-live gate for the UAIX launch surface. It collects the checks that should agree before a broad public push: route inventory, discovery files, package evidence, response hardening, accessibility QA, locale QA, release notes, and support-claim boundaries.

Go-live gate

  1. Confirm clean public routes and root discovery files through /.well-known/uaix.json, /sitemap.xml, API 参考, and the route inventory in launch audits.
  2. Confirm the current distributable packages, smoke tests, conformance packet, validator behavior, and implementation evidence are all attached before describing a release as ready for public review.
  3. Confirm 政策与安全, Privacy and Data, Accessibility, and Analytics still match observable site behavior.
  4. Confirm 英语, zh-CN, French, and Spanish copy are updated together for any public page, route, support panel, release note, or launch claim that changed.
  5. Record public-facing launch changes through the 变更日志 and News before asking external readers to treat the new state as current truth.

Production response surface

The response-header checks below are the current app-level hardening record for WordPress-rendered pages and REST responses. Use them beside deployment checks for HTTPS redirect, HSTS, direct static-file parity, and host-added version headers.

Security posture

Public response hardening that now backs the launch trust surface

Use this section when a launch reviewer needs the exact response-header layer that now ships with the public WordPress surface, plus the boundary between app-level hardening and edge-level deployment work.

X-Content-Type-Options

nosniff

防止公开标准页面和机器可读路由发生内容类型嗅探。

Applied to: 公开 HTML、JSON、XML 以及类似的 WordPress 渲染响应。

Referrer-Policy

strict-origin-when-cross-origin

Keeps cross-origin referrer leakage narrower while preserving same-origin debugging context.

Applied to: 可能产生外部请求的公开文档和 API 响应。

Permissions-Policy

accelerometer=(), browsing-topics=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

明确声明启动表面不依赖特权浏览器能力,也不依赖基于 Topics 的广告功能。

Applied to: Public WordPress-rendered pages and machine-facing routes.

X-Frame-Options

SAMEORIGIN

Blocks third-party framing while preserving same-origin editorial and preview flows.

Applied to: Public WordPress-rendered pages and JSON responses.

Content-Security-Policy

frame-ancestors 'self'

Makes the framing boundary explicit in modern browsers without claiming a broader full-site CSP yet.

Applied to: Public WordPress-rendered pages and machine-facing routes.

Strict-传输-Security

max-age=31536000; includeSubDomains

把浏览器后续访问固定到规范上线主机的 HTTPS,而不只依赖政策文案。

Applied to: 请求通过 HTTPS 提供时的公开 WordPress 渲染 HTML 和 REST 响应。

Live now

Observable on WordPress responses now

  • 已从公开响应中移除回链响应头。
  • Host- or proxy-level version headers still need server-side suppression if the launch environment adds them after WordPress runs.
  • These headers now travel with public WordPress-rendered HTML and REST responses instead of remaining only in roadmap prose.

Deployment gap

Still belongs to the host or edge layer

  • HTTP 到 HTTPS 重定向以及直接提供的静态文件的 HSTS 覆盖仍属于上线主机或 CDN 边缘层,因为本地 Studio 环境使用普通 HTTP。
  • 任何直接提供的静态根文件都应在服务器或边缘层检查,以确保其响应头与 WordPress 渲染的信任姿态保持一致。
  • 凡是部署栈在 WordPress 之外附加的主机级版本暴露,例如代理或 PHP 签名头,都应在相应层面被抑制。
  • 更广泛的 CSP 指令应在面向生产的资源与嵌入行为相对于启动主机验证通过之后再添加。

Scope boundary: 当前响应头层适用于公开的 WordPress 前端和 REST 响应,包括验证器和面向机器的评审路由;HSTS 只在 HTTPS 请求上发送。

政策与安全 Referencia API Validador Paquete de conformidad

发布证据 packet

The readiness map below keeps validator evidence, implementation evidence, package proof, and support language in one review path. A passing validator result is useful evidence, but the launch gate is the full packet plus public release trail.

可复用数据包

一致性包如何纳入上线就绪

当可下载数据包需要面向人的发布上下文和诚实的支持声明表述时,使用这张路线图。

阶段 1

已验证数据包

已发布 fixture 或候选消息已通过当前公开记录检查。

  • 可立即用于评审、调试和回归工作。
  • 在结果附到已命名发布路径前,它仍然只是证据。

阶段 2

可发布数据包

通过结果现在与实现版本、制品链接和发现上下文一起传递。

  • 把已检查数据包、验证器导出、制品 URL 和兼容性说明放在一起。
  • 这是上线评审、打包和可重复 QA 的交接点。

阶段 3

公开支持声明

已命名实现轨道和发布轨迹现在说明哪些内容已公开支持、哪些仍在范围外。

  • 把声明限定到实际已发布的准确配置文件、传输绑定和负责人路径。
  • 使用当前一致性级别和发布链接,让其他读者能验证同一状态。

数据包内容

可复用机器数据包已包含的内容

  • The current release packet already carries 57 profiles, 57 schemas, and 57 examples from the live public record.
  • 目录、发现、字段顺序、传输、信任、一致性和错误指南集中在一个 JSON 交接包中。
  • 用于可重复上线审阅和自动化的验证器与 API 参考入口。
  • 把一个已发布配置文件转成可审阅发布数据包的快速起步路径。

面向人的发布上下文

该数据包仍需要公开站点补充的内容

  • 实现版本、负责人路径,以及正在声明的精确支持边界。
  • 解释本次发布变化的变更日志或新闻链接。
  • 当发布改变具有信任影响的行为时,附上政策与安全姿态。
  • 使用一致性级别表述,使对外声明比数据包本身更窄。

当前公开一致性级别: 当数据包成为具名发布和实现记录的一部分后,使用这些级别约束对外表述。

L1-core-envelope

L1 Core 信封

Produce or consume keyed UAI envelopes for named profiles without changing the canonical root fields.

  • Preserve uai_version, profile, message_id, source, target, conversation, delivery, trust, body, provenance, integrity, and extensions.
  • Name the exact profile and release for every support claim.
  • Do not claim runtime execution from envelope support alone.

公开声明: May claim L1 only for the exact named profiles whose canonical envelope round-trips successfully.

L2-profile-validation

L2 配置文件 Validation

Pass published schema and validator checks for the exact profiles claimed.

  • 解析 schemas, registry entries, examples, and field registry records from public UAIX routes.
  • Pass positive fixtures and fail required negative fixtures for each claimed profile.
  • Keep skipped checks and validator warnings attached to evidence.

公开声明: May claim L2 only for profiles with validator-backed evidence.

L3-trust-and-integrity

L3 信任 and Integrity

Preserve trust metadata, replay-window hints, provenance, integrity, and trace continuity.

  • Declare trust channel and principal.
  • Preserve integrity canonicalization and checksum metadata.
  • 验证 signed, credentialed, did+vc, and trace metadata when claimed.

公开声明: May claim L3 only for the trust channels and integrity behavior proven by fixtures.

L4-public-record-publisher

L4 Public Record Publisher

Publish discoverable 公开制品 needed for external inspection and reproduction.

  • Publish discovery, schemas, registry, examples, field registry, transport bindings, trust channels, error registry, conformance levels, validator guidance, changelog, and release evidence.
  • Keep sitemap, llms.txt, and public navigation aligned with current routes.
  • Avoid private logs or screenshots as the only support evidence.

公开声明: May claim L4 only for the public release surface that is discoverable and evidenced.

L5-agent-communication-profiles

L5 Agent Communication 配置文件数

Support the eight uai.agent.*.v1 profiles as canonical UAI-1 envelope records.

  • 验证 agent message, ack, task-status, blocker, memory-proposal, handoff, final-report, and correction profiles.
  • Reject secret-like memory proposals, unsafe blockers, cold-memory direct promotion, and incomplete final reports.
  • Carry the UAIX support boundary in relevant records.

公开声明: May claim L5 only for the specific agent profiles with passing positive and negative conformance cases.

L6-reliable-delegation-idempotency-correlation

L6 Reliable Delegation with Idempotency and Correlation

Use idempotency, correlation, retry, lifecycle, timeout, fallback, acknowledgement, and expected-output rules for delegated work.

  • Require delivery.idempotency_key for each distinct delegated or destructive operation.
  • Preserve conversation.correlation_id across related messages.
  • Declare retry_count, sequence, expires_at, lifecycle, timeout_ms, fallback_directive, and expected_output_schema when delegation is claimed.

公开声明: May claim L6 only for reliable delegation behavior proven by conformance fixtures and receiver behavior.

L7-capability-negotiation

L7 Capability Negotiation

Publish and validate capability discovery, assertions, negotiation failures, and unsupported-capability responses.

  • Publish capability statements with exact profiles, bindings, trust channels, conformance levels, and error codes.
  • Return capability_not_supported for unsupported capability requests.
  • Do not imply certification, official adapter status, hosted messaging, or runtime orchestration.

公开声明: May claim L7 only for the exact capability negotiation flows proven by public fixtures and validator behavior.

声明规则

公开表述应限于已发布证据

  • Support claims must name the highest achieved level plus the exact profiles, transport bindings, trust channels, and conformance cases implemented.
  • A project may claim only profiles, bindings, trust channels, and conformance levels that public fixtures and validator tests prove.
  • A passing validator result is evidence, not certification, endorsement, official adapter support, hosted messaging, automatic sync, or runtime execution.
  • Public-record claims require discoverable schemas, registry records, examples, field registry records, error codes, conformance pack cases, changelog, and release notes.
  • Revalidate support claims when schemas, registry records, field order, examples, validator behavior, implementation version, trust posture, sitemap, or public navigation changes.
  • 一致性 evidence does not prove security, privacy, availability, performance, legal compliance, hosted trust infrastructure, or production operations by itself.
  • 当另一支团队需要验证同一公开状态时,请保留实现页面、发布轨迹以及引用/发现链接。

工作规则: 表述时使用一致性阶梯,但实际公开支持边界应以具名实现轨道和发布轨迹为准。

Paquete de conformidad Referencia API 政策与安全 Validador 打开一致性级别 JSON Referencias y colaboradores

Manual QA gate

  • Run keyboard navigation, focus visibility, heading hierarchy, code-block readability, search behavior, validator workflow, and mobile overflow checks across Home, Get Started, UAI-1, Tools, 验证器, Governance, 上线就绪, News, Search, and Sitemap.
  • 检查 that long URLs, tables, route examples, copy buttons, support panels, and downloadable-packet sections remain readable on narrow screens.
  • Keep any accessibility-significant fix connected to Accessibility, the release evidence packet, and the dated trail.

Locale copy gate

  • Every public route added for launch should render through each enabled locale path with translated title, visible content, page guidance, support panels, and canonical metadata.
  • If a page adds new public claims, machine-route labels, policy posture, or release guidance, update enabled-locale copy before the route is treated as launch-ready.
  • Use 联系与评审 for change packets that explicitly identify locale impact and translation evidence.

What is not claimed

  • This page is not a certification program, legal attestation, accessibility badge, security operations desk, or uptime guarantee.
  • Do not infer broad production security, partner support, SDK coverage, or permanent compatibility beyond the published records and named 实施轨道.
  • Deployment-side obligations such as final DNS, HTTPS redirect, HSTS, CDN behavior, direct static root-file headers, backups, monitoring, and incident response still need production-host verification.

下一步 step

Use this page with 路线图, 引用 and Contributors, 一致性包, and 验证器 when a release needs to move from local readiness into public launch evidence.