Public methodology · checked July 13, 2026
How the AgentReady score works—and where it stops
AgentReady is a best-effort diagnostic, not a certification, security audit, accessibility conformance determination, search-indexing guarantee, or universal measure of whether every agent can use a site.
The five Tier 1 phases
The public URL scan assembles five Tier 1 phases. Their raw maximum is 90 points. The total earned score is divided by the available raw maximum and normalized to 100 so the public result remains a 0–100 diagnostic. Connecting GitHub can add a separate 10-point Code & Repo Quality phase, making the raw maximum 100 before normalization.
Protocol Files
20 pointsrobots.txt, sitemap, emerging agent files, OpenAPI discovery, redirects, and response truth.
DOM & Accessibility
20 pointslandmarks, headings, labels, native semantics, accessible names, forms, and automation hints when browser evidence is available.
Content Intelligence
15 pointsstructured data, useful content structure, dates, schema validity, and form-information signals.
Browser Agent Compatibility
20 pointsserver/no-JavaScript content, navigation and CTA findability, stability, console behavior, and optional browser evidence.
Security & Safety
15 pointspublic security headers, secret-exposure patterns, bot handling, consequence hints, and guardrail signals.
Observation methods and missing evidence
Direct fetches inspect public protocol files, headers, redirect behavior, and HTML. When configured and available, a Playwright browser pass adds rendered DOM, accessibility heuristics, discoverability, console, form, click-target, and no-JavaScript observations. Optional GitHub access examines only the connected repository signals permitted by the approved integration.
Some checks are conditional on browser or repository evidence. Network errors, bot protection, authentication, geographic behavior, JavaScript failures, rate limits, and provider availability can produce missing or partial observations. A recommendation should be confirmed against the returned evidence and the live product before implementation.
The scan uses heuristics for many UI and security signals. It does not prove WCAG conformance, vulnerability absence, correct authorization, legal compliance, API correctness, or successful completion by every model and browser tool.
Benchmark limitations
No public benchmark dataset exists today. AgentReady does not currently publish framework rankings, market averages, percentile claims, or pass-rate comparisons. A future benchmark would require a versioned scoring rule, collection window, inclusion criteria, sample size, missing-data treatment, framework and site-type slices, privacy controls, correction route, and explicit limitations before any comparison is presented.
Individual scores can change when the site, scanner, browser availability, or scoring rules change. Compare before and after results only when the task, environment, and methodology version are recorded.
How to use a result responsibly
- Save the scan date, URL, phase evidence, and scanner behavior.
- Reproduce important findings with official specifications and repository or browser tests.
- Prioritize unsafe consequence, exposed secrets, blocked core tasks, accessibility, and crawl truth before optional conventions.
- Write a failing test for deterministic behavior, implement the fix, and rerun the same task.
- Repeat the production check after deployment; local green does not prove production state.