Owner-controlled agent access

Ajar Protocol

Open websites to AI agents under owner-controlled policy.

Ajar is a protocol layer over HTTPS for agent-readable content, typed actions, delegated authority, verifiable receipts, and metered access. Owners publish signed manifests; agents verify before they read or act.

v0.1 draft · Phase 1 (Gateway MVP) in progress · Apache-2.0 / CC-BY-4.0

Needs to primitives

Ajar standardizes the owner-side contract agents need before they can safely consume content, request actions, and account for outcomes.

Meaning

Semantic Views served from the same URLs as HTML

Actions

Typed Actions with R0-R3 risk classes

Safety

SIMULATE dry runs and two-phase Offer/Commit

Authority

Principal-signed Mandates with scope, caps, expiry, and revocation

Accountability

Dual-signed Receipts and audit trails

Economics

402-native metering with pluggable settlement

How it works

01

Owner installs a Gateway, plugin, or native integration.

02

Owner reviews and signs Views, Actions, policy, pricing, and gates.

03

Manifest is published at /.well-known/ajar.json.

04

Agents verify, read, simulate, commit, and retain receipts.