SharePlane curated thesis artifact
Agent-Readable Web
HTML, HTMX, NLWeb, MCP, and the Shift from Search Clicks to Agent-Mediated Discovery
Executive scan mode
What changed, why it matters, and what to do next.
This mode gives the thesis in under 60 seconds: discovery is moving from destination clicks toward retrieval, citation, first-party question answering, and controlled agent access.
What changed
Ranking and clicks still matter, but AI answer surfaces, source citations, agent queries, and crawler policy classes now form separate visibility and control surfaces.
Key implication
The public website becomes a canonical evidence layer. It must be readable to people, structured for machines, traceable through source tiers, and safe to expose to agents.
What to do next
Normalize semantic HTML first, add machine-readable mirrors and provenance second, pilot NLWeb for first-party questions third, and begin MCP as read-only retrieval before any writes.
/ask only after the corpus is structured enough to answer from first-party content./mcp for controlled tools, read-only first, governed writes later.Thesis reading view
The thesis, in plain architecture language.
A coherent article-style reading path for readers who want the argument without panels, matrices, or prompt blocks.
Websites are not dead. The weaker claim is that websites matter only as destinations where a person arrives after a search click. That model still exists, but it is no longer enough to describe how public information is discovered, summarized, cited, queried, and acted on.
The more durable claim is architectural: destination UI is becoming less central while public pages become more important as evidence surfaces. A serious public page is the place a human can inspect the claim, the place a search system can crawl, the place an answer system can retrieve, and the place an agent can begin to understand what a site authoritatively says.
That does not mean replacing the page with a protocol. It means layering the page. Semantic HTML remains the trust surface because it is visible, linkable, accessible, and reviewable. Structured mirrors such as Markdown, JSON, and JSON-LD make the same public meaning easier for models and retrieval systems to ingest without reverse-engineering a visual layout.
NLWeb adds a query layer when the corpus is mature enough to answer questions from first-party content. MCP adds a controlled tool layer when an agent needs to retrieve, compare, validate, or eventually act through explicit operations. Those are different jobs. Protocol-chasing collapses them into fashion. Architecture keeps them separate.
The governance layer is what prevents the stack from becoming reckless. Search, Agent, Training, authenticated read, and authenticated write traffic should not share one blunt policy. Search can be allowed while training is restricted. Agent access can start with read-only retrieval. Authenticated writes can wait until identity, scope, confirmation, audit logs, rollback, and rate limits exist.
The recommended posture is layered, not hype-driven: build trustworthy pages first, add model-readable mirrors second, attach source and claim governance third, pilot query endpoints fourth, expose read-only agent tools fifth, and delay governed writes until the control plane can prove what happened and why.
Guided explainer mode
From destination UI to evidence surface and service boundary.
The durable pattern is not HTML versus HTMX versus NLWeb versus MCP. The durable pattern is a layered public surface with clear jobs for each layer.
Classic web strategy assumed a person searched, clicked a result, landed on a page, and acted there. That path still exists, but it is no longer the only path that matters. Answer systems may retrieve and summarize without a click. Agents may inspect the DOM, ask a site-specific endpoint, or call a controlled tool. Infrastructure providers may separate Search, Agent, and Training traffic rather than treating all AI crawlers as one policy class.
Why it matters: if the page is only a visual destination, it is weak evidence for every non-human system that now mediates discovery. If the page is semantic, mirrored, source-backed, queryable, and governed, it becomes an inspectable control surface.
Evidence compression
Traffic signals support a shift, not a simplistic collapse story.
The cited traffic and research sources are treated as ecosystem signals. They do not guarantee performance for any one site.
Zero-click pressure
SparkToro and Similarweb report that a large share of Google searches end without a click, supporting the claim that click dependency is fragile.
Referral decline
Axios, citing Chartbeat, reports search referral declines across publisher sizes while chatbot referrals remain too small to offset the shift.
Ranking is not citation
Ahrefs and academic studies indicate that AI Overview citations do not map cleanly to classic top-ten organic ranking.
CTR rebound signal
Seer Interactive reports a partial CTR rebound on AI Overview-present queries, which prevents a one-note doom conclusion.
Interpretation: traffic is not uniformly collapsing, but ranking alone no longer describes the whole discovery path. Citation, retrieval, source authority, and agent access become separate disciplines.
Google and platform signal
AI visibility is becoming measurable surface area.
Google's posture
Google's generative AI optimization guidance keeps SEO fundamentals in scope: useful content, crawlability, clear technical structure, semantic HTML where practical, page experience, and JavaScript SEO hygiene. It warns against treating AEO or GEO as a separate hack layer.
Search Console signal
Google's Search Generative AI performance reports support the claim that AI exposure is now a measurement surface with pages, countries, devices, dates, and impressions for generative AI features where available.
Bounded conclusion: AI visibility should be measured separately from classic clicks. It should not be treated as a guaranteed traffic replacement.
Agent-friendly website layer
Agent readiness looks like disciplined web craft.
Semantic structure
Stable headings, landmarks, labels, tables, lists, and real links reduce ambiguity for humans, crawlers, screen readers, and agents inspecting the DOM or accessibility tree.
Visible state
Controls should be large enough, labeled enough, and stable enough that a browser-use agent or human reviewer can tell what changed after interaction.
Progressive paths
Critical content should not require hover states, animation timing, invisible script state, or fragile client-only routing to be understood.
Protocol stack section
Each layer has a job. Do not flatten the stack.
| Layer | Job | Use when | Boundary |
|---|---|---|---|
| HTML | Public trust surface | Always for public artifacts | Must remain complete, semantic, accessible, and readable without JavaScript. |
| HTMX | Progressive interaction | When server-rendered fragments simplify UX | HTMX is not an AI protocol and must not be the canonical data layer. |
| Markdown/JSON | Model-readable substrate | When retrieval and reuse need clean structure | Mirrors should reflect validated source content, not introduce new claims. |
| NLWeb | Natural-language site query | When a structured corpus can answer with sources | Use /ask for first-party answers, not write actions. |
| MCP | Controlled tools and data | When agents need explicit operations | Start read-only; write actions require identity, scope, confirmation, logging, and rollback. |
| A2A | Agent-to-agent coordination | When multiple agents need capability discovery and collaboration | Later-stage coordination, not the first publishing layer. |
| UCP | Agentic commerce | When commerce and proof of user consent enter scope | Not required for ordinary publication or evidence surfaces. |
HTMX deep dive
HTMX helps the page behave. It does not make a site agent-native.
What HTMX is
HTMX gives HTML access to AJAX, CSS transitions, WebSockets, and Server-Sent Events through attributes. It fits a hypermedia model where the server returns HTML fragments and owns truth.
What HTMX is not
HTMX is not an AI protocol. HTMX is not equivalent to NLWeb. HTMX is not equivalent to MCP. HTMX is not automatically agent-native.
Correct rule: every interactive path should degrade to a normal URL, normal form, or documented endpoint.
NLWeb deep dive
NLWeb is the site answer layer.
Microsoft positions NLWeb as an open project for natural-language interfaces for websites. The NLWeb specification defines an ask interface and transport-neutral JSON structures, while the reference implementation uses Schema.org and can expose MCP-compatible access. Cloudflare's AI Search documentation describes practical /ask and /mcp endpoint deployment for experimentation.
Boundary explanation: NLWeb lets users and agents ask the site and receive first-party answers from structured content. It is not the same as a general tool protocol and should not be used as a shortcut around provenance.
MCP deep dive
MCP is the controlled tool layer. Treat it as an attack surface.
Use MCP for explicit operations
Good starting tools include search artifacts, get artifact, get Markdown, get sources, get claim evidence, compare versions, list releases, list issues, and validate manifests.
Start read-only
MCP tool descriptions, tool outputs, permissions, and agent reasoning are part of the control loop. Write actions require authorization, scoped identity, human confirmation, audit logs, rollback, rate limits, and allowlisted operations.
A2A and UCP
Coordination and commerce come later.
A2A
Google's Agent2Agent protocol is relevant when multiple specialized agents need to communicate, discover capabilities, negotiate modalities, and coordinate long-running tasks. It complements MCP, but it is not the first move for this artifact.
UCP
Google's Universal Commerce Protocol matters when agentic commerce enters the picture. For a source-governed public library, the immediate priority remains HTML, mirrors, provenance, NLWeb, and read-only MCP.
Risk boundary section
Agent access needs guardrails before power.
Browser-use agents are useful, but arbitrary pages, hidden instructions, synthetic sources, and broad tools make uncontrolled action unsafe.
Prompt injection
Malicious webpage text, metadata, or invisible instructions can try to redirect agent behavior.
Synthetic sources
Generative systems can cite AI-generated or unsupported sources, creating provenance risk.
Read-only MCP
Begin with retrieval, validation, comparison, and manifest inspection before exposing mutation.
Governed writes
Writes require scoped identity, explicit confirmation, logs, rollback, rate limits, and allowlists.
If the agent cannot explain the evidence, permission, and expected outcome, it should not act.
Recommended architecture
Agent-Readable Public Surface.
Practical roadmap
Six phases from readable pages to governed agent actions.
Normalize pages
Semantic HTML, stable anchors, accessible structure, citations, version metadata, canonical URLs, sitemap, RSS, Open Graph, and JSON-LD baseline.
Add mirrors
Add index.md, artifact.json, artifact.jsonld, sources.json, manifest.json, claim-map.json, and citation-map.json where useful.
Add source governance
Classify source roles, evidence type, confidence, retrieval dates, claim support, citation maps, and validation receipts.
Pilot NLWeb
Expose /ask only when answers can be grounded in first-party structured content with source return and refusal behavior.
Pilot read-only MCP
Start with search, retrieval, source inspection, version comparison, and validation tools.
Governed actions later
Add writes only after auth, scopes, confirmation, audit logging, rate limits, allowlists, rollback, prompt-injection testing, and security review.
Visual prompt suite
Five concepts, ten copy-ready prompt blocks.
Each concept includes a mainline white prompt and a dark expressive prompt. Prompt text remains readable and selectable without JavaScript; native details provide collapse and expand affordance, and copy buttons are progressive enhancement.
Visual concept 1
Main architecture stack
Variants: mainline white and dark expressive. Purpose: explain the Agent-Readable Public Surface.
Create a premium 16:9 white-background technical explainer diagram titled "Agent-Readable Public Surface". Subtitle: "Pages humans can trust, documents models can ingest, endpoints agents can query, and tools agents can use safely." Visible section headers: - "Human trust surface" - "Model substrate" - "Discovery layer" - "Evidence layer" - "Conversation layer" - "Agent tool layer" - "Governance layer" Visible labels: - "Semantic HTML" - "Accessible structure" - "Markdown mirror" - "JSON / JSON-LD" - "Sitemap" - "RSS / Atom" - "Source manifest" - "Claim map" - "NLWeb /ask" - "MCP /mcp" - "Search" - "Agent" - "Training" - "Authenticated actions" Visible callouts: - "HTML remains the public trust surface." - "Markdown and JSON make the page model-readable." - "NLWeb lets the site answer from first-party content." - "MCP exposes controlled tools, read-only first." - "Traffic policy separates search, agents, and training." Layout and composition: A layered vertical architecture stack with seven horizontal bands. Use subtle connectors flowing downward from human-facing HTML to model substrate, then to discovery, evidence, conversation, agent tools, and governance. Include a right-side "control spine" showing provenance, version, source authority, and validation running through all layers. Make the diagram text-dense enough to stand alone. Visual grammar: Editorial technical atlas. White trust surface at the top, gray substrate layers below, a black provenance rail on the right, and red control-boundary ribbons wherever policy or permission is involved. Use labeled callout ribbons and dense but legible explanatory text. Palette and style: Dominant near-white and white background, charcoal and black typography, gray panels, thin black rules, red primary accent. Use blue, green, or amber only as tiny semantic status marks, not as the brand palette. High-end product documentation quality. Visible text constraints: Render only the specified title, subtitle, section headers, labels, and callouts. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Layered architecture showing how a public website becomes human-readable, model-readable, queryable through NLWeb, callable through MCP, and governed by search, agent, and training policy.
Create a premium 16:9 dark-background technical explainer diagram titled "Agent-Readable Public Surface". Subtitle: "The website becomes a governed evidence and agent interface, not just a destination UI." Visible section headers: - "Human trust surface" - "Model substrate" - "Discovery layer" - "Evidence layer" - "Conversation layer" - "Agent tool layer" - "Governance layer" Visible labels: - "Semantic HTML" - "Accessible structure" - "Markdown mirror" - "JSON / JSON-LD" - "Sitemap" - "RSS / Atom" - "Source manifest" - "Claim map" - "NLWeb /ask" - "MCP /mcp" - "Search allowed" - "Agent controlled" - "Training governed" - "Write actions gated" Visible callouts: - "Trust starts with visible public HTML." - "Models need clean mirrors, not layout archaeology." - "Agents need typed interfaces, not mystery clicks." - "Governance decides who can read, learn, query, or act." Layout and composition: A dark layered systems map with seven stacked bands and thin luminous connectors. Include a central "provenance spine" crossing all layers. The visual should feel like a serious architecture board, not a sci-fi dashboard. Make the text substantial enough for standalone teaching. Visual grammar: Black technical infrastructure board. Graphite substrate layers, near-white trust surface labels, red control spine, red permission gates, gray evidence rails, and restrained callout ribbons. Dense but legible, like an architectural field manual rather than a sci-fi dashboard. Palette and style: Dominant black and graphite background, lifted gray panels, near-white typography, red primary accent, black provenance rail, and restrained secondary colors only where semantically useful. No neon, no cyberpunk glow, no generic dashboard blocks. Visible text constraints: Render only the specified title, subtitle, section headers, labels, and callouts. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Dark mode architecture stack showing semantic HTML, model-readable mirrors, discovery feeds, source evidence, NLWeb queries, MCP tools, and governed action boundaries.
Visual concept 2
Traffic and policy shift
Variants: mainline white and dark expressive. Purpose: explain the move from search clicks to agent-mediated discovery.
Create a premium 16:9 white-background explainer infographic titled "From Search Clicks to Agent-Mediated Discovery". Subtitle: "Ranking still matters, but citation, retrieval, source authority, and agent access are becoming separate disciplines." Visible section headers: - "Classic search model" - "AI answer surface" - "Agent-mediated discovery" - "Governed access policy" Visible labels: - "Rank" - "Snippet" - "Click" - "Retrieve" - "Summarize" - "Cite" - "Ask" - "Act" - "Search traffic" - "Agent traffic" - "Training traffic" Visible callouts: - "Click dependency is fragile." - "AI visibility must be measured separately." - "Search, agent, and training traffic should not share one blunt policy." - "The site becomes both evidence source and access boundary." Layout and composition: Left-to-right transition model. The left column shows classic search funnel: rank, snippet, click, destination page. The center shows AI answer surfaces: retrieve, summarize, cite, measure. The right shows agent-mediated discovery: ask, retrieve evidence, call tool, confirm action. A bottom policy rail separates Search, Agent, and Training into distinct governed classes. Visual grammar: Editorial atlas spread with a black provenance rail underneath the whole journey. Use red to mark the policy boundary between search, agent, training, authenticated read, and authenticated write. The evidence surface should appear as a white public document that every upstream system points back to. Palette and style: Dominant near-white and white, charcoal and black text, gray panels, red primary accent for governance and boundary lines. Secondary blue, green, and amber may appear only as small semantic route indicators. Premium whitepaper style with strong contrast. Visible text constraints: Render only the specified title, subtitle, section headers, labels, and callouts. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Infographic showing how discovery shifts from ranking and clicks toward AI retrieval, citation, agent querying, and governed traffic policy.
Create a premium 16:9 dark-background explainer infographic titled "From Search Clicks to Agent-Mediated Discovery". Subtitle: "The destination page still matters, but the control plane is moving upstream." Visible section headers: - "Search click era" - "AI answer era" - "Agent access era" - "Traffic governance" Visible labels: - "Rank" - "Click" - "Destination UI" - "Retrieve" - "Cite" - "Summarize" - "Ask" - "Tool call" - "Confirm" - "Search" - "Agent" - "Training" Visible callouts: - "Ranking alone no longer guarantees traffic." - "Citation is not the same as classic organic rank." - "Agents need controlled endpoints." - "Training access is a policy decision, not a default gift basket." Layout and composition: Three-stage horizontal journey with a policy layer beneath. Use dense explanatory labels and clear transitions. The final stage should show an agent reaching a governed endpoint rather than clicking through a visual website. Make the infographic understandable without narration. Visual grammar: Black control-plane map with three stages connected by gray rails. Use a red policy boundary underneath the journey and red confirmation gates before any action. The destination page remains visible as a white evidence surface, not a decorative website thumbnail. Palette and style: Dominant black and graphite, near-white typography, gray panels, red primary accent for policy and control. Secondary colors are sparse and semantic only. Premium technical briefing style, no neon and no sci-fi dashboard. Visible text constraints: Render only the specified title, subtitle, section headers, labels, and callouts. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Dark infographic showing the transition from search click dependency to AI answer visibility and governed agent-mediated discovery.
Visual concept 3
HTMX vs NLWeb vs MCP
Variants: mainline white and dark expressive. Purpose: prevent protocol confusion.
Create a premium 16:9 white-background comparison diagram titled "HTMX, NLWeb, and MCP Are Different Layers". Subtitle: "Interaction enhancement, site querying, and controlled agent tools solve different problems." Visible section headers: - "HTMX" - "NLWeb" - "MCP" - "Do not confuse the layers" Visible labels under HTMX: - "Progressive interaction" - "Server-rendered fragments" - "Real links" - "Real forms" - "Presentation enhancement" Visible labels under NLWeb: - "Natural-language site query" - "/ask endpoint" - "First-party answers" - "Structured responses" - "Content discovery" Visible labels under MCP: - "Controlled tools" - "/mcp endpoint" - "Read-only first" - "Scoped permissions" - "Audited actions" Visible callouts: - "HTMX is not an AI protocol." - "NLWeb lets users and agents ask the site." - "MCP lets agents use explicit tools." - "The canonical source of truth should not be DOM fragments." Layout and composition: Three vertical columns with distinct layer roles. Add a bottom warning band labeled "Correct rule" with the visible statement: "Every interactive path should degrade to a normal URL, normal form, or documented endpoint." Use arrows showing HTMX above semantic HTML, NLWeb over structured content, and MCP connected to controlled tools. Visual grammar: Protocol control-plane map. Each protocol gets a gray column, a white title plate, and a red boundary warning where a layer is often misused. Use a black foundation rail labeled semantic HTML and structured content. Palette and style: Dominant near-white and white with charcoal typography, gray panels, black foundation rail, red primary accent for the boundary rule and failure warnings. Any blue, green, or amber should be small semantic badges only. Visible text constraints: Render only the specified title, subtitle, section headers, labels, callouts, and rule statement. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Comparison diagram explaining that HTMX improves interaction, NLWeb enables natural-language site queries, and MCP exposes controlled agent tools.
Create a premium 16:9 dark-background comparison diagram titled "HTMX, NLWeb, and MCP Are Different Layers". Subtitle: "Do not make one layer carry another layer's job." Visible section headers: - "HTMX" - "NLWeb" - "MCP" - "Correct boundary" Visible labels under HTMX: - "Interaction layer" - "Server-owned state" - "HTML fragments" - "Progressive fallback" Visible labels under NLWeb: - "Conversation layer" - "/ask" - "First-party retrieval" - "Structured answers" Visible labels under MCP: - "Tool layer" - "/mcp" - "Read-only first" - "Permissioned actions" Visible callouts: - "HTMX helps the page behave." - "NLWeb helps the site answer." - "MCP helps agents use tools." - "Browser clicking is the bridge, not the destination." Layout and composition: Three dark vertical cards with strong labels, connected to a bottom foundation labeled "Semantic HTML + structured content." Include a right-side caution panel titled "Failure mode" with visible labels: "invisible state," "JavaScript-only paths," "unclear actions," "unsupported claims." Make the slide text-dense and self-explaining. Visual grammar: Graphite architecture-review board with a black substrate foundation, gray protocol columns, red caution panel, and red callout ribbons for layer-confusion risk. Text should read like high-end protocol documentation, not a vendor slide. Palette and style: Dominant black and graphite background, near-white typography, gray panels, red primary accent for risk and correct-boundary cues. Secondary colors are sparse and semantic only. Crisp borders, premium architecture-review style. Visible text constraints: Render only the specified title, subtitle, section headers, labels, and callouts. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Dark comparison slide showing HTMX, NLWeb, and MCP as separate architecture layers with a shared semantic HTML foundation.
Visual concept 4
Agent risk and safety boundary
Variants: mainline white and dark expressive. Purpose: show why typed, permissioned, auditable access matters.
Create a premium 16:9 white-background technical risk diagram titled "Agent Access Needs Guardrails". Subtitle: "Browser-use agents are useful, but typed, permissioned, auditable interfaces are safer." Visible section headers: - "Risk" - "Control" - "Safe starting posture" - "Later expansion" Visible risk labels: - "Prompt injection" - "Hidden webpage instructions" - "Synthetic sources" - "Tool poisoning" - "Stateful UI failure" - "Overbroad permissions" Visible control labels: - "Read-only first" - "Explicit confirmation" - "Scoped identity" - "Audit logs" - "Allowlisted tools" - "Rollback" - "Rate limits" - "Source provenance" Visible callouts: - "Do not let arbitrary pages steer the agent." - "Treat tool descriptions and tool outputs as attack surfaces." - "Write actions require identity, scope, confirmation, and logging." - "If the agent cannot explain the evidence, it should not act." Layout and composition: A left-to-right risk-to-control map. Left side lists threats. Center shows a boundary gate labeled "Permissioned interface." Right side lists controls and safe expansion path. Use a small bottom maturity rail: "Static read", "NLWeb ask", "Read-only MCP", "Confirmed writes", "Governed actions." Visual grammar: Architectural field manual risk plate. Threats flow through a red control boundary into gray control panels. Add a black provenance rail at the bottom and red gate markers before confirmed writes. Use labeled callout ribbons for proof, permission, and traceability. Palette and style: Dominant near-white and white, charcoal text, gray panels, black provenance rail, red primary accent for risks, gates, and control boundaries. Green or amber may appear only as tiny semantic status marks. Premium security architecture style. Visible text constraints: Render only the specified title, subtitle, section headers, labels, callouts, and maturity rail. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Risk diagram showing prompt injection, synthetic sources, tool poisoning, and UI failure mapped to read-only posture, permissions, confirmation, audit logs, and governed action controls.
Create a premium 16:9 dark-background technical risk diagram titled "Agent Access Needs Guardrails". Subtitle: "The agentic web fails when reading, reasoning, permission, and action collapse into one blurry click path." Visible section headers: - "Threat surface" - "Control boundary" - "Safe posture" - "Expansion path" Visible threat labels: - "Prompt injection" - "Invisible instructions" - "Synthetic citations" - "Tool poisoning" - "Stateful UI errors" - "Overbroad tools" Visible control labels: - "Read-only first" - "Human confirmation" - "Scoped identity" - "Audit log" - "Allowlist" - "Rollback" - "Rate limit" - "Evidence required" Visible callouts: - "Browser automation is brittle." - "Typed interfaces reduce ambiguity." - "Actions need proof, permission, and traceability." - "Trust the control boundary, not the vibe." Layout and composition: Dark security architecture board. Show threats flowing into a strong central gate labeled "Permissioned API boundary." The right side shows read-only MCP and later confirmed write tools. Include a bottom rail showing maturity stages: "Read", "Ask", "Retrieve evidence", "Validate", "Confirm", "Act." Visual grammar: Black infrastructure board with a red permission gate at center, gray threat panels on the left, gray control panels on the right, and a black evidence spine running across the bottom. The final action stage is visibly gated, not celebratory. Palette and style: Dominant black and graphite, lifted gray panels, near-white text, red primary accent for threat, permission, and action gates. Secondary colors only as semantic status ticks. Premium cyber-governance style without neon clutter or gamer UI. Visible text constraints: Render only the specified title, subtitle, section headers, labels, callouts, and maturity rail. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Dark risk architecture diagram showing agent threat surfaces routed through permissioned controls before any action is allowed.
Visual concept 5
Practical roadmap
Variants: mainline white and dark expressive. Purpose: explain build order and gating.
Create a premium 16:9 white-background roadmap infographic titled "Roadmap to an Agent-Readable Public Site". Subtitle: "Start with trustworthy pages, then add machine-readable mirrors, provenance, query endpoints, and controlled tools." Visible phase headers: - "1. Normalize pages" - "2. Add mirrors" - "3. Add source governance" - "4. Pilot NLWeb" - "5. Pilot read-only MCP" - "6. Governed actions later" Visible labels: - "Semantic HTML" - "Stable anchors" - "Accessible structure" - "index.md" - "JSON-LD" - "sources.json" - "claim map" - "citation map" - "/ask" - "grounded answers" - "/mcp" - "read-only tools" - "auth" - "confirmation" - "audit log" - "rollback" Visible callouts: - "Do not start with write tools." - "The source manifest is the trust spine." - "NLWeb answers from first-party content." - "MCP should begin as retrieval and validation." - "Governed writes come last, not first." Layout and composition: Six-phase horizontal roadmap with stacked deliverables under each phase. Include a bottom "trust spine" running across all phases with labels: "version", "source", "claim", "validation", "receipt." Make it self-contained and text-rich enough to teach the build sequence without narration. Visual grammar: Editorial technical roadmap. White phase cards sit on a black provenance rail. Red control-boundary ribbons mark the transitions into NLWeb, read-only MCP, and governed actions. The final phase should look intentionally gated, not inevitable. Palette and style: Dominant near-white and white, charcoal and black text, gray phase panels, red primary accent for governance gates and control boundaries. Secondary colors are sparse and semantic only. Premium product-roadmap and field-manual quality. Visible text constraints: Render only the specified title, subtitle, phase headers, labels, callouts, and trust spine. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Roadmap showing six phases for building an agent-readable public site, from semantic HTML to mirrors, provenance, NLWeb, read-only MCP, and later governed actions.
Create a premium 16:9 dark-background roadmap infographic titled "Roadmap to an Agent-Readable Public Site". Subtitle: "Trust first. Retrieval second. Query third. Tools fourth. Write actions last." Visible phase headers: - "1. Normalize" - "2. Mirror" - "3. Prove" - "4. Ask" - "5. Retrieve" - "6. Act later" Visible labels: - "Semantic HTML" - "Stable anchors" - "Accessibility" - "Markdown" - "JSON" - "JSON-LD" - "Source ledger" - "Claim map" - "NLWeb /ask" - "Grounded response" - "MCP /mcp" - "Read-only tools" - "Auth" - "Confirm" - "Audit" - "Rollback" Visible callouts: - "No provenance, no trust." - "No read-only baseline, no tools." - "No confirmation, no writes." - "The future-proof site is queryable, citable, verifiable, and safe to call." Layout and composition: Dark six-stage roadmap with a glowing but restrained provenance spine beneath the phases. Each phase should include visible deliverables. The final phase must be visually gated, showing that governed actions are intentionally delayed until controls exist. Visual grammar: Graphite technical infrastructure roadmap. Use a black provenance spine, gray substrate layers, red stage gates, and labeled callout ribbons. The final "Act later" phase is behind a red control boundary, making sequence and governance impossible to miss. Palette and style: Dominant black and graphite, near-white typography, lifted gray panels, red primary accent for gates, control boundaries, and "writes later." Secondary colors only where semantically useful. Premium technical strategy style, no neon and no sci-fi dashboard. Visible text constraints: Render only the specified title, subtitle, phase headers, labels, callouts, and trust spine. Do not render metadata labels such as "prompt," "visual prompt," "teaching slide," "aspect ratio," "layout notes," or "alt text." Accessibility alt-text concept: Dark roadmap showing the phased build path from semantic public pages to machine-readable mirrors, provenance, NLWeb, read-only MCP, and governed actions later.
Evidence and implementation mode
Source provenance and claim posture.
This source/provenance section separates the origin thesis, public source backing, claim posture, implementation recommendation, and evidence trail in language meant for readers, not repo maintainers.
Origin
Born from Tony's architecture thesis and lived operating experience: public pages are becoming evidence surfaces, model substrates, and governed agent access boundaries.
Source backing
Validated against official platform and protocol sources, traffic and visibility data, academic research, and agent/security materials.
Claim posture
Treats traffic and AI visibility data as ecosystem signals, not guarantees. Treats protocol docs as authority for protocol behavior. Treats implementation recommendations as architecture judgment.
Public evidence trail
Source links are provided for readers to inspect the authority trail. No private source material, raw packets, transcripts, or unpublished research work product is published on the page.
Tier 1
Platform and protocol sources: Google Search Central, Google web.dev, Cloudflare, Microsoft NLWeb, NLWeb specification and reference implementation, MCP documentation, HTMX docs, OpenAI, Anthropic, A2A, and UCP sources.
Tier 2
Traffic and visibility sources: SparkToro, Similarweb, Axios/Chartbeat, Ahrefs, and Seer Interactive. Use them as directional signals.
Tier 3
Academic and empirical sources on generative search, AI Overview behavior, MCP threats, prompt injection, secure agents, synthetic sources, and web-agent limits.
Tier 4
Secondary explainers such as Search Engine Land and Search Engine Journal are optional readability context, not primary evidence.