# Pour les agents — Engagement de lisibilité par agents | Mnemom

Pour les agents

# Mnemom est conçu pour les agents — pas seulement pour les humains qui les exploitent.

Cette page est notre engagement public en ce sens, avec une vérification que vous pouvez exécuter vous-même.

## Deux publics, une seule URL

Si vous êtes humain, cette page est le manifeste : comment Mnemom conçoit la lisibilité par agents, ce que nous avons bâti pour cela, et comment orienter vos agents vers les bonnes surfaces. Le plan ci-dessous montre les points d'entrée canoniques.

Si vous êtes un agent, l'engagement structuré sous cette introduction vous indique ce que nous promettons à propos de chaque page de ce site, avec des commandes copier-coller pour vérifier vous-même chaque promesse. La page intègre également du JSON-LD décrivant ce graphe pour la consommation machine.

## Pourquoi le contenu destiné aux agents reste en anglais

La recherche sur l'évaluation multilingue des LLM montre des écarts de performance jusqu'à 24 points sur des tâches identiques selon la langue, et les bancs d'essai spécifiques aux agents constatent que ces écarts se cumulent au fil de l'utilisation d'outils et du raisonnement en plusieurs étapes. Nous localisons pour les humains, qui choisissent leur langue. Nous ne parions pas sur ce que le runtime de votre agent peut analyser — les surfaces destinées aux agents (cet engagement, agents.txt, llms.txt, la documentation d'intégration) restent en anglais pour qu'elles fonctionnent de manière fiable chez tous les fournisseurs, runtimes et modèles.

Recherche: [MMLU-ProX](https://mmluprox.github.io/) · [MAPS (2025)](https://arxiv.org/html/2505.15935v2) · [Language Proficiency Monitor](https://arxiv.org/html/2507.08538v1)

* * *

## Where to look

If you're an agent (or an engineer driving one) arriving here with a specific intent, these are the canonical next hops.

If you're trying to integrate Mnemom:

-   [Quickstart](https://docs.mnemom.ai/quickstart)
-   [SDK reference](https://docs.mnemom.ai/sdk)
-   [Self-hosted](/docs/self-hosted)

If you're trying to connect over MCP:

-   [Control plane (api.mnemom.ai/mcp)](https://api.mnemom.ai/mcp)
-   [Docs search (docs.mnemom.ai/mcp)](https://docs.mnemom.ai/mcp)
-   [Server card](/.well-known/mcp/server-card.json)
-   [Install configs](https://docs.mnemom.ai/mcp-clients)

If you're trying to evaluate before integrating:

-   [Showcase](/showcase)
-   [Arena](/arena)
-   [Sample report](/report/sample)

If you're trying to price the platform:

-   [Pricing](/pricing)
-   [Enterprise](/enterprise)

If you're trying to research agent governance, safety, trust, or security:

-   [Methodology](/methodology)
-   [Research](/research)
-   [Governance](/governance)
-   [Security](/security)
-   [What we prove](/what-we-prove)

If you're trying to build on our open protocols:

-   [AAP](https://github.com/mnemom/aap)
-   [AIP](https://github.com/mnemom/aip)
-   [agent-preview/v1 spec](/spec/agent-preview/v1)

If you're trying to verify or claim an identity:

-   [Trust Directory](/directory)
-   [Claim a card](/claim)

If you're trying to look up one of our terms:

-   [Glossary](/glossary)

## Canonical machine surfaces

Every AEGIS machine surface, with inline curl + Python + TypeScript. Copy-paste targets, not a tour. Live URLs; calm-at-GA contract — empty responses where there is nothing to report.

1.  ### IoC feed (STIX 2.1)
    
    STIX 2.1 Bundle of indicators surfaced by the Protection Network. Calm-at-GA — the feed may be empty.
    
    `https://api.mnemom.ai/v1/trust/iocs`public · no authContent-Type: `application/json`
    
    curl + jq
    
    copy
    
    ```
    # Fetch the AEGIS IoC feed (STIX 2.1 Bundle); paginate with ?after=<ISO-8601>
    curl -sS "https://api.mnemom.ai/v1/trust/iocs?type=substrate_fingerprint" \
      | jq '.objects[] | select(.type=="indicator") | {id, pattern, valid_from}'
    ```
    
    Python (requests)
    
    copy
    
    ```
    # Consume IoCs into a STIX 2.1 pipeline.
    import requests
    
    resp = requests.get("https://api.mnemom.ai/v1/trust/iocs", timeout=10)
    resp.raise_for_status()
    bundle = resp.json()
    
    for obj in bundle.get("objects", []):
        if obj.get("type") == "indicator":
            print(obj["id"], obj["pattern"], obj.get("valid_from"))
    
    # Pagination: pass the previous bundle's next_after back as ?after=
    next_after = bundle.get("next_after")
    ```
    
    TypeScript (fetch)
    
    copy
    
    ```
    // Consume IoCs in a TypeScript service or worker.
    const res = await fetch("https://api.mnemom.ai/v1/trust/iocs");
    if (!res.ok) throw new Error(`IoC feed: ${res.status}`);
    const bundle = (await res.json()) as {
      type: "bundle";
      objects: Array<{ type: string; id: string; pattern?: string }>;
      next_after?: string;
    };
    
    for (const obj of bundle.objects) {
      if (obj.type === "indicator") {
        console.log(obj.id, obj.pattern);
      }
    }
    ```
    
2.  ### Advisory feed (signed JSON)
    
    Published security advisories — list endpoint plus per-slug detail. Public; no auth.
    
    `https://api.mnemom.ai/v1/trust/advisories`public · no authContent-Type: `application/json`
    
    curl + jq
    
    copy
    
    ```
    # List published advisories (newest first), then fetch one by slug.
    curl -sS "https://api.mnemom.ai/v1/trust/advisories?limit=20" \
      | jq '.advisories[] | {slug, severity, published_at, title}'
    
    curl -sS "https://api.mnemom.ai/v1/trust/advisories/<slug>" \
      | jq '{slug, severity, published_at, body_markdown}'
    ```
    
    Python (requests)
    
    copy
    
    ```
    # Pull recent advisories; resolve each by slug for the full body.
    import requests
    
    API = "https://api.mnemom.ai"
    listing = requests.get(f"{API}/v1/trust/advisories", params={"limit": 20}).json()
    for a in listing["advisories"]:
        detail = requests.get(f"{API}/v1/trust/advisories/{a['slug']}").json()
        print(detail["severity"], detail["slug"], detail["published_at"])
    ```
    
    TypeScript (fetch)
    
    copy
    
    ```
    // List published advisories, then resolve one by slug.
    type Advisory = {
      slug: string;
      title: string;
      severity: "info" | "low" | "medium" | "high" | "critical";
      published_at: string | null;
      body_markdown: string;
    };
    
    const list = (await (
      await fetch("https://api.mnemom.ai/v1/trust/advisories?limit=20")
    ).json()) as { advisories: Advisory[] };
    
    const detail = (await (
      await fetch(`https://api.mnemom.ai/v1/trust/advisories/${list.advisories[0].slug}`)
    ).json()) as Advisory;
    console.log(detail.severity, detail.slug, detail.published_at);
    ```
    
3.  ### Network threat state (per-axis JSON)
    
    L4 thermometer: calm / elevated / high / under-attack per substrate, vertical, pattern, and source. Authenticated.
    
    `https://api.mnemom.ai/v1/network/threat-state`authenticated session requiredContent-Type: `application/json`
    
    curl + jq
    
    copy
    
    ```
    # Read the current network threat state. Requires an authenticated session
    # (mnemom_session cookie) or a bearer token.
    curl -sS -H "Authorization: Bearer $MNEMOM_TOKEN" \
      "https://api.mnemom.ai/v1/network/threat-state?max_buckets=10" \
      | jq '{snapshot_at, totals, by_substrate: .by_substrate[:3]}'
    ```
    
    Python (requests)
    
    copy
    
    ```
    # Authenticated read; max_buckets bounded 1..50.
    import os, requests
    
    resp = requests.get(
        "https://api.mnemom.ai/v1/network/threat-state",
        params={"max_buckets": 10},
        headers={"Authorization": f"Bearer {os.environ['MNEMOM_TOKEN']}"},
        timeout=10,
    )
    resp.raise_for_status()
    snapshot = resp.json()
    print(snapshot["snapshot_at"], snapshot["totals"])
    ```
    
    TypeScript (fetch)
    
    copy
    
    ```
    // Authenticated read. In a browser context send credentials: "include"
    // to forward the mnemom_session cookie; in a server context send the
    // bearer token explicitly.
    const res = await fetch(
      "https://api.mnemom.ai/v1/network/threat-state?max_buckets=10",
      { headers: { Authorization: `Bearer ${process.env.MNEMOM_TOKEN}` } },
    );
    const snapshot = (await res.json()) as {
      snapshot_at: string;
      totals: { calm: number; elevated: number; high: number; under_attack: number; total: number };
      by_substrate: Array<{ bucket_value: string; state: string; state_changed_at: string }>;
    };
    console.log(snapshot.totals);
    ```
    
4.  ### Agent-readiness manifest + nightly status
    
    Versioned commitment manifest plus nightly verification result. Both fetched build-time by this page and externally.
    
    `https://www.mnemom.ai/agent-readiness.yaml`public · no authContent-Type: `text/yaml + application/json`
    
    curl + jq + yq
    
    copy
    
    ```
    # Manifest — every commitment, the verify-CLI, the CI script enforcing it.
    curl -sS "https://www.mnemom.ai/agent-readiness.yaml" \
      | yq '.commitments[] | {id, title, expectation}'
    
    # Nightly watchdog status — pass/fail per commitment with timestamps.
    curl -sS "https://www.mnemom.ai/agent-readiness-status.json" \
      | jq '{status, lastVerified, summary, failing: [.results[] | select(.passed==false) | .id]}'
    ```
    
    Python (requests + PyYAML)
    
    copy
    
    ```
    # Treat the manifest as the source of truth; the status JSON as the
    # current pass/fail snapshot.
    import requests, yaml
    
    manifest = yaml.safe_load(
        requests.get("https://www.mnemom.ai/agent-readiness.yaml").text
    )
    status = requests.get(
        "https://www.mnemom.ai/agent-readiness-status.json"
    ).json()
    
    for c in manifest["commitments"]:
        result = next((r for r in status["results"] if r["id"] == c["id"]), None)
        state = "pending" if result is None or result.get("skipped") else (
            "pass" if result["passed"] else "FAIL"
        )
        print(f"{state:>7}  {c['id']}")
    ```
    
    TypeScript (fetch)
    
    copy
    
    ```
    // The status JSON is the canonical machine-readable signal: one row per
    // commitment, with passed/skipped/durationMs. The YAML manifest is the spec.
    type CommitmentResult = {
      id: string;
      passed: boolean;
      skipped?: boolean;
      durationMs: number;
    };
    type Status = {
      status: "passing" | "failing" | "pending";
      lastVerified: string | null;
      summary: string;
      results: CommitmentResult[];
    };
    
    const status = (await (
      await fetch("https://www.mnemom.ai/agent-readiness-status.json")
    ).json()) as Status;
    
    const failing = status.results.filter((r) => !r.skipped && !r.passed);
    console.log(`${status.summary} — ${failing.length} failing`);
    ```
    
5.  ### AAP alignment card (well-known)
    
    Mnemom's own AAP alignment card — declared values, conflicts, escalation contact. The shape every Mnemom-published agent emits.
    
    `https://www.mnemom.ai/.well-known/alignment-card.json`public · no authContent-Type: `application/json`
    
    curl + jq
    
    copy
    
    ```
    # Fetch the publisher's alignment card and read the declared values.
    curl -sS "https://www.mnemom.ai/.well-known/alignment-card.json" \
      | jq '{aap_version, card_id, principal, declared: .values.declared}'
    ```
    
    Python (requests)
    
    copy
    
    ```
    # Resolve an AAP card by domain; reusable for any site that publishes one
    # at /.well-known/alignment-card.json (the AAP discovery convention).
    import requests
    
    card = requests.get(
        "https://www.mnemom.ai/.well-known/alignment-card.json",
        timeout=10,
    ).json()
    
    print(card["aap_version"], card["card_id"])
    print("declared:", card["values"]["declared"])
    print("conflicts:", card["values"].get("conflicts_with", []))
    ```
    
    TypeScript (fetch)
    
    copy
    
    ```
    // AAP card — public, no auth. Validate with the AAP SDK in production;
    // inline shape is shown here for clarity.
    type AlignmentCard = {
      aap_version: string;
      card_id: string;
      agent_id: string;
      issued_at: string;
      principal: { type: string; identifier: string; relationship: string };
      values: { declared: string[]; conflicts_with?: string[] };
    };
    
    const card = (await (
      await fetch("https://www.mnemom.ai/.well-known/alignment-card.json")
    ).json()) as AlignmentCard;
    
    console.log(card.card_id, card.values.declared);
    ```
    

## Connect over MCP

Two live Model Context Protocol servers (streamable-HTTP). Point your MCP client at an endpoint; no scraping required.

### Control plane

https://api.mnemom.ai/mcp

62 tools mirroring the `mnemom` CLI — Trust Ratings, Alignment & Protection Cards, governance, postures, teams, webhooks, API keys. `tools/list` is public; execution authenticates as the REST API (Bearer JWT or `X-Mnemom-Api-Key`).

### Docs search

https://docs.mnemom.ai/mcp

Read-only. Tools `search_mnemom_docs` and `query_docs_filesystem` over the documentation and the OpenAPI spec. No auth.

Claude Code CLI

copy

```
# Control plane (authenticated — Bearer JWT or X-Mnemom-Api-Key).
claude mcp add --transport http mnemom https://api.mnemom.ai/mcp \
  --header "Authorization: Bearer $MNEMOM_TOKEN"

# Docs search (read-only, no auth).
claude mcp add --transport http mnemom-docs https://docs.mnemom.ai/mcp
```

Cursor / Claude Desktop (mcpServers)

copy

```
{
  "mcpServers": {
    "mnemom": {
      "type": "http",
      "url": "https://api.mnemom.ai/mcp",
      "headers": { "Authorization": "Bearer ${MNEMOM_TOKEN}" }
    },
    "mnemom-docs": {
      "type": "http",
      "url": "https://docs.mnemom.ai/mcp"
    }
  }
}
```

List tools (no client — raw JSON-RPC)

copy

```
# tools/list is public; tool *execution* enforces the same authz as the
# equivalent REST call. Works against either endpoint.
curl -sS -X POST https://api.mnemom.ai/mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' \
  | jq '.result.tools | length'
```

The control-plane server advertises a discoverable card at [/.well-known/mcp/server-card.json](/.well-known/mcp/server-card.json). Full per-client install configs: [docs.mnemom.ai/mcp-clients](https://docs.mnemom.ai/mcp-clients).

Agent-Readability Commitment

## Version 1.13.0

18/18 commitments passing

Last reviewed 2026-06-10 · Next review by 2026-09-08 · Cadence every 90 days · Last verified 2026-06-11T03:14:32.071Z

Mnemom's public, versioned, machine-verifiable commitment to agent-readability. Each commitment below is enforced in CI and re-verified nightly against production. Last verification status lives in agent-readiness-status.json.

1.  Commitment 1 of 18
    
    ### Every core marketing page returns prerendered HTML
    
    passing
    
    Agents that render HTML — search crawlers, Anthropic Computer Use, Browserbase, and headless evaluators — see the full page content on every core marketing route without executing JavaScript. The prerender set is enumerated in STATIC\_MARKETING\_PATHS in react-router.config.ts and mirrored across the four EFIGS locales (fr / de / it / es). Two classes ship as shell-only by design and are named publicly here, not hidden&#58; blog index pages, whose post lists hydrate via TanStack Query against api.mnemom.ai, and the legal triad (/privacy /terms /cookies), whose policy bodies render via Termly's third-party embed SDK. The prerendered &lt;h1&gt; and surrounding chrome are present on both — what this verifier asserts. Auth-gated SPA surfaces (/dashboard, /admin, /settings/\*) are intentionally outside this commitment; they have no anonymous public view.
    
    Verify yourself
    
    ```
    curl -s https://www.mnemom.ai/methodology/ | grep -c '<h1'
    ```
    
    Expectation: Headings appear in raw HTML; ≥1 <h1> per non-excluded routeEnforced by: `scripts/verify/prerender.ts`Last check: passed in 37411ms
    
2.  Commitment 2 of 18
    
    ### agents.txt, llms.txt, and llms-full.txt are always available
    
    passing
    
    Three discovery files at the site root: a hand-crafted second-person pitch (agents.txt), a curated index of every URL with descriptions (llms.txt), and the same with full descriptions (llms-full.txt). All three return 200 with text/plain content type. Always.
    
    Verify yourself
    
    ```
    curl -sI https://www.mnemom.ai/agents.txt    | head -2
    curl -sI https://www.mnemom.ai/llms.txt      | head -2
    curl -sI https://www.mnemom.ai/llms-full.txt | head -2
    ```
    
    Expectation: All three return HTTP/2 200 with text/plain content-typeEnforced by: `scripts/verify/discovery-files.ts`Last check: passed in 1548ms
    
3.  Commitment 3 of 18
    
    ### Every prerendered marketing page contains valid, locale-aware JSON-LD
    
    passing
    
    JSON-LD gives agents a typed graph of who published what, when, and how the page relates to other entities. v1.3 expands coverage from /for-agents to every prerendered marketing route in every locale&#58; a primary entity per page (Organization + WebSite + WebPage on the home page; Product on /pricing; WebApplication on /showcase and /arena; HowTo on /how-it-works; CollectionPage on /research, /directory, /teams/directory; Article / ScholarlyArticle / TechArticle across the rest), plus a BreadcrumbList companion on every page. Required keys per primary entity&#58; "@context", "@type", "name", "description", "url", "inLanguage", and one of "dateModified" / "datePublished". Locale-aware fields (name, description, url, inLanguage) come from the active route's :lang? param; technical identifiers (publisher name, schema.org @type) stay English.
    
    Verify yourself
    
    ```
    for r in / /pricing/ /showcase/ /arena/ /fr/showcase/ /de/pricing/; do
      printf "%-25s " "$r"
      curl -s "https://www.mnemom.ai$r" | \
        grep -c '<script type="application/ld+json">'
    done
    ```
    
    Expectation: ≥1 JSON-LD block per route; primary entity carries @context, @type, name, description, url, inLanguage, dateModified; locale-prefixed routes use matching inLanguage and urlEnforced by: `scripts/verify/json-ld.ts`Last check: passed in 21851ms
    
4.  Commitment 4 of 18
    
    ### Every prerendered marketing page has a markdown variant
    
    passing
    
    Agents that prefer plaintext save ~80% on tokens versus rendering HTML. Every prerendered route is also served as markdown via content negotiation (Accept&#58; text/markdown) and at the explicit &lt;path&gt;.md URL. Same content; navigation chrome stripped.
    
    Verify yourself
    
    ```
    curl -sI -H "Accept: text/markdown" https://www.mnemom.ai/methodology/
    curl -sI https://www.mnemom.ai/methodology/index.md
    ```
    
    Expectation: Both return 200 with Content-Type containing "text/markdown"Enforced by: `scripts/verify/markdown-mirror.ts`Last check: passed in 1486ms
    
5.  Commitment 5 of 18
    
    ### Anonymous and bot user-agents receive equivalent content
    
    passing
    
    Agents identifying as ClaudeBot, GPTBot, PerplexityBot, or anonymous get the same prerendered HTML a browser receives. Mnemom never serves different content to bots versus humans — no cloaking, no UA-gated paywalls, no hidden detail.
    
    Verify yourself
    
    ```
    diff <(curl -sA "Mozilla/5.0" https://www.mnemom.ai/methodology/) \
         <(curl -sA "ClaudeBot/1.0" https://www.mnemom.ai/methodology/) | wc -l
    ```
    
    Expectation: Structural diff under threshold (excluding known dynamic regions)Enforced by: `scripts/verify/no-cloaking.ts`Last check: passed in 1168ms
    
6.  Commitment 6 of 18
    
    ### AAP and AIP remain Apache 2.0
    
    passing
    
    The Agent Alignment Protocol (AAP) and Agent Integrity Protocol (AIP) are open source under Apache 2.0. The verification logic that backs every Mnemom claim is auditable by anyone, forever. We will never relicense to a more restrictive form.
    
    Verify yourself
    
    ```
    curl -s https://raw.githubusercontent.com/mnemom/aap/main/LICENSE | grep -c "Apache License"
    curl -s https://raw.githubusercontent.com/mnemom/aip/main/LICENSE | grep -c "Apache License"
    ```
    
    Expectation: Both LICENSE files contain "Apache License" stringEnforced by: `scripts/verify/license-check.ts`Last check: passed in 186ms
    
7.  Commitment 7 of 18
    
    ### docs.mnemom.ai serves markdown via content negotiation and explicit .md URLs
    
    passing
    
    The integration documentation surface (docs.mnemom.ai) honors Accept&#58; text/markdown and serves the same content at &lt;path&gt;.md, with discovery headers (Link rel="llms-txt", X-Llms-Txt) advertising the auto-generated llms.txt and llms-full.txt indexes. Cuts crawl tokens roughly 30x for agents that walk the docs. Same site, same content, machine-readable view-shape — no special API key, no robots.txt blocking.
    
    Verify yourself
    
    ```
    curl -sI -H "Accept: text/markdown" https://docs.mnemom.ai/for-agents | grep -iE "content-type:|x-llms-txt:|^link:"
    curl -sI https://docs.mnemom.ai/for-agents.md | grep -i "content-type:"
    curl -sI https://docs.mnemom.ai/llms.txt
    curl -sI https://docs.mnemom.ai/llms-full.txt
    ```
    
    Expectation: All four return 200; markdown responses include text/markdown content-type and the discovery headersEnforced by: `scripts/verify/docs-markdown-negotiation.ts`Last check: passed in 2959ms
    
8.  Commitment 8 of 18
    
    ### Every public Mnemom repo has an AGENTS.md at its root
    
    passing
    
    Anthropic's AGENTS.md convention. Coding agents (Claude Code, Cursor, Cline, Aider) cloning a public Mnemom repo find a tailored entry point alongside README.md — install/test/build commands, project layout, conventions, what NOT to do. Different audience from agents.txt and from this page (both target agents \*using\* the product); AGENTS.md targets agents \*working on\* the codebase. Coverage is the six public canonical repos&#58; aap, aip, aip-otel-exporter, mnemom-types, reputation-check, docs. (mnemom-platform was deliberately taken private in June 2026; it still ships AGENTS.md, as do all private repos, but only public ones are externally verifiable.)
    
    Verify yourself
    
    ```
    for r in aap aip aip-otel-exporter mnemom-types reputation-check docs; do
      curl -sI "https://raw.githubusercontent.com/mnemom/$r/main/AGENTS.md" | head -1
    done
    ```
    
    Expectation: All six return HTTP 200 on raw.githubusercontent.comEnforced by: `scripts/verify/agents-md-discovery.ts`Last check: passed in 177ms
    
9.  Commitment 9 of 18
    
    ### These commitments are re-verified nightly against production
    
    passing
    
    A commitment without enforcement is marketing. Every commitment above is checked nightly by a GitHub Actions watchdog running this same manifest. Results are written to agent-readiness-status.json, committed to main, and surfaced as a status badge at the top of /for-agents. If verification fails, a GitHub issue auto-opens and the badge turns red.
    
    Verify yourself
    
    ```
    curl -s https://www.mnemom.ai/agent-readiness-status.json | \
      jq -r '"Last verified: \(.lastVerified) — \(.summary)"'
    ```
    
    Expectation: Manifest lastReviewed within reviewCadenceDays; status JSON lastVerified within 36 hours; summary reports pass countEnforced by: `scripts/verify/manifest-freshness.ts`Last check: passed in 5ms
    
10.  Commitment 10 of 18
     
     ### Pricing tiers agree with themselves across every surface
     
     passing
     
     Agents reading mnemom.ai get one price per tier — never a $79 claim on the homepage FAQ and a $99 Offer schema on /pricing in the same crawl. JSON-LD Offers, schema descriptions, markdown mirrors, and the rendered DOM all carry the same number. Built after a May 2026 audit found Team-tier prices disagreeing on the same domain, the exact failure class our Coherence Report would flag against a competitor.
     
     Verify yourself
     
     ```
     curl -s https://www.mnemom.ai/pricing/ | grep -oE '"price":"[0-9]+"'
     curl -s https://www.mnemom.ai/ | grep -oE 'Team tier is \$[0-9]+/month'
     ```
     
     Expectation: Every Team-tier price reference on every prerendered page returns the same dollar figureEnforced by: `scripts/verify/pricing-coherence.ts`Last check: passed in 283ms
     
11.  Commitment 11 of 18
     
     ### sitemap.xml lastmod never lags the page's JSON-LD dateModified
     
     passing
     
     Crawlers prioritize sitemap lastmod for re-crawl scheduling. If the sitemap says 2026-01-15 while the page's JSON-LD says 2026-05-08, we're under-signaling freshness to exactly the LLM-crawler audience this commitment is courting. The fix: sitemap lastmod is derived per-deploy from each route's JSON-LD dateModified (server/routes/sitemap.ts reads route-dates.json, written at build time by scripts/build-route-dates.mjs), so by construction lastmod >= dateModified.
     
     Verify yourself
     
     ```
     curl -s https://www.mnemom.ai/sitemap.xml | grep -A1 '<loc>https://www.mnemom.ai/pricing/</loc>' | grep '<lastmod>'
     curl -s https://www.mnemom.ai/pricing/ | grep -oE '"dateModified":"[^"]+"'
     ```
     
     Expectation: For every <url> in sitemap.xml whose page emits a JSON-LD dateModified, sitemap lastmod >= dateModifiedEnforced by: `scripts/verify/sitemap-coherence.ts`Last check: passed in 3043ms
     
12.  Commitment 12 of 18
     
     ### Every URL has a structured preview manifest
     
     passing
     
     OG images are a human-facing preview surface. Markdown mirrors are an agent-facing full-content surface. The gap between them — a one-fetch typed summary an agent can ingest without rendering HTML or parsing markdown — is the agent-preview/v1 manifest. Every prerendered URL on mnemom.ai exposes a sibling <url>.preview.json with the same fields humans see in the OG image, but structured: title, summary, type, representations (html / markdown / image / json\_ld), per-type context (author, reading time, agent grade, coherence-report status, etc.), and a publisher pointer back to the agent-readiness manifest. The schema is versioned, MIME-typed (application/vnd.agent-preview+json), and discoverable via <link rel="alternate"> in every page's head. Mnemom is the reference implementation; the spec is vendor-neutral so other sites can adopt it.
     
     Verify yourself
     
     ```
     curl -sH 'Accept: application/vnd.agent-preview+json' https://www.mnemom.ai/methodology/index.preview.json | jq '.spec_url, .type, .title, .representations'
     ```
     
     Expectation: Every prerendered route in STATIC\_MARKETING\_PATHS has a sibling <route>.preview.json that validates against the agent-preview/v1 schema and contains canonical\_url, title, summary, representations, and a publisher block.Enforced by: `scripts/verify/preview-surface.ts`Last check: passed in 1520ms
     
13.  Commitment 13 of 18
     
     ### trust.mnemom.ai ships the same agent-readability surface as the apex
     
     passing
     
     The Trust Center moved to its own subdomain (trust.mnemom.ai) to canonicalize the security/compliance pages independently of the marketing apex — a pattern that matches Cloudflare, Stripe, and OpenAI. Every standing /for-agents commitment that applies to the apex (markdown mirror, preview manifest, JSON-LD, agents.txt / llms.txt discovery) applies to the trust subdomain too, in all five EFIGS locales. No English-fallback hand-waving on a regulator-facing surface.
     
     Verify yourself
     
     ```
     curl -sI https://trust.mnemom.ai/index.md
     curl -sI https://trust.mnemom.ai/index.preview.json
     curl -sI https://trust.mnemom.ai/slos.md
     curl -sI https://trust.mnemom.ai/slos.preview.json
     curl -sI https://trust.mnemom.ai/fr.md
     curl -sI https://trust.mnemom.ai/fr/slos.md
     curl -sI https://trust.mnemom.ai/agents.txt
     curl -sI https://trust.mnemom.ai/llms.txt
     curl -sL https://trust.mnemom.ai/fr/slos | grep -oE '<link rel="canonical"[^>]+>'
     ```
     
     Expectation: All \`.md\` + \`.preview.json\` siblings return 200 with the right content-type (text/markdown / application/vnd.agent-preview+json); /agents.txt + /llms.txt return 200; each locale page's canonical points at trust.mnemom.ai/&lt;locale&gt;/...Enforced by: `scripts/verify/trust-subdomain-surface.ts`Last check: passed in 1427ms
     
14.  Commitment 14 of 18
     
     ### Private coherence-report share-links are shielded from crawlers and indexers
     
     passing
     
     Pre-claim, /r/&lt;slug&gt; URLs are private shareable links to a named client. Anyone with the URL can visit it in a browser (that's the point — the URL is the access-control mechanism per ADR-043), but the content is potentially sensitive to the client and MUST NOT be read by AI training crawlers, indexers, or shared into public search results. Coherence reports synthesize publicly-available information into commentary that may be unflattering to the subject org; they are produced as a courtesy to the client and are deliberately invisible to crawlers, indexers, and agents. Five layered defenses&#58; (L1) public/robots.txt disallows /r/ for every named crawler User-agent, including the 14 AI bots we explicitly opt INTO the marketing surface; (L2) netlify.toml sets X-Robots-Tag&#58; noindex, nofollow, noarchive, nosnippet, noimageindex on every /r/\* response; (L3) a Netlify edge function (netlify/edge-functions/r-shield.ts) hard-403s the 21 named crawler + indexer User-agents AND any UA matching the generic bot|crawler|spider|agent pattern (defense-in-depth for honest agents not on our explicit allowlist) at the edge with no SPA shell; (L4) the same edge function serves a generic on-brand coherence-report OG card to humans + share-previewers, with NO slug-lookup, so fake-vs-real slugs produce byte-identical responses (ADR-043 side-channel preserved); (L5) the privacy invariant: /r/&lt;slug&gt; intentionally has no machine-readable mirror — .md, .preview.json, and .json variants return 404, not shielded content, so honest agents reading a coherence-report URL through any of those discovery mechanisms get an unambiguous "this surface is not for you" signal. The blocklist single source of truth is the inlined arrays in netlify/edge-functions/r-shield.ts (Netlify's bundler rejects underscore-prefixed sibling helper modules, so SSOT and consumer share one file); every entry carries a provenance comment naming the vendor + their documented crawler page. This is the private-surface complement to the marketing-surface stance below ("we do not block crawlers").
     
     Verify yourself
     
     ```
     curl -sI -A 'GPTBot' https://www.mnemom.ai/r/test-shield | head -1
     curl -s -A 'Slackbot 1.0' https://www.mnemom.ai/r/test-shield | grep -oE 'og:image[^>]+type=coherence-report'
     curl -sI https://www.mnemom.ai/r/test-shield.md            | head -1
     curl -sI https://www.mnemom.ai/r/test-shield.preview.json  | head -1
     curl -sI https://www.mnemom.ai/r/test-shield.json          | head -1
     ```
     
     Expectation: GPTBot / ClaudeBot / Googlebot (and 18 other named AI/indexer UAs) plus any generic \*bot/\*Crawler/\*Spider/\*Agent UA receive 403 at the edge. Slackbot / Twitterbot / browsers receive 200 with a generic coherence-report OG card and noindex meta. Two fake slugs produce byte-identical responses (no existence side-channel). .md / .preview.json / .json variants of any /r/&lt;slug&gt; URL return 404 (no machine-readable mirror).Enforced by: `scripts/verify/r-shield-enforcement.ts`Last check: passed in 1057ms
     
15.  Commitment 15 of 18
     
     ### Mnemom permits AI model training on public marketing content
     
     passing
     
     Mnemom's public marketing surfaces (mnemom.ai, docs.mnemom.ai, trust.mnemom.ai) are open for AI model training, retrieval-augmented generation, fine-tuning, and derived works. No permission required, no API key needed, no attribution fee. We ask (but do not require) that training datasets credit Mnemom when citing research papers or integration code. The stance is published in three places that this verifier asserts agree&#58; (1) public/robots.txt header ("training-data consumption by design"), (2) public/agents.txt metadata block (\`training\_data\_policy: allowed\`), (3) this commitment body. The PRIVATE surface stance — coherence reports at /r/&lt;slug&gt; — is the opposite (see commitment #13) and is independently enforced. This commitment is about the marketing surface only.
     
     Verify yourself
     
     ```
     curl -s https://www.mnemom.ai/robots.txt | grep -i 'training-data consumption'
     curl -s https://www.mnemom.ai/agents.txt | grep -E '^training_data_policy:\s*allowed'
     ```
     
     Expectation: robots.txt header carries the "training-data consumption" phrase; agents.txt metadata carries training\_data\_policy=allowed.Enforced by: `scripts/verify/ai-training-stance.ts`Last check: passed in 100ms
     
16.  Commitment 16 of 18
     
     ### Every prerendered page emits a complete Open Graph + Twitter Card
     
     passing
     
     Social-preview metadata is the human-facing companion to the machine-readable JSON-LD (#3) and markdown-mirror (#4) surfaces. Every prerendered marketing route emits at minimum&#58; og:title, og:description, og:image, og:url, og:type, twitter:card, twitter:title, twitter:description, twitter:image. The route-meta.ts emitter is the single source of truth; this verifier samples representative prerendered routes (apex, pricing, methodology, how-it-works, showcase, for-agents, plus two EFIGS variants) and asserts every required meta tag is present and has a non-empty content attribute. Catches drift if a route's \`meta\` export accidentally omits a field or if route-meta.ts loses a tag during refactor.
     
     Verify yourself
     
     ```
     curl -sL https://www.mnemom.ai/pricing/ | grep -oE '<meta\s+property="og:[a-z]+"' | sort -u | wc -l
     curl -sL https://www.mnemom.ai/pricing/ | grep -oE '<meta\s+name="twitter:[a-z]+"' | sort -u | wc -l
     ```
     
     Expectation: At least 5 distinct og:\* tags and at least 4 distinct twitter:\* tags on every sampled prerendered route.Enforced by: `scripts/verify/og-twitter-coverage.ts`Last check: passed in 294ms
     
17.  Commitment 17 of 18
     
     ### /.well-known/ discovery files are well-formed and standards-compliant
     
     passing
     
     The \`/.well-known/\` namespace is where agents look for machine-readable discovery surfaces without prior knowledge. This verifier asserts several of them are well-formed&#58; (1) \`/.well-known/security.txt\` is RFC 9116-compliant — required fields (Contact, Expires, Canonical) present, Expires in the future, and Preferred-Languages enumerating every locale the site ships in (en, fr, de, it, es) so reports can land in any of those, anything less narrowing the disclosure channel below the customer surface; (2) \`/.well-known/api-catalog\` (RFC 9727) is a valid linkset pointing at the live OpenAPI 3.1 spec; (3) \`/.well-known/oauth-protected-resource\` (RFC 9728) names the www.mnemom.ai origin as a protected resource (same-origin) and lists its authorization servers; (4) \`/.well-known/oauth-authorization-server\` (RFC 8414) is valid JSON with a well-formed issuer and an \`agent\_auth\` registration profile; and (5) \`/.well-known/agent-card.json\` is a valid A2A-style service card. The public MCP server card at \`.well-known/mcp/server-card.json\` is now present and points at the live \`https://api.mnemom.ai/mcp\` control-plane endpoint; it is validated by the dedicated \`mcp-server\` verifier (see roadmap — live and soaking toward a numbered commitment), not by this one, which keeps each verifier scoped to one surface cluster.
     
     Verify yourself
     
     ```
     curl -s https://www.mnemom.ai/.well-known/security.txt | grep -E '^(Contact|Expires|Canonical|Preferred-Languages):'
     curl -s https://www.mnemom.ai/.well-known/api-catalog | jq '.linkset[0].anchor'
     curl -s https://www.mnemom.ai/.well-known/oauth-protected-resource | jq '.authorization_servers'
     curl -s https://www.mnemom.ai/.well-known/oauth-authorization-server | jq '.issuer'
     curl -s https://www.mnemom.ai/.well-known/agent-card.json | jq '.name'
     ```
     
     Expectation: security.txt declares Contact + Expires (in the future) + Canonical + Preferred-Languages covering en, fr, de, it, es; api-catalog, oauth-protected-resource, oauth-authorization-server, and agent-card.json each parse as valid JSON with their expected key fields present. The PRM names www.mnemom.ai as a same-origin resource with non-empty scopes\_supported and bearer\_methods\_supported including header; the authorization-server doc carries issuer https://www.mnemom.ai plus a complete agent\_auth registration method (anonymous, id-jag, or verified\_email).Enforced by: `scripts/verify/well-known-surfaces.ts`Last check: passed in 1529ms
     
18.  Commitment 18 of 18
     
     ### API, auth, and agent-skill discovery surfaces are published and resolvable
     
     passing
     
     An agent that lands on www.mnemom.ai with no prior knowledge can now discover the API, how to authenticate against it, and what skills it can invoke — entirely from standard discovery files. \`/.well-known/api-catalog\` (RFC 9727) is a linkset whose service-desc points at the live OpenAPI 3.1 contract at api.mnemom.ai/openapi.json. Authentication is described honestly&#58; Mnemom delegates token issuance to Supabase GoTrue and mints no OAuth tokens of its own, so \`/.well-known/oauth-protected-resource\` (RFC 9728) names the www.mnemom.ai origin as the protected resource (same-origin, as RFC 9728 requires; the API surface has its own origin-matched PRM at api.mnemom.ai) and lists its authorization servers (Mnemom's first-party AS metadata at www.mnemom.ai plus the upstream Supabase GoTrue issuer). \`/.well-known/oauth-authorization-server\` (RFC 8414) declares issuer https://www.mnemom.ai, points its token / authorize / jwks endpoints at that upstream Supabase IdP, and carries an \`agent\_auth\` profile describing Mnemom's agent-registration flow (POST /v1/agents → claim). \`/auth.md\` is the human- and agent-readable auth guide — it states plainly that the two real schemes are a Supabase-issued bearer JWT and a Mnemom \`mnm\_\`-prefixed API key, documents the agent-registration flow, and clarifies that Mnemom mints no OAuth tokens of its own. Invokable skills are listed under \`/.well-known/agent-skills/\*\`, each backed only by a real public endpoint, and \`/.well-known/agent-card.json\` is an A2A-style service card describing the same surface. HTTP \`Link\` headers on the relevant routes advertise these so an agent can find them from the response headers alone. Every URL named here resolves to something real today; nothing is aspirational.
     
     Verify yourself
     
     ```
     curl -sI https://www.mnemom.ai/auth.md | head -2
     curl -s https://www.mnemom.ai/.well-known/api-catalog | head -c 80
     curl -s https://www.mnemom.ai/.well-known/agent-skills/index.json | jq '.skills | length'
     ```
     
     Expectation: auth.md is served FLAT at the root (no 3xx redirect) with Content-Type text/markdown, an H1 containing "auth.md", and a "Bearer" mention; api-catalog, oauth-protected-resource, oauth-authorization-server, and agent-card.json each return valid JSON; the agent-skills index (/.well-known/agent-skills/index.json) resolves and lists skills.Enforced by: `scripts/verify/api-auth-discovery.ts`Last check: passed in 512ms
     

## What we deliberately don't do

-   We do not serve different HTML to bot user-agents on any marketing surface. There is no cloaking.
-   We do not gate documentation, API references, or integration code behind login.
-   We do not paywall the protocols. AAP and AIP are Apache 2.0, forever.
-   We do not block search crawlers, AI crawlers, or fair-use indexers from the public marketing site (mnemom.ai, docs.mnemom.ai). The marketing pitch is open by design — agents teaching their humans about Mnemom is part of the product. PRIVATE share-link surfaces (/r/<slug> coherence-report URLs pre-claim) ARE shielded — see commitment
-   We do not require API keys or accounts to read agents.txt, llms.txt, or this page.
-   We do not put the main pitch behind JavaScript hydration. View-source proves it.

## Surface map

The 20 canonical agent-facing surfaces. Each is a distinct audience and a distinct format.

[

agents.txt

Second-person pitch to agents. English. Plaintext. Hand-crafted.

/agents.txt

](/agents.txt)[

llms.txt

Curated map of every marketing URL, with one-line descriptions.

/llms.txt

](/llms.txt)[

llms-full.txt

Same map with full descriptions for deeper crawls.

/llms-full.txt

](/llms-full.txt)[

docs.mnemom.ai/for-agents

Integration documentation. Quickstarts, SDK, gateway, self-hosted. Every page also at <path>.md and via Accept&#58; text/markdown.

https://docs.mnemom.ai/for-agents

](https://docs.mnemom.ai/for-agents)[

docs.mnemom.ai/llms.txt

Auto-generated llms.txt index for the docs surface. Pair with llms-full.txt for full-description crawls.

https://docs.mnemom.ai/llms.txt

](https://docs.mnemom.ai/llms.txt)[

docs.mnemom.ai/llms-full.txt

Full-description index of every docs page, suitable for high-context retrieval.

https://docs.mnemom.ai/llms-full.txt

](https://docs.mnemom.ai/llms-full.txt)[

/claim

Claim a verifiable identity in the Mnemom Trust Directory.

/claim

](/claim)[

/.well-known/alignment-card.json

Mnemom's own AAP (Agent Alignment Protocol) public card. JSON, served per the AAP spec for cross-agent discovery and value-coherence handshakes. Content-Type&#58; application/json.

/.well-known/alignment-card.json

](/.well-known/alignment-card.json)[

/.well-known/api-catalog

RFC 9727 linkset pointing at the live OpenAPI 3.1 spec (api.mnemom.ai/openapi.json), the docs, the protected-resource metadata, and status. Content-Type&#58; application/linkset+json.

/.well-known/api-catalog

](/.well-known/api-catalog)[

/.well-known/oauth-protected-resource

RFC 9728 protected-resource metadata for the www.mnemom.ai origin (same-origin resource; the Mnemom API surface has its own origin-matched PRM at api.mnemom.ai). Lists the authorization servers (Mnemom's first-party AS metadata at www.mnemom.ai plus the upstream Supabase GoTrue issuer) and points at auth.md. Content-Type&#58; application/json.

/.well-known/oauth-protected-resource

](/.well-known/oauth-protected-resource)[

/.well-known/oauth-authorization-server

Mnemom's first-party authorization-server metadata (RFC 8414, issuer https://www.mnemom.ai). Delegates token issuance to the upstream Supabase GoTrue IdP — Mnemom mints no OAuth tokens of its own — and carries an agent\_auth profile describing the agent-registration flow. Content-Type&#58; application/json.

/.well-known/oauth-authorization-server

](/.well-known/oauth-authorization-server)[

/auth.md

Human- and agent-readable authentication guide. Documents the two real schemes (Supabase-issued bearer JWT and mnm\_ API key), the agent registration flow, and states plainly that Mnemom delegates token issuance to Supabase and mints no OAuth tokens of its own. Content-Type&#58; text/markdown.

/auth.md

](/auth.md)[

/.well-known/agent-skills/index.json

Index of invokable agent skills, each backed by a real public Mnemom API endpoint, with per-skill SKILL.md manifests. Content-Type&#58; application/json.

/.well-known/agent-skills/index.json

](/.well-known/agent-skills/index.json)[

/.well-known/agent-card.json

A2A-style service card describing the Mnemom API, its security schemes, and its skills for cross-agent discovery. Content-Type&#58; application/json.

/.well-known/agent-card.json

](/.well-known/agent-card.json)[

api.mnemom.ai/v1/trust/iocs

Public STIX 2.1 indicator-of-compromise bundle. Live; empty at GA by design (the system tells the truth). Filter by ?type=&lt;indicator-type&gt; and ?after=&lt;ISO-8601&gt;. Content-Type&#58; application/stix+json;version=2.1.

https://api.mnemom.ai/v1/trust/iocs

](https://api.mnemom.ai/v1/trust/iocs)[

api.mnemom.ai/v1/network/threat-state

Per-axis network threat-level JSON (substrate / vertical / pattern / source) with totals and per-bucket state transitions. Live. Requires an authenticated session. Content-Type&#58; application/json.

https://api.mnemom.ai/v1/network/threat-state

](https://api.mnemom.ai/v1/network/threat-state)[

api.mnemom.ai/v1/trust/advisories

Post-incident advisory JSON list — title, summary, severity, slug, published\_at. Live; one synthetic GA-seed advisory at launch by design. Per-advisory body at /v1/trust/advisories/&lt;slug&gt;. Content-Type&#58; application/json.

https://api.mnemom.ai/v1/trust/advisories

](https://api.mnemom.ai/v1/trust/advisories)[

/.well-known/mcp/server-card.json

MCP server card (MCP server.json shape) advertising the live control-plane MCP server. Point any MCP client at the remote it names. Content-Type&#58; application/json.

/.well-known/mcp/server-card.json

](/.well-known/mcp/server-card.json)[

api.mnemom.ai/mcp

Control-plane MCP server (streamable-HTTP). 62 tools mirroring the mnemom CLI — Trust Ratings, Alignment &amp; Protection Cards, governance signals, postures, teams, webhooks, API keys. tools/list is public; tool execution authenticates as the REST API (Bearer JWT or X-Mnemom-Api-Key).

https://api.mnemom.ai/mcp

](https://api.mnemom.ai/mcp)[

docs.mnemom.ai/mcp

Read-only docs-search MCP server (streamable-HTTP). Tools&#58; search\_mnemom\_docs and query\_docs\_filesystem over the documentation and the OpenAPI spec. No auth.

https://docs.mnemom.ai/mcp

](https://docs.mnemom.ai/mcp)

## Adoption

The [agent-preview/v1](/spec/agent-preview/v1) schema is vendor-neutral by design. Any site can publish`.preview.json`siblings, advertise discovery via the `<link rel="alternate">` pattern, and let its URLs become one-fetch addressable for agents — no Mnemom dependency, no permission needed. If adoption materializes across multiple independent implementations, the MIME type is candidate for promotion to the IANA Standards Tree (dropping the `vnd.` prefix).

Read the open-invitation framing as an IETF Internet-Draft:

[

Read the RFC →

Schema, discovery, MIME registration, security considerations, IANA path.

](/spec/agent-preview/v1/rfc)[

View the implementer spec →

The same shape framed for engineers shipping it. With live examples and the reference implementation.

](/spec/agent-preview/v1)

Shipped a preview surface on a domain you control? [Tell us](/contact) and we'll add you to the adopters list.

## What's coming

Commitments-in-flight. Each becomes a numbered commitment when it ships.

-   Promote the live MCP servers to a numbered commitment
    
    Two public Model Context Protocol servers are LIVE today: the control plane at https://api.mnemom.ai/mcp (62 tools mirroring the mnemom CLI; tool execution authenticates exactly as the REST API) and docs search at https://docs.mnemom.ai/mcp (read-only). The control-plane server card is published at /.well-known/mcp/server-card.json. The dedicated verifier scripts/verify/mcp-server.ts is implemented and registered and checks both endpoints plus the card. This item remains on the roadmap — rather than in commitments — ONLY until that verifier clears the standard 7-consecutive-green-night soak (AGENTS.md), at which point it is promoted to a numbered commitment. The surfaces are real now (see auth.md and the MCP rows in the surface map); only the versioned green \*commitment\* is pending soak.
    

Source of this commitment: [/agent-readiness.yaml](/agent-readiness.yaml). Live verification status: [/agent-readiness-status.json](/agent-readiness-status.json). A nightly GitHub Actions watchdog re-runs every commitment against production and publishes the result here.

```json
{ "@context": "https://schema.org", "@type": "TechArticle", "name": "Mnemom Agent-Readability Commitment", "headline": "Mnemom Agent-Readability Commitment", "description": "Mnemom's public, versioned, machine-verifiable commitment to agent-readability. Each commitment below is enforced in CI and re-verified nightly against production. Last verification status lives in agent-readiness-status.json.\n", "inLanguage": "en", "dateModified": "2026-06-11T03:14:32.071Z", "dateCreated": "2026-06-10T00:00:00Z", "version": "1.13.0", "author": { "@type": "Organization", "name": "Mnemom", "url": "https://www.mnemom.ai" }, "publisher": { "@type": "Organization", "name": "Mnemom", "url": "https://www.mnemom.ai" }, "url": "https://www.mnemom.ai/for-agents", "mainEntity": { "@type": "ItemList", "itemListElement": [ { "@type": "ListItem", "position": 1, "name": "Every core marketing page returns prerendered HTML", "description": "Agents that render HTML — search crawlers, Anthropic Computer Use, Browserbase, and headless evaluators — see the full page content on every core marketing route without executing JavaScript. The prerender set is enumerated in STATIC_MARKETING_PATHS in react-router.config.ts and mirrored across the four EFIGS locales (fr / de / it / es). Two classes ship as shell-only by design and are named publicly here, not hidden&#58; blog index pages, whose post lists hydrate via TanStack Query against api.mnemom.ai, and the legal triad (/privacy /terms /cookies), whose policy bodies render via Termly's third-party embed SDK. The prerendered &lt;h1&gt; and surrounding chrome are present on both — what this verifier asserts. Auth-gated SPA surfaces (/dashboard, /admin, /settings/*) are intentionally outside this commitment; they have no anonymous public view.\n", "identifier": "prerendered-content" }, { "@type": "ListItem", "position": 2, "name": "agents.txt, llms.txt, and llms-full.txt are always available", "description": "Three discovery files at the site root: a hand-crafted second-person pitch (agents.txt), a curated index of every URL with descriptions (llms.txt), and the same with full descriptions (llms-full.txt). All three return 200 with text/plain content type. Always.\n", "identifier": "discovery-files" }, { "@type": "ListItem", "position": 3, "name": "Every prerendered marketing page contains valid, locale-aware JSON-LD", "description": "JSON-LD gives agents a typed graph of who published what, when, and how the page relates to other entities. v1.3 expands coverage from /for-agents to every prerendered marketing route in every locale&#58; a primary entity per page (Organization + WebSite + WebPage on the home page; Product on /pricing; WebApplication on /showcase and /arena; HowTo on /how-it-works; CollectionPage on /research, /directory, /teams/directory; Article / ScholarlyArticle / TechArticle across the rest), plus a BreadcrumbList companion on every page. Required keys per primary entity&#58; \"@context\", \"@type\", \"name\", \"description\", \"url\", \"inLanguage\", and one of \"dateModified\" / \"datePublished\". Locale-aware fields (name, description, url, inLanguage) come from the active route's :lang? param; technical identifiers (publisher name, schema.org @type) stay English.\n", "identifier": "structured-data" }, { "@type": "ListItem", "position": 4, "name": "Every prerendered marketing page has a markdown variant", "description": "Agents that prefer plaintext save ~80% on tokens versus rendering HTML. Every prerendered route is also served as markdown via content negotiation (Accept&#58; text/markdown) and at the explicit &lt;path&gt;.md URL. Same content; navigation chrome stripped.\n", "identifier": "markdown-mirror" }, { "@type": "ListItem", "position": 5, "name": "Anonymous and bot user-agents receive equivalent content", "description": "Agents identifying as ClaudeBot, GPTBot, PerplexityBot, or anonymous get the same prerendered HTML a browser receives. Mnemom never serves different content to bots versus humans — no cloaking, no UA-gated paywalls, no hidden detail.\n", "identifier": "no-cloaking" }, { "@type": "ListItem", "position": 6, "name": "AAP and AIP remain Apache 2.0", "description": "The Agent Alignment Protocol (AAP) and Agent Integrity Protocol (AIP) are open source under Apache 2.0. The verification logic that backs every Mnemom claim is auditable by anyone, forever. We will never relicense to a more restrictive form.\n", "identifier": "open-protocols" }, { "@type": "ListItem", "position": 7, "name": "docs.mnemom.ai serves markdown via content negotiation and explicit .md URLs", "description": "The integration documentation surface (docs.mnemom.ai) honors Accept&#58; text/markdown and serves the same content at &lt;path&gt;.md, with discovery headers (Link rel=\"llms-txt\", X-Llms-Txt) advertising the auto-generated llms.txt and llms-full.txt indexes. Cuts crawl tokens roughly 30x for agents that walk the docs. Same site, same content, machine-readable view-shape — no special API key, no robots.txt blocking.\n", "identifier": "docs-markdown-negotiation" }, { "@type": "ListItem", "position": 8, "name": "Every public Mnemom repo has an AGENTS.md at its root", "description": "Anthropic's AGENTS.md convention. Coding agents (Claude Code, Cursor, Cline, Aider) cloning a public Mnemom repo find a tailored entry point alongside README.md — install/test/build commands, project layout, conventions, what NOT to do. Different audience from agents.txt and from this page (both target agents *using* the product); AGENTS.md targets agents *working on* the codebase. Coverage is the six public canonical repos&#58; aap, aip, aip-otel-exporter, mnemom-types, reputation-check, docs. (mnemom-platform was deliberately taken private in June 2026; it still ships AGENTS.md, as do all private repos, but only public ones are externally verifiable.)\n", "identifier": "agents-md-discovery" }, { "@type": "ListItem", "position": 9, "name": "These commitments are re-verified nightly against production", "description": "A commitment without enforcement is marketing. Every commitment above is checked nightly by a GitHub Actions watchdog running this same manifest. Results are written to agent-readiness-status.json, committed to main, and surfaced as a status badge at the top of /for-agents. If verification fails, a GitHub issue auto-opens and the badge turns red.\n", "identifier": "public-verification" }, { "@type": "ListItem", "position": 10, "name": "Pricing tiers agree with themselves across every surface", "description": "Agents reading mnemom.ai get one price per tier — never a $79 claim on the homepage FAQ and a $99 Offer schema on /pricing in the same crawl. JSON-LD Offers, schema descriptions, markdown mirrors, and the rendered DOM all carry the same number. Built after a May 2026 audit found Team-tier prices disagreeing on the same domain, the exact failure class our Coherence Report would flag against a competitor.\n", "identifier": "pricing-coherence" }, { "@type": "ListItem", "position": 11, "name": "sitemap.xml lastmod never lags the page's JSON-LD dateModified", "description": "Crawlers prioritize sitemap lastmod for re-crawl scheduling. If the sitemap says 2026-01-15 while the page's JSON-LD says 2026-05-08, we're under-signaling freshness to exactly the LLM-crawler audience this commitment is courting. The fix: sitemap lastmod is derived per-deploy from each route's JSON-LD dateModified (server/routes/sitemap.ts reads route-dates.json, written at build time by scripts/build-route-dates.mjs), so by construction lastmod >= dateModified.\n", "identifier": "sitemap-freshness" }, { "@type": "ListItem", "position": 12, "name": "Every URL has a structured preview manifest", "description": "OG images are a human-facing preview surface. Markdown mirrors are an agent-facing full-content surface. The gap between them — a one-fetch typed summary an agent can ingest without rendering HTML or parsing markdown — is the agent-preview/v1 manifest. Every prerendered URL on mnemom.ai exposes a sibling <url>.preview.json with the same fields humans see in the OG image, but structured: title, summary, type, representations (html / markdown / image / json_ld), per-type context (author, reading time, agent grade, coherence-report status, etc.), and a publisher pointer back to the agent-readiness manifest. The schema is versioned, MIME-typed (application/vnd.agent-preview+json), and discoverable via <link rel=\"alternate\"> in every page's head. Mnemom is the reference implementation; the spec is vendor-neutral so other sites can adopt it.\n", "identifier": "preview-surface" }, { "@type": "ListItem", "position": 13, "name": "trust.mnemom.ai ships the same agent-readability surface as the apex", "description": "The Trust Center moved to its own subdomain (trust.mnemom.ai) to canonicalize the security/compliance pages independently of the marketing apex — a pattern that matches Cloudflare, Stripe, and OpenAI. Every standing /for-agents commitment that applies to the apex (markdown mirror, preview manifest, JSON-LD, agents.txt / llms.txt discovery) applies to the trust subdomain too, in all five EFIGS locales. No English-fallback hand-waving on a regulator-facing surface.\n", "identifier": "trust-subdomain-surface" }, { "@type": "ListItem", "position": 14, "name": "Private coherence-report share-links are shielded from crawlers and indexers", "description": "Pre-claim, /r/&lt;slug&gt; URLs are private shareable links to a named client. Anyone with the URL can visit it in a browser (that's the point — the URL is the access-control mechanism per ADR-043), but the content is potentially sensitive to the client and MUST NOT be read by AI training crawlers, indexers, or shared into public search results. Coherence reports synthesize publicly-available information into commentary that may be unflattering to the subject org; they are produced as a courtesy to the client and are deliberately invisible to crawlers, indexers, and agents. Five layered defenses&#58; (L1) public/robots.txt disallows /r/ for every named crawler User-agent, including the 14 AI bots we explicitly opt INTO the marketing surface; (L2) netlify.toml sets X-Robots-Tag&#58; noindex, nofollow, noarchive, nosnippet, noimageindex on every /r/* response; (L3) a Netlify edge function (netlify/edge-functions/r-shield.ts) hard-403s the 21 named crawler + indexer User-agents AND any UA matching the generic bot|crawler|spider|agent pattern (defense-in-depth for honest agents not on our explicit allowlist) at the edge with no SPA shell; (L4) the same edge function serves a generic on-brand coherence-report OG card to humans + share-previewers, with NO slug-lookup, so fake-vs-real slugs produce byte-identical responses (ADR-043 side-channel preserved); (L5) the privacy invariant: /r/&lt;slug&gt; intentionally has no machine-readable mirror — .md, .preview.json, and .json variants return 404, not shielded content, so honest agents reading a coherence-report URL through any of those discovery mechanisms get an unambiguous \"this surface is not for you\" signal. The blocklist single source of truth is the inlined arrays in netlify/edge-functions/r-shield.ts (Netlify's bundler rejects underscore-prefixed sibling helper modules, so SSOT and consumer share one file); every entry carries a provenance comment naming the vendor + their documented crawler page. This is the private-surface complement to the marketing-surface stance below (\"we do not block crawlers\").\n", "identifier": "r-shield-enforcement" }, { "@type": "ListItem", "position": 15, "name": "Mnemom permits AI model training on public marketing content", "description": "Mnemom's public marketing surfaces (mnemom.ai, docs.mnemom.ai, trust.mnemom.ai) are open for AI model training, retrieval-augmented generation, fine-tuning, and derived works. No permission required, no API key needed, no attribution fee. We ask (but do not require) that training datasets credit Mnemom when citing research papers or integration code. The stance is published in three places that this verifier asserts agree&#58; (1) public/robots.txt header (\"training-data consumption by design\"), (2) public/agents.txt metadata block (`training_data_policy: allowed`), (3) this commitment body. The PRIVATE surface stance — coherence reports at /r/&lt;slug&gt; — is the opposite (see commitment #13) and is independently enforced. This commitment is about the marketing surface only.\n", "identifier": "ai-training-stance" }, { "@type": "ListItem", "position": 16, "name": "Every prerendered page emits a complete Open Graph + Twitter Card", "description": "Social-preview metadata is the human-facing companion to the machine-readable JSON-LD (#3) and markdown-mirror (#4) surfaces. Every prerendered marketing route emits at minimum&#58; og:title, og:description, og:image, og:url, og:type, twitter:card, twitter:title, twitter:description, twitter:image. The route-meta.ts emitter is the single source of truth; this verifier samples representative prerendered routes (apex, pricing, methodology, how-it-works, showcase, for-agents, plus two EFIGS variants) and asserts every required meta tag is present and has a non-empty content attribute. Catches drift if a route's `meta` export accidentally omits a field or if route-meta.ts loses a tag during refactor.\n", "identifier": "og-twitter-coverage" }, { "@type": "ListItem", "position": 17, "name": "/.well-known/ discovery files are well-formed and standards-compliant", "description": "The `/.well-known/` namespace is where agents look for machine-readable discovery surfaces without prior knowledge. This verifier asserts several of them are well-formed&#58; (1) `/.well-known/security.txt` is RFC 9116-compliant — required fields (Contact, Expires, Canonical) present, Expires in the future, and Preferred-Languages enumerating every locale the site ships in (en, fr, de, it, es) so reports can land in any of those, anything less narrowing the disclosure channel below the customer surface; (2) `/.well-known/api-catalog` (RFC 9727) is a valid linkset pointing at the live OpenAPI 3.1 spec; (3) `/.well-known/oauth-protected-resource` (RFC 9728) names the www.mnemom.ai origin as a protected resource (same-origin) and lists its authorization servers; (4) `/.well-known/oauth-authorization-server` (RFC 8414) is valid JSON with a well-formed issuer and an `agent_auth` registration profile; and (5) `/.well-known/agent-card.json` is a valid A2A-style service card. The public MCP server card at `.well-known/mcp/server-card.json` is now present and points at the live `https://api.mnemom.ai/mcp` control-plane endpoint; it is validated by the dedicated `mcp-server` verifier (see roadmap — live and soaking toward a numbered commitment), not by this one, which keeps each verifier scoped to one surface cluster.\n", "identifier": "well-known-surfaces" }, { "@type": "ListItem", "position": 18, "name": "API, auth, and agent-skill discovery surfaces are published and resolvable", "description": "An agent that lands on www.mnemom.ai with no prior knowledge can now discover the API, how to authenticate against it, and what skills it can invoke — entirely from standard discovery files. `/.well-known/api-catalog` (RFC 9727) is a linkset whose service-desc points at the live OpenAPI 3.1 contract at api.mnemom.ai/openapi.json. Authentication is described honestly&#58; Mnemom delegates token issuance to Supabase GoTrue and mints no OAuth tokens of its own, so `/.well-known/oauth-protected-resource` (RFC 9728) names the www.mnemom.ai origin as the protected resource (same-origin, as RFC 9728 requires; the API surface has its own origin-matched PRM at api.mnemom.ai) and lists its authorization servers (Mnemom's first-party AS metadata at www.mnemom.ai plus the upstream Supabase GoTrue issuer). `/.well-known/oauth-authorization-server` (RFC 8414) declares issuer https://www.mnemom.ai, points its token / authorize / jwks endpoints at that upstream Supabase IdP, and carries an `agent_auth` profile describing Mnemom's agent-registration flow (POST /v1/agents → claim). `/auth.md` is the human- and agent-readable auth guide — it states plainly that the two real schemes are a Supabase-issued bearer JWT and a Mnemom `mnm_`-prefixed API key, documents the agent-registration flow, and clarifies that Mnemom mints no OAuth tokens of its own. Invokable skills are listed under `/.well-known/agent-skills/*`, each backed only by a real public endpoint, and `/.well-known/agent-card.json` is an A2A-style service card describing the same surface. HTTP `Link` headers on the relevant routes advertise these so an agent can find them from the response headers alone. Every URL named here resolves to something real today; nothing is aspirational.\n", "identifier": "api-auth-discovery" } ] }, "subjectOf": [ { "@type": "WebPage", "name": "agents.txt", "url": "https://www.mnemom.ai/agents.txt", "description": "Second-person pitch to agents. English. Plaintext. Hand-crafted." }, { "@type": "WebPage", "name": "llms.txt", "url": "https://www.mnemom.ai/llms.txt", "description": "Curated map of every marketing URL, with one-line descriptions." }, { "@type": "WebPage", "name": "llms-full.txt", "url": "https://www.mnemom.ai/llms-full.txt", "description": "Same map with full descriptions for deeper crawls." }, { "@type": "WebPage", "name": "docs.mnemom.ai/for-agents", "url": "https://docs.mnemom.ai/for-agents", "description": "Integration documentation. Quickstarts, SDK, gateway, self-hosted. Every page also at <path>.md and via Accept&#58; text/markdown." }, { "@type": "WebPage", "name": "docs.mnemom.ai/llms.txt", "url": "https://docs.mnemom.ai/llms.txt", "description": "Auto-generated llms.txt index for the docs surface. Pair with llms-full.txt for full-description crawls." }, { "@type": "WebPage", "name": "docs.mnemom.ai/llms-full.txt", "url": "https://docs.mnemom.ai/llms-full.txt", "description": "Full-description index of every docs page, suitable for high-context retrieval." }, { "@type": "WebPage", "name": "/claim", "url": "https://www.mnemom.ai/claim", "description": "Claim a verifiable identity in the Mnemom Trust Directory." }, { "@type": "WebPage", "name": "/.well-known/alignment-card.json", "url": "https://www.mnemom.ai/.well-known/alignment-card.json", "description": "Mnemom's own AAP (Agent Alignment Protocol) public card. JSON, served per the AAP spec for cross-agent discovery and value-coherence handshakes. Content-Type&#58; application/json." }, { "@type": "WebPage", "name": "/.well-known/api-catalog", "url": "https://www.mnemom.ai/.well-known/api-catalog", "description": "RFC 9727 linkset pointing at the live OpenAPI 3.1 spec (api.mnemom.ai/openapi.json), the docs, the protected-resource metadata, and status. Content-Type&#58; application/linkset+json." }, { "@type": "WebPage", "name": "/.well-known/oauth-protected-resource", "url": "https://www.mnemom.ai/.well-known/oauth-protected-resource", "description": "RFC 9728 protected-resource metadata for the www.mnemom.ai origin (same-origin resource; the Mnemom API surface has its own origin-matched PRM at api.mnemom.ai). Lists the authorization servers (Mnemom's first-party AS metadata at www.mnemom.ai plus the upstream Supabase GoTrue issuer) and points at auth.md. Content-Type&#58; application/json." }, { "@type": "WebPage", "name": "/.well-known/oauth-authorization-server", "url": "https://www.mnemom.ai/.well-known/oauth-authorization-server", "description": "Mnemom's first-party authorization-server metadata (RFC 8414, issuer https://www.mnemom.ai). Delegates token issuance to the upstream Supabase GoTrue IdP — Mnemom mints no OAuth tokens of its own — and carries an agent_auth profile describing the agent-registration flow. Content-Type&#58; application/json." }, { "@type": "WebPage", "name": "/auth.md", "url": "https://www.mnemom.ai/auth.md", "description": "Human- and agent-readable authentication guide. Documents the two real schemes (Supabase-issued bearer JWT and mnm_ API key), the agent registration flow, and states plainly that Mnemom delegates token issuance to Supabase and mints no OAuth tokens of its own. Content-Type&#58; text/markdown." }, { "@type": "WebPage", "name": "/.well-known/agent-skills/index.json", "url": "https://www.mnemom.ai/.well-known/agent-skills/index.json", "description": "Index of invokable agent skills, each backed by a real public Mnemom API endpoint, with per-skill SKILL.md manifests. Content-Type&#58; application/json." }, { "@type": "WebPage", "name": "/.well-known/agent-card.json", "url": "https://www.mnemom.ai/.well-known/agent-card.json", "description": "A2A-style service card describing the Mnemom API, its security schemes, and its skills for cross-agent discovery. Content-Type&#58; application/json." }, { "@type": "WebPage", "name": "api.mnemom.ai/v1/trust/iocs", "url": "https://api.mnemom.ai/v1/trust/iocs", "description": "Public STIX 2.1 indicator-of-compromise bundle. Live; empty at GA by design (the system tells the truth). Filter by ?type=&lt;indicator-type&gt; and ?after=&lt;ISO-8601&gt;. Content-Type&#58; application/stix+json;version=2.1." }, { "@type": "WebPage", "name": "api.mnemom.ai/v1/network/threat-state", "url": "https://api.mnemom.ai/v1/network/threat-state", "description": "Per-axis network threat-level JSON (substrate / vertical / pattern / source) with totals and per-bucket state transitions. Live. Requires an authenticated session. Content-Type&#58; application/json." }, { "@type": "WebPage", "name": "api.mnemom.ai/v1/trust/advisories", "url": "https://api.mnemom.ai/v1/trust/advisories", "description": "Post-incident advisory JSON list — title, summary, severity, slug, published_at. Live; one synthetic GA-seed advisory at launch by design. Per-advisory body at /v1/trust/advisories/&lt;slug&gt;. Content-Type&#58; application/json." }, { "@type": "WebPage", "name": "/.well-known/mcp/server-card.json", "url": "https://www.mnemom.ai/.well-known/mcp/server-card.json", "description": "MCP server card (MCP server.json shape) advertising the live control-plane MCP server. Point any MCP client at the remote it names. Content-Type&#58; application/json." }, { "@type": "WebPage", "name": "api.mnemom.ai/mcp", "url": "https://api.mnemom.ai/mcp", "description": "Control-plane MCP server (streamable-HTTP). 62 tools mirroring the mnemom CLI — Trust Ratings, Alignment &amp; Protection Cards, governance signals, postures, teams, webhooks, API keys. tools/list is public; tool execution authenticates as the REST API (Bearer JWT or X-Mnemom-Api-Key)." }, { "@type": "WebPage", "name": "docs.mnemom.ai/mcp", "url": "https://docs.mnemom.ai/mcp", "description": "Read-only docs-search MCP server (streamable-HTTP). Tools&#58; search_mnemom_docs and query_docs_filesystem over the documentation and the OpenAPI spec. No auth." } ] }
```

---
_Source: /fr/for-agents/index.html · Generated by build-markdown-mirrors.mjs · For agent-readability commitment #4 see https://www.mnemom.ai/for-agents/_