Comprehensive workbook

Website AI-Agent Readiness Checklist

A practical, evidence-based workbook for checking whether AI agents can discover, understand, navigate, and safely use a website.

Published Sources checked 13 minute read Print-friendly

By AgentReady Editorial Team. Technical review: AgentReady Engineering.

agent-readinesschecklisttechnical-seoaccessibility
An agent-ready website is not one that merely mentions artificial intelligence or publishes a special text file. It is a site whose important public information can be discovered, whose interface exposes understandable names and states, whose consequential actions are bounded, and whose behavior can be tested with repeatable tasks. This workbook turns those outcomes into an audit you can run with a browser, command-line tools, accessibility tooling, and the free AgentReady public URL scan. It is designed for developers and site owners who want evidence rather than a badge. Complete the baseline first, record failures with URLs and screenshots, fix the highest-consequence gaps, and rerun the same tasks. The checklist reflects official specifications and guidance verified on July 13, 2026; recheck linked standards when you use it later.

1. Define readiness as a set of user outcomes

Begin by writing the three to five public jobs that matter most. A documentation site might require finding an installation guide, identifying the current version, and locating an API operation. A commerce site might require finding return terms and adding an item to a cart, while stopping before payment. A service site might require finding scope, price context, and a contact route. These jobs become your audit fixtures. They prevent the team from declaring success because a crawler found many elements even though the central user journey remained ambiguous. Keep each job observable: name the starting URL, the requested fact or destination, the safe stopping point, and the evidence that counts as success. [AR7][AR11]

Separate discover, understand, navigate, and act. Discovery asks whether the page or capability can be found. Understanding asks whether names, relationships, and current state are exposed in machine-readable structure. Navigation asks whether a user or browser agent can reach the next step without brittle coordinate guesses. Action asks whether the interface protects consequence with confirmation, authorization, and a useful receipt. A site can pass discovery and still fail action safety. Score these stages separately in your notes so a new sitemap does not hide a dangerous submit flow or a polished form does not hide an orphaned policy page. [AR3][AR4][AR8]

  1. Write a task card: Use the format: starting page, user intent, expected destination or fact, allowed actions, prohibited consequence, and proof of completion.
  2. Choose a stable fixture: Prefer a public page and non-destructive test account or sandbox. Never make a production purchase or send a real message merely to prove automation.
  3. Record the baseline: Capture date, browser, viewport, authentication state, result, elapsed time, and the first point where the task became uncertain.

2. Establish the crawl and canonical baseline

Fetch the homepage, the intended canonical host, robots.txt, and sitemap.xml without relying on visual rendering. Record the final URL after redirects, HTTP status, Content-Type header, and the first meaningful bytes of the body. A route named sitemap.xml that returns a branded HTML shell is not a sitemap. A canonical tag pointing to a host that redirects elsewhere creates conflicting signals. Confirm that internal links, structured data, the sitemap, and redirects all agree on one public host and one URL form. Repeat the check from an incognito browser so account middleware does not mask the public response. [AR1][AR2]

Treat robots.txt as crawl guidance, not access control. The file is public, does not authenticate a requester, and should never contain secrets. Check the groups that apply to general crawlers and any named agents you intentionally address. Confirm that critical public content is not blocked by a broad Disallow rule and that the file declares the canonical sitemap URL. Then inspect sitemap entries: every listed page should return a useful indexable response, avoid redirect chains, use the canonical host, and carry a last modification date only when the page materially changed. Do not add search results, account pages, error routes, or duplicate URL variants simply to increase inventory. [AR1][AR2]

  1. Inspect headers: Use a browser network panel or a command such as curl -I, then fetch the body separately because a status code alone cannot distinguish XML from a catch-all page.
  2. Sample sitemap URLs: Check the homepage, the content index, one ordinary page, and each content type. Expand to every URL for a small site.
  3. Resolve conflicts: Choose the preferred scheme and host, redirect alternatives once, emit self-canonicals, and list only preferred URLs in the sitemap.

3. Audit discovery files without overstating them

Classify each discovery artifact by authority. robots.txt and XML sitemaps have established syntax and well-documented crawler behavior. An OpenAPI document can formally describe HTTP operations, parameters, authentication, and response shapes when it matches the deployed API. By contrast, llms.txt and ai-agent-style manifests are emerging conventions whose support varies. They may provide useful orientation, but their presence does not prove that an agent can complete a task or that the listed capabilities are current. Label conventions honestly, version them, and maintain them from the same source of truth as the product whenever possible. [AR1][AR2][AR6]

Check content, not filenames. For a manifest, verify the media type, parseability, URLs, ownership, authentication description, and declared actions. For OpenAPI, validate the document and compare at least one harmless operation with the live service. For any human-readable agent guide, verify that commands and boundaries still match the repository or site. A stale instruction file can be worse than no file because it confidently sends automation down the wrong path. Add an owner and review trigger so changes to routes, authentication, or consequence levels prompt a corresponding documentation review. [AR6][AR7][AR12]

  1. Mark the status: For each artifact record: established standard, emerging convention, or product-specific file. Link to the governing specification where one exists.
  2. Validate the payload: Parse structured files, follow every referenced URL, and compare declared operations with the production behavior.
  3. Assign maintenance: Name the owner, source file, generated output, and change that should cause the artifact to be rebuilt or reviewed.

4. Inspect semantic structure and accessible names

Turn off styles or inspect the accessibility tree and ask whether the document still explains itself. The page should expose a useful title, one primary heading, sensible heading levels, landmarks, lists, tables with headers where appropriate, and links whose text describes their destination. Native HTML carries behavior and semantics that generic containers do not. Use a real button for an operation and a real link for navigation. If the visual design requires a custom widget, follow a documented interaction pattern and verify keyboard behavior, focus movement, accessible name, role, value, and state rather than adding ARIA attributes at random. [AR3][AR4][AR11]

Accessible names are a reliability contract. A button whose only label is an unlabeled icon forces a person, test, or agent to infer intent from pixels. A field whose placeholder disappears during typing loses its instruction. Check every interactive control for a stable programmatic name and every repeated control for enough context to distinguish it. Ensure expanded, selected, pressed, invalid, busy, and disabled states are exposed when relevant. Then run the page with keyboard only: tab order should follow the task, focus should remain visible, dialogs should manage focus, and no action should require a pointer gesture alone. [AR3][AR4]

  1. Read the outline: List the title, H1, subsequent headings, landmarks, and link text. Fix skipped hierarchy and vague labels before introducing automation hooks.
  2. Inspect the tree: Use browser accessibility tools to confirm names, roles, values, descriptions, and states for the critical task controls.
  3. Complete by keyboard: Start at the address bar, complete the safe portion of the task, escape overlays, and confirm focus is never lost or hidden.

5. Make content facts extractable and current

Put essential facts in server-rendered or prerendered HTML when they are intended for public discovery. A blank shell that depends on a long client-side chain can delay or prevent extraction and makes failures harder to diagnose. Use clear prose, descriptive headings, visible publication and modification dates, and source links near claims. Distinguish the date an article was reviewed from the date a regulation or specification changed. When facts are time-sensitive, state an explicit as-of date and tell readers what should be rechecked. This creates a usable evidence boundary instead of pretending evergreen guidance never ages. [AR5][AR11]

Structured data should match what a reader can see. Add vocabulary that accurately describes the page and its relationships, not markup intended to manufacture eligibility. Validate JSON-LD syntax, canonical URLs, dates, publisher, headline, and breadcrumbs against visible content. Avoid copying a schema example without replacing placeholder values. For documentation or APIs, link to the current specification and version. For articles, preserve a source list and change notes when a material correction occurs. The goal is not to maximize schema types; it is to reduce ambiguity while keeping one truthful representation of the page. [AR5]

  1. Fetch without JavaScript: Confirm the response contains the title, core explanation, navigation, and CTA rather than only an application mount node.
  2. Validate visible truth: Compare every JSON-LD field with the rendered title, dates, author, canonical, and breadcrumb path.
  3. Create a review boundary: Show the last source-check date and revisit claims when a linked standard, product flow, or public policy changes.

6. Test forms as conversations with explicit state

A reliable form explains what information is requested, why it is needed, how it should be formatted, and what happens next. Associate every field with a label, use suitable input types and autocomplete tokens, and keep instructions available after the user begins typing. Mark required fields programmatically as well as visually. On validation, identify the field, explain the problem in plain language, preserve valid input, and move or announce focus deliberately. Generic messages such as invalid input force both people and agents to guess which constraint failed. [AR3][AR4][AR11]

Define consequence before submit. A search or preview is usually reversible; sending a message, publishing content, changing permissions, deleting data, or making a payment is not. Consequential flows should preview the exact effect, require an intentional confirmation, prevent duplicate submission, and return a durable receipt or status. Test with harmless fixtures and stop before real-world impact unless the environment is specifically designed for end-to-end testing. If an agent can fill the form but cannot identify the safe stopping point, the interface is not ready for autonomous operation. [AR7][AR8]

  1. Inventory fields: Record label, type, autocomplete, required state, help text, error behavior, and whether the value contains sensitive data.
  2. Map consequence: Classify each submit as read-only, reversible, externally visible, financial, permission-changing, or destructive.
  3. Verify the receipt: After a safe test, confirm the interface reports what happened, gives a reference or current state, and prevents accidental repeats.

7. Add security boundaries before agent convenience

Assume that page content, uploaded documents, external links, and retrieved text can contain instructions intended to manipulate an agent. Keep untrusted content separate from system policy and user authorization. Restrict tools to the least privilege needed for the current task, validate targets and arguments server-side, and require fresh approval at high-consequence boundaries. Do not place secrets in public HTML, client bundles, logs, prompts, analytics payloads, or discovery files. Rotate credentials exposed through a repository or deployment rather than merely deleting the visible string. [AR7][AR8][AR10]

Design for audit and recovery. Record the authenticated actor, requested operation, validated target, approval decision, result, and time without logging sensitive content unnecessarily. Make retries idempotent where possible and provide undo or compensating actions for reversible changes. Rate-limit expensive or abusable operations. Clearly distinguish suggestions from actions in the interface. A high agent-readiness score must never mean that safeguards were removed to make clicking easier; safe refusal and escalation are successful outcomes when the requested operation exceeds policy or available evidence. [AR7][AR8]

  1. Draw trust boundaries: Mark user instructions, page content, model output, tools, data stores, external systems, and approval checkpoints.
  2. Review secrets: Run repository secret scanning, inspect client-visible configuration, and verify logs and analytics omit credentials and sensitive form values.
  3. Test refusal: Include a fixture that asks the agent to cross scope, skip confirmation, or reveal a secret; passing means it stops and explains why.

8. Run a small browser-agent task suite

Use the same fixtures for human, automated browser, and agent-assisted runs. Start with navigation and extraction: find a named page from the homepage, locate a dated fact, identify its source, and return the canonical URL. Add a safe form task that fills fields with synthetic data and stops at the review step. Add a recovery task such as correcting an invalid field or closing a dialog. Every run should capture the instruction, environment, trace or screenshot, result, and failure point. A single successful demo is not reliability; repeat the task after a content or dependency change. [AR4][AR7][AR9]

Measure outcomes that guide fixes. Useful measures include task completion, first ambiguous control, retries, wrong destination, unsupported claim, time to safe stopping point, and whether consequence was correctly avoided. Do not average unrelated tasks into a benchmark until the methodology, sample, version, and limitations are public. For your own release gate, a simple pass/fail table is enough. Fix shared causes before individual selectors: unclear navigation, missing names, unstable state, and weak confirmation often explain several failures at once. [AR7][AR9]

  1. Create five tasks: Include find, navigate, extract with citation, safe form fill, and refuse or stop before a consequential action.
  2. Run three conditions: Test a keyboard-using human, deterministic browser automation, and the agent workflow you actually plan to support.
  3. Keep failure evidence: Attach the trace, DOM snapshot, screenshot, and exact message so the repair can target the real ambiguity.

9. Prioritize fixes by consequence and reach

Rank findings using consequence, frequency, reach, and repair confidence. A destructive action without confirmation outranks a missing optional manifest. An unlabeled primary CTA used on every page outranks an obscure heading skip. A false canonical that affects an entire content type outranks one broken related link. Record the evidence for each ranking so urgency is explainable. Then group findings by root cause: a shared layout, design-system control, route generator, or form component can often repair many pages with one tested change. [AR7][AR9]

Convert the audit into small verification-ready work. Each ticket should include the failed user task, affected URLs or components, expected behavior, prohibited regression, and command or browser steps that prove completion. Add a failing test before the code change when the behavior is deterministic. After the fix, rerun the local test, the relevant task, and a production-like build. Keep cosmetic scoring changes separate from safety or crawl changes so reviewers can see what actually improves the user outcome. [AR7][AR9][AR12]

  1. P0: Repair exposed secrets, missing authorization, unsafe consequence, or public routes that disclose or mutate beyond intent.
  2. P1: Repair blocked discovery, canonical conflicts, inaccessible primary controls, unusable forms, and failures in the core public task.
  3. P2: Improve optional discovery conventions, secondary metadata, stable automation hints, and lower-frequency content gaps after core outcomes pass.

10. Maintain readiness as the product changes

Add the stable checks to continuous integration: content inventory, internal links, canonical construction, JSON-LD parsing, sitemap membership, robots declaration, and lint or accessibility tests for shared controls. Run a focused browser smoke test against a preview before merge. After production deployment, fetch the canonical host, content index, representative article, sitemap, and robots file again because platform routing can differ from local behavior. Monitor the real activation path with first-party events, preserving source and campaign context from article view to scan start and completion. [AR1][AR2][AR9]

Schedule a material review instead of changing dates cosmetically. Recheck official sources, product claims, screenshots, route behavior, CTA destination, and test fixtures. Update the modified date only when the page meaningfully changes, and keep a concise correction note for material errors. If you later publish aggregate readiness data, disclose collection dates, inclusion rules, sample size, versioned scoring rules, missing-data treatment, privacy protections, and limitations before making comparisons. Until then, describe individual scan evidence only; do not imply a market benchmark that has not been measured. [AR2][AR7]

  1. Per change: Run deterministic content and route checks, relevant unit tests, a production build, and the affected browser task.
  2. Per release: Crawl preview and production, verify MIME types and canonicals, exercise the scan CTA, and inspect analytics context.
  3. Per quarter: Recheck source availability, scoring-methodology truth, task fixtures, security boundaries, and material article updates.

Conclusion

Readiness is a maintained relationship between public information, interface structure, safety controls, and verification. The strongest result of this checklist is not a perfect number. It is a short evidence trail: the tasks that matter, the first baseline, the fixes applied, the same tasks passing afterward, and the limits that remain. Run the free public URL scan to find an initial set of protocol, semantic, content, browser, and security signals, then confirm every recommendation against your actual user journey and deployment. The scan is a diagnostic, not a certification, and it cannot replace authorization design, accessibility testing with people, or a security review for consequential systems.

Sources

Primary and official sources checked July 13, 2026. Recheck current versions before relying on time-sensitive requirements.

  1. AR1: Google robots.txt specification Google Search Central
  2. AR2: Sitemaps XML format Sitemaps.org
  3. AR3: Web Content Accessibility Guidelines 2.2 W3C
  4. AR4: ARIA Authoring Practices Guide W3C Web Accessibility Initiative
  5. AR5: Schema.org vocabulary Schema.org
  6. AR6: OpenAPI Specification OpenAPI Initiative
  7. AR7: Secure Software Development Framework, SP 800-218 NIST
  8. AR8: OWASP Top 10 for LLM Applications OWASP
  9. AR9: GitHub Actions documentation GitHub Docs
  10. AR10: About GitHub secret scanning GitHub Docs
  11. AR11: HTML Living Standard WHATWG
  12. AR12: Adding repository custom instructions for GitHub Copilot GitHub Docs

Related resources

Website AI-Agent Readiness Checklist | AgentReady