Guides
Practical, evergreen notes on making a domain and a repository legible to agents. Each guide ends where the whole site does: with a way to verify the claim yourself — probe before you trust.
Secure MCP: building AI apps on tooling you can trust
What actually makes AI-app tooling secure — OAuth over shared keys, no permission flattening, verify before you trust. A concrete checklist for choosing MCP servers and gateways.
Agents and compliance: ISO 27001, SOC 2, and the EU AI Act
Granular scopes and per-call audit trails turn agent access from a compliance blocker into a controlled surface. How the controls map to ISO 27001, SOC 2 and the EU AI Act.
llms.txt done right
The format, the anti-patterns (sitemap dumps, marketing prose, HTML served as 200), an annotated real example, and how to verify it.
AGENTS.md: make your repo agent-verifiable
Pair every claim with the command that proves it, so agents and skeptical humans trust what they can run instead of what you assert.
MCP discovery in practice (RFC 9728)
The 401 challenge, the token-less walk to protected-resource and authorization-server metadata, and the deployment scars that break it.
More as the space earns them. Verify anything here with the checker.