# www.agentic-first.co — CHANGELOG

Record of notable releases on the marketing site and the
downloadable skills it serves. The directory MCP and the canonical
schemas have their own versions (`directory_version`,
`schema_version`) reported live by
<https://directory.agentic-first.co/healthz>; this file tracks
**website + skills** changes only.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
We use ISO-8601 dates throughout. The site does not yet follow strict
SemVer at the page level — page-level changes accumulate into
periodic site releases, dated below.

---

## [2026-04-22b] — Dogfooding: agentic-first publishes itself as a sub-brand of YQUP

The standard now eats its own food: `www.agentic-first.co` — the
agentic-first standard's own marketing surface — is the **first
real-world consumer of the schema 0.2.0 sub-brand support shipped
this morning**. It declares `parent_brand: yqup.com` and the live
directory shows the full umbrella linkage with the trust boost
applied. `profiles_indexed` went from 1 (just YQUP) to 2.

### Added

- **`www/.well-known/agentic-profile.json`** — Mode 1 profile served
  at the canonical well-known URL.
  - `schema_version: 0.2.0`, `profile_kind: company`, `tier: public`.
  - `parent_brand: yqup.com`.
  - `legal_name: YQUP LTD` and the same `companies-house: 04811754`
    registry block as YQUP — agentic-first is a brand of YQUP, not
    a separate legal entity. Both pointing at the same Companies
    House record is honest and earns the parent-trust boost.
  - Evidence pointing at GitHub (the open-source repo), the
    Companies House record (the registry claim), and
    `directory.agentic-first.co/healthz` (the standard's own
    running directory is its own evidence).
  - Contact through the existing `/feedback/` form on the same
    site — quarantine file, no LLM in the read path.
- **Caddy `handle` block for `/.well-known/agentic-profile.json`** —
  pins `Content-Type: application/json; charset=utf-8` regardless
  of the Caddy version's mime sniffing on `/.well-known` paths
  (it's bitten other publishers in the wild). Adds a 5-minute
  cache header so reading agents don't hammer the origin.

### Verified live (in this order)

```
HTTP/2 200
content-type: application/json; charset=utf-8
cache-control: public, max-age=300
```

`submit_website` returned `ok: true`,
`discovery.method: "well-known-profile"`, zero validation errors,
zero validation warnings. `score_inputs` standalone:
`{completeness: 0.727, evidence_density: 0.6, verifiability: 0.667}`.

`search_companies { parent_brand: "yqup.com" }` returned the
sub-brand with every relationship signal lit:

```json
{
  "domain": "www.agentic-first.co",
  "name": "agentic-first",
  "parent_brand": "yqup.com",
  "parent_brand_indexed": true,
  "parent_brand_name": "YQUP",
  "parent_brand_verified": true,
  "brand_role": "sub_brand",
  "score_inputs": {
    "completeness": 0.727,
    "evidence_density": 0.6,
    "verifiability": 0.767,
    "parent_brand_boost": 0.1
  },
  "brand_role_notes": [
    "verifiability boosted by +0.1 because parent_brand 'yqup.com' is indexed and externally verified."
  ]
}
```

`get_company { domain: "yqup.com" }` now inflates
`brand_relationships.sub_brands: [{domain: "www.agentic-first.co",
name: "agentic-first", verified: true}]`.
`get_company { domain: "www.agentic-first.co" }` inflates
`brand_relationships.parent: {domain: "yqup.com", indexed: true,
name: "YQUP", verified: true, trust_boost: 0.1}`.

### Why this matters

Two reasons:

1. **Strongest possible social proof for any agent reading the
   standard.** When an agent fetches `www.agentic-first.co/llms.txt`
   and follows it to the directory, the standard is itself indexed
   in the directory using the standard. There is no "do as I say
   not as I do" gap.
2. **First end-to-end exercise of the sub-brand path on real
   internet traffic.** Every previous verification of schema 0.2.0
   was against fixtures or in-process tests. This run went through
   real DNS, real TLS, real Caddy, real well-known fetch, real SSRF
   guard, real schema validator, real reverse-index lookup, real
   trust-boost calculation. All clean. The sub-brand contract is
   now production-load-bearing, not just unit-test-load-bearing.

---

## [2026-04-22a] — Schema 0.2.0: sub-brand support

The first minor schema bump since launch. Adds the ability for a brand
to declare itself a sub-brand of an umbrella brand, so a single legal
entity (or a portfolio) can publish multiple discoverable brands and
have the directory understand the hierarchy. Worked example for the
`agentic-first.co` family below.

### Added

- **Schema `company-profile/0.2.0`.** New optional top-level
  `parent_brand` field — a bare lowercase domain (`yqup.com`,
  rejected: `https://yqup.com`, `YQUP.com`). Presence of the field
  marks the profile as a sub-brand; absence marks it as a standalone
  or umbrella brand. The 0.1.0 schema URL keeps serving for back-compat
  but the directory's canonical version is now 0.2.0; profiles still
  declaring 0.1.0 continue to validate without warnings via the new
  `SUPPORTED_SCHEMA_VERSIONS = {0.1.0, 0.2.0}` set.
- **`search_companies { parent_brand: "<domain>" }`.** Returns only
  the indexed sub-brands pointing back to that umbrella. AND-combines
  with every existing filter (`q`, `industry`, `jurisdiction`, …).
- **`search_companies { brand_role: "sub_brand" | "umbrella" |
  "standalone" }`.** Slice the index by topology when the parent's
  domain isn't known up front. `umbrella` matches any indexed profile
  that at least one sub-brand currently points back to.
- **`get_company` brand-relationship inflation.** Fetching an umbrella
  surfaces a `brand_relationships.sub_brands[]` array of every indexed
  child; fetching a sub-brand surfaces a `brand_relationships.parent`
  block with the umbrella's name, indexed status, verified status, and
  the trust boost applied.
- **Trust boost: `+0.1 verifiability` for verified-parent sub-brands.**
  A sub-brand whose declared parent is *also indexed* AND has its own
  external ID (Companies House registry record or GLEIF LEI) earns
  `+0.1` on `verifiability`, capped at `1.0`. Surfaced transparently
  on every search result as `score_inputs.parent_brand_boost` and
  noted in `brand_role_notes[]`. If the parent is unverified or not
  indexed yet, no boost is applied — stops the trust signal from
  being earnable by squatting on a domain.
- **Mode 5 colophon support for `parent_brand`.** Sub-brands on
  text-only hosts paste one extra `parent_brand: <domain>` field into
  their colophon; the existing parser handles it without code change
  because `parent_brand` is a flat string. Documented in the Mode 5
  spec and the Gamma host recipe with a worked sub-brand example.
- **New example:** `agentic-first/examples/company-public-sub-brand.json`
  showing `Acme Pick` as a sub-brand of `acme-robotics.example`.

### Changed

- **`/healthz` now reports `schema_version: 0.2.0`** and
  `/schemas/company-profile-0.2.0.json` is the canonical company
  schema URL. The 0.1.0 file is still mirrored in the
  `agentic-first/schemas/company-profile/` directory for any
  publisher who has a `$ref` pinned to the older URL.

### Tests

- `pkg/schema/tests/test_validator.py` — four new cases for
  `parent_brand`: valid bare domain passes, URL-with-scheme rejected,
  uppercase rejected, omission still passes.
- `apps/api/tests/test_mcp_server.py` — six new cases covering
  `parent_brand` filtering, `brand_role` filtering, the trust boost
  applying, the boost *not* applying when the parent is unverified,
  the `parent_brand_indexed: false` signal when the parent hasn't
  published, and the `get_company` brand-relationship inflation in
  both directions.
- 254 tests pass (was 244).

### Notes for publishers

If you already have a `0.1.0` profile published, you don't have to do
anything — it continues to validate and the directory continues to
serve it. Bump to `schema_version: "0.2.0"` only when you want to add
a `parent_brand`. The validator will flag *unsupported* versions with
a soft warning (`schema_version_mismatch`) but accepts both `0.1.0`
and `0.2.0` silently, so there's no churn from the bump itself.

The umbrella brand publishes a normal profile and **does not** declare
a `parent_brand` of its own — that would create a cycle. Sub-brands
point at the umbrella, not the other way round (registry-style
reverse index).

---

## [2026-04-21j] — Mode 5 hotfix: gzip-decoding + multi-marker bounding

Two regressions surfaced the moment we tried to submit yqup.com end-to-end
through the just-shipped Mode 5 path. Both are now fixed and pinned by
regression tests so they cannot silently come back.

### Fixed

- **`safe_request` no longer double-decompresses gzipped responses.**
  Production hosts (Gamma, Vercel, Cloudflare-fronted sites) gzip their
  HTML. `httpx.Response.aiter_bytes()` yields bytes that httpx has
  already decompressed; we were re-using the original
  `Content-Encoding: gzip` header on the materialised response, so any
  caller touching `.text` got a `DecodingError: incorrect header
  check`. The materialiser now strips `content-encoding`,
  `content-length`, and `transfer-encoding` after the body has been
  read — the bytes are plain text and the headers now say so. This
  unblocks every Mode 5 submission against a gzip host (which is most
  of them).
- **Mode 5 parser bounds the colophon body so JSON in `__NEXT_DATA__`
  doesn't pollute the last field.** Single-page apps (Next.js / Gamma)
  inline a giant JSON dump in a `<script>` tag whose contents survive
  `_flatten`. The parser previously read until end-of-string and
  silently assigned that whole blob to whatever colophon field came
  last (`contact.preferred_channel` in the wild). The parser now stops
  at whichever sentinel comes first: a *second* occurrence of the
  start marker (host duplicated the colophon into a script blob), a
  JSON brace (`{` or `}`), or an 8 KiB hard cap. The first colophon
  wins; the rest is ignored.
- **Regression tests pinned in place.** `test_safety` gains a
  `TestEncodingHandling::test_gzip_response_text_is_readable` case
  that gzips a colophon-bearing payload, and `test_colophon` gains
  `test_trailing_json_blob_does_not_pollute_last_field` plus a tighter
  `test_only_first_marker_match_is_used` that pins the new
  first-wins-with-bound semantics.

### Verified live

`yqup.com` now resolves through `submit_website` with
`discovery.method: "plaintext-colophon"`, the expected
`coerced updated_at` warning, and a clean profile (no JSON payload
glued onto `contact.preferred_channel`).

---

## [2026-04-21i] — `submit_website` learns Mode 5 (plaintext colophon)

### Added

- **Directory scanner — Mode 5 support.** `submit_website` now resolves
  domains whose only profile surface is a Mode 5 single-line colophon
  in the rendered home-page text. The discovery ladder is now Mode 1
  (`/.well-known/agentic-profile.json`) → convention MCP
  (`https://public-mcp.{domain}/mcp`) → **Mode 5 (plaintext colophon)**,
  walked top-to-bottom. A successful Mode 5 hit returns
  `discovery.method: "plaintext-colophon"` along with a list of
  `discovery.warnings[]` carrying the low-trust soft warning and any
  defensive coercions the parser had to apply (e.g. "coerced
  `updated_at` from `YYYY-MM-DD` to `YYYY-MM-DDT00:00:00Z`").
- **`/healthz.supported_discovery_modes[]`** — the directory now
  advertises which discovery modes the running scanner can resolve.
  A publisher's agent can consult this before submitting and give an
  accurate "this scanner version doesn't support your mode yet"
  message instead of a generic failure. Includes Mode 1, the
  convention MCP path, and Mode 5 (with the schema revision pin).
- **`pitch_client.colophon`** — pure Python parser for the v2 wire
  format. Handles dot-pathed keys (object segments), numeric segments
  (array indices, e.g. `team.key_people.0.name`), URL values
  (split-on-first-colon so `https://…` survives), comma-separated
  arrays for known list-valued keys (`company.industry`, etc.), and
  the spec's defensive separators (em-dash and hyphen as fallbacks
  when host AIs autoreplace the canonical pipe). 18 unit tests
  including a fixture asserting the exact byte-for-byte yqup.com paste
  round-trips into a schema-valid profile.

### Changed

- **`submit_website` "no profile found" error message** now enumerates
  every mode the scanner attempted, including Modes 2, 3, 4 (named
  explicitly as "not yet implemented by this scanner version"). The
  previous error only mentioned Mode 1 + convention MCP, which left
  publishers using other modes staring at a message that implied the
  scanner was broken when really their mode wasn't reached. Format:
  `No agentic-first profile found for {domain}. Attempted: (1) Mode 1
  (well-known): … not found; (2) convention MCP: … unreachable;
  (3) Mode 5 (plaintext colophon): … no marker found in rendered text;
  (4) Modes 2, 3, 4 …: not yet implemented by this scanner version.`
- **Mode 5 spec front-matter (`docs/recipes/modes/05-plaintext-block.md`)**
  — `parser_status` flipped from "directory parser support landing
  v0.1.x (follow-up code task)" to "supported by directory scanner;
  live since 2026-04-21". Recipe's "submit" step updated with the
  realistic response shape (`discovery.warnings[]`).
- **Gamma host recipe (`docs/recipes/hosts/gamma.md`)** — Mode 5
  recipe's "submit" step now shows the realistic response and adds a
  "Verified on" table (yqup.com, 2026-04-21) plus a `/healthz` smoke
  test publishers can run before they submit.
- **`agentic-first/llms.txt` and `pitch-mcp/www/llms.txt`** — Mode 5
  description now records "live in the directory scanner since
  2026-04-21" so an agent reading the spec knows the wire format and
  the scanner are in sync.

### Why

Tony hit this in feedback `fb_91f2eeec6c304a16`: the v2 Mode 5
colophon was confirmed live and byte-exact on yqup.com (per
`fb_7e1c06b5380d49df`), but `submit_website` rejected the domain with
"No agentic-profile.json found … and no MCP server reachable …". The
Mode 5 spec front-matter was honest — `parser_status` admitted the
directory scanner hadn't shipped Mode 5 yet — but the recipe still
told publishers to submit and the error didn't point at the gap. So
you could publish a colophon, follow the recipe end-to-end, and
conclude the standard was broken. This release closes the doc-vs-impl
gap and adds a `/healthz` field so the same gap can never silently
recur for future modes.

The same release also makes the error message honest about Modes 2,
3, 4 (named as "not yet implemented") so publishers using those modes
get a pointer to the spec gap rather than a generic dead-end.

---

## [2026-04-21h] — Feedback DX: backtick-relaxed scanner + dry-run mode

### Added

- **`/feedback/`** — the form grew a "Validate without submitting"
  checkbox that wires through to the backend's new `dry_run` parameter.
  Ticking it runs every check — length caps, type validation, the
  prompt-injection scanner, the byte budget — and returns the same
  response shape a real submit would, with `id: null`,
  `raw_status: "would_quarantine"`, `review_status: "would_be_unread"`,
  and `would_persist_bytes` (the size the entry *would* occupy in
  JSONL on disk). Useful for iterating on phrasing without polluting
  the operator's review queue. The JS branch renders a different
  success message in dry-run mode; the no-JS form falls back to a
  thank-you page that distinguishes "validated" from "filed".
- **`/feedback/`** — the body field's hint now mentions backtick
  relaxation. Wrap markup or code in single backticks (\`<script>\`)
  or a fenced code block — the prompt-injection scanner will mask
  the inside before pattern-matching, so quoting the offending snippet
  in your bug report no longer triggers `rejected_pattern`.
- **`/feedback/` for-agents panel** — new "Dry-run mode" example with
  a `curl` invocation and the response envelope, plus a "Quoting code
  in your feedback" section explaining where backtick relaxation does
  and doesn't apply (markup quoted as code passes; the same markup
  outside backticks is still rejected; `javascript:` URLs in plain
  prose are still rejected).

### Why

Two issues showed up in the first week of `submit_feedback` being live
and both were tracked back to the same root cause: the prompt-injection
scanner that protects the publisher path was being applied unchanged
to the feedback path, where the threat model is different.

A publisher filing "Gamma strips `<script>` blocks from my profile"
was getting the whole submission rejected because the scanner saw
`<script>` and fired regardless of whether the markup was quoted as
code. Feedback is the *one* surface where talking about markup is
the whole point. And agents iterating on phrasing had no way to
validate without filing, which meant either polluting the queue with
near-misses or silently giving up on the feedback we want to receive.

The relaxation is feedback-only; the publisher pipeline (the path
that ingests profile JSON over `submit_website`) still scans without
it. Dry-run requests still consume per-IP and global rate-limit
budget — by design, so dry-run can't be used to probe the filter at
unbounded rate. Both behaviours are documented at
<https://github.com/yqup/agentic-first/blob/main/docs/feedback.md>
and on `/feedback/` itself.

---

## [2026-04-21g] — De-Cloudflare the Mode 1 upgrade path

### Changed

- **`llms.txt`** — Squarespace, Webflow, and Gamma host entries no
  longer single out "Cloudflare Worker" as *the* recommended path to
  Mode 1. They now reference the broader "any static-host fronting
  service" pattern: Vercel, Netlify, Cloudflare Pages or Workers,
  Bunny.net, GitHub Pages, or a self-hosted reverse proxy. Cloudflare
  is one bullet in a multi-vendor list, never the default.

### Why

Phase 1.10 and 1.10b leaned heavily on "use a Cloudflare Worker on a
Pro custom domain" as the canonical Mode 1 path. That was technically
correct but read as the *only* recommended path and implicitly endorsed
one vendor. The standard's whole pitch is that publishers own their
data; that argument weakens if our recommended path requires an account
at one specific edge vendor. The infrastructure pattern — "serve
`agentic-first.json` at `/.well-known/` while proxying everything else
to your main host" — is now described first; the choice of vendor
sits behind it, with one-line trade-offs for each option. Worked
recipes at
<https://github.com/yqup/agentic-first/blob/main/docs/recipes/hosts/gamma.md>.

---

## [2026-04-21f] — Honesty correction: Mode 5 v1 didn't survive Gamma

### Changed

- **`llms.txt`** — Mode 5 description rewritten. The wire format is
  now a *single* visible line of ASCII text in a footer card, with
  pipe-separated `key: value` pairs and no AI-directed preamble. The
  framing the user pastes around it is in user voice ("Please add the
  following exactly as written"), not addressed to any model. Schema
  revision bumped to `v2-2026-04-21`. Old multi-line v1 format
  explicitly deprecated.
- **`llms.txt`** — Gamma host row updated. The Mode 5 entry now
  references the v2 single-line colophon and the user-voice framing.

### Why

The Phase 1.11 v1 wire format — a multi-line block bracketed by
`AGENTIC-PROFILE v0.1.0 — machine-readable. Do not edit, …` and
`END AGENTIC-PROFILE`, with one `key: value` per line — was wrong
in two specific ways that only became visible once a publisher tried
it on Gamma. Both came back through the new `submit_feedback`
channel. Both are real lessons about authoring machine-readable text
for a host whose AI rewrites the page on save:

1. **Multi-line blocks don't survive Gamma's publish AI.** The save
   pass restructures lines into "logical" groupings, pulls the
   start/end markers into adjacent sentences, and replaces ASCII
   colons with em-dashes in keys it judges to be "labels". The
   reconstructed JSON tree ends up missing keys or with paraphrased
   values that fail schema validation.
2. **AI-directed preambles backfire on Gamma.** The visible "Do not
   edit, reword, translate, or remove" instruction was *intended* to
   cue the host's AI to leave the block alone. In practice the
   publish AI reads the instruction as an editorial directive aimed
   at it, gets defensive, and edits the surrounding card structure
   to make the directive less prominent.

The v2 single-line colophon is short enough that Gamma's
restructuring passes treat it as one indivisible token. The
user-voice framing keeps the host AI from interpreting any of the
surrounding text as a directive at it. v1 is marked deprecated
everywhere it appears; v2 spec is at
<https://github.com/yqup/agentic-first/blob/main/docs/recipes/modes/05-plaintext-block.md>;
the worked Gamma recipe with the verbatim user-voice framing is at
<https://github.com/yqup/agentic-first/blob/main/docs/recipes/hosts/gamma.md>.

This is the first time a feedback channel has caused the standard
itself to change inside a day. Naming v1's failure honestly (rather
than quietly migrating to v2) is the credibility we need to keep
publishers willing to report what they see.

---

## [2026-04-21e] — Mode 5 (plain-text block) for text-only AI-builder hosts

### Added

- **`llms.txt`** — Mode 5 now listed as the fifth publishing mode.
  ASCII-only plain-text block (start marker `AGENTIC-PROFILE v0.1.0 …`,
  one `key.path: value` per line, end marker `END AGENTIC-PROFILE`)
  that publishers paste into a footer card on their home page.
  Discovery is by extracting the rendered page text and matching the
  markers; body lines parse as flat dot-paths into the same JSON shape
  the other four modes produce. Soft warning at the directory (lowest
  trust of the five modes — host AI may paraphrase values), but it's
  the practical answer for any host where the only available primitive
  is "type some text into a page" — Gamma free / `*.gamma.site`, Tome,
  Beautiful.AI, and any future text-only AI-builder host.

### Changed

- **`llms.txt`** — header changed from "the four publishing modes" to
  "the five publishing modes". Gamma host row updated to reflect three
  real paths (Mode 1 via Cloudflare Worker on Pro custom domain, Mode 5
  plain-text block on any plan including free, or separate-static-host
  fallback).

### Why

Phase 1.10b retracted the false claim that Gamma supports Mode 4. The
honest replacement was "use Cloudflare Worker on a Pro custom domain or
host the profile elsewhere", which left Gamma free-tier users (and
users of Tome / Beautiful.AI generally) with no way to participate in
the standard from their host. Mode 5 closes that gap with a wire format
designed specifically for "I can only type text". The trade-off (lower
trust, soft warning, possible host-AI paraphrase between save and read)
is documented openly. Spec at
<https://github.com/yqup/agentic-first/blob/main/docs/recipes/modes/05-plaintext-block.md>;
worked Gamma recipe at
<https://github.com/yqup/agentic-first/blob/main/docs/recipes/hosts/gamma.md>.

---

## [2026-04-21d] — Honesty correction: Gamma has no embed primitive

### Changed

- **`llms.txt`** — Gamma row no longer claims Mode 4 works there. Reality
  check: Gamma has no custom HTML widget, no `<head>` injection, no
  `<script>` block, no `/.well-known/` upload. The "Embed" widget only
  iframes external URLs (YouTube, Figma, QR codes); the "Embed" tab in
  Share is for putting your *Gamma deck* onto someone else's site. Top
  open Gamma feature request as of 2026: "Custom CSS and JavaScript
  Injection" — explicitly not supported.
  - New Gamma row: Mode 1 via Cloudflare Worker on a Pro custom domain,
    OR host the profile on a separate static host (Vercel/Netlify/Pages)
    and link to your Gamma deck from it.
  - Mode 4 row demoted to "speculative; no current major host implements
    the prerequisite". The pattern stays documented because the design is
    valid; we just stopped claiming any live host runs it.

The substantive corrections live in the public-repo commit, see
[`yqup/agentic-first`](https://github.com/yqup/agentic-first/commits/main/docs/recipes/hosts/gamma.md).

---

## [2026-04-21c] — Per-host recipe links + Mode 4 in `llms.txt`

### Changed

- **`llms.txt`** — Publishing section expanded. Now lists every
  per-host recipe (Vercel, Netlify, GitHub Pages, raw HTML, WordPress,
  Squarespace, Wix, Webflow, Notion, Gamma) and every per-mode
  recipe (1 file at well-known, 2 script embed, 3 hidden block, 4
  AI-builder block - NEW) as fully-qualified
  `raw.githubusercontent.com` URLs. An agent that lands on
  `www.agentic-first.co/llms.txt` can now jump straight to the recipe
  for the user's host without traversing the entry-point doc first.

The website itself is unchanged — the recipes live in the public
`agentic-first` GitHub repo and are surfaced through `llms.txt`. See
the public-repo commit
[`cc86342`](https://github.com/yqup/agentic-first/commit/cc86342) for
the substantive change.

---

## [2026-04-21b] — Feedback ingest

### Added

- **`/feedback/`** - new consumer page with a small textarea form
  asking "is there any information we're missing?". Posts to
  `https://directory.agentic-first.co/feedback`. Works without
  JavaScript (`<noscript>` form-encoded fallback); the JS path
  upgrades to AJAX with a live character counter and inline
  success / error messages. Bottom of the page documents the
  curl + MCP equivalents for agents that want the programmatic
  path.
- Feedback link added to the site nav, the homepage CTA strip,
  the `/how/` next-steps panel, the `/for-agents/` page (as a
  dedicated "Send feedback to the operators" card), and the
  shared footer.
- **`/llms.txt`** - new "Feedback" section. Lists the human
  page URL, the HTTP `POST /feedback` endpoint, the MCP
  `submit_feedback` tool name, the per-IP and global rate
  limits, and the deterministic rejection codes
  (`type_invalid`, `too_long`, `enum_invalid`,
  `rejected_pattern`, `body_too_large`, `rate_limited`).

### Notes

The feedback path is **deterministic, code-only**. No LLM ever
reads what you submit, no automated reply is generated, and the
quarantine file is never served back over HTTP. This is by
design - see `SECURITY.md` "Feedback ingest" in the directory
repo. If you want richer dialogue with us, file an issue at
<https://github.com/yqup/agentic-first/issues> instead; that
surface is human-mediated.

---

## [2026-04-21] — Slim consumer site; spec moves to GitHub

### Changed

- **Major restructure.** The technical surface (full SPEC, schemas,
  per-host embed recipes, security policy, landscape comparison,
  examples, drop-in skills, Python validator) is now published in the
  open repo at <https://github.com/yqup/agentic-first> and is no longer
  duplicated on the website. The website becomes a three-page consumer
  landing:
  - `/` - what it is, why it exists, who it's for, where to go next.
  - `/how/` - human walkthrough of publishing in three steps.
  - `/for-agents/` - machine entry point for AI agents pointed at
    this domain; mirrors `/llms.txt` in HTML.
- **`/llms.txt`** rewritten to point primarily at
  `github.com/yqup/agentic-first` and its raw skill / schema URLs.
- Site nav reduced to: How it works · For agents · GitHub · Directory MCP.

### Removed (now redirected)

- `/standard/` -> `https://github.com/yqup/agentic-first/blob/main/SPEC.md`
- `/adopt/` -> `/how/`
- `/adopt/embed-recipes/` -> `docs/embed-recipes.md` on GitHub
- `/adopt/agent/`, `/adopt/claude-skill/`, `/adopt/codex-skill/`,
  `/adopt/reader/` -> the corresponding skill file on GitHub
- `/security/` -> `docs/security-policy.md` on GitHub
- `/landscape/` and all `/landscape/<topic>/` pages ->
  `docs/landscape.md` on GitHub
- `/skills/**/*.md` -> `raw.githubusercontent.com/yqup/agentic-first/main/skills/...`
- `/examples/*.example.json` -> `raw.githubusercontent.com/yqup/agentic-first/main/examples/<name>.json`

All redirects are 301 permanents and live in
`infra/caddy/sites/www.agentic-first.co.caddy`.

---

## [2026-04-19b] — Embed-recipes hub + cross-LLM harness + author-skill v0.1.1

### Added

- **`adopt/embed-recipes/`** — comprehensive platform-by-platform
  hub for publishing `/.well-known/agentic-profile.json` on every
  common host. Covers all three publishing modes (file, embed,
  inline-XML), every static-site framework (Next.js, Astro,
  SvelteKit, Hugo, Jekyll, Eleventy, Gatsby, Docusaurus, Nuxt),
  every major file host (Vercel, Netlify, Cloudflare Pages,
  GitHub Pages, S3+CloudFront, Azure Static Web Apps, Fly /
  Railway / Render), every popular CMS (WordPress, Squarespace,
  Wix, Webflow, Ghost, Shopify, Notion via Super.so / Potion /
  Fruition, Carrd, Substack), and constrained hosts (Google
  Sites, Linktree / Beacons / Bio.link, Medium) via the universal
  Cloudflare Worker escape hatch. Each recipe is paste-ready code
  with a verification triplet at the end.
- **`pitch-mcp/skills-harness/`** — cross-LLM regression harness
  for the agentic-first author + reader skills. Twelve scenarios
  (six author × six reader) exercising schema-pick, mode-pick,
  injection resistance, and discovery fallback; rubric-based
  scoring with simple substring + LLM-as-judge for semantic
  checks; provider-agnostic runner (OpenAI, Anthropic, Google;
  silently skips any provider whose key isn't set). Output is a
  PASS / PARTIAL / FAIL / SKIP matrix in `RESULTS.md`. A FAIL cell
  blocks bumping the affected skill's `version` field — the
  promise to users we make when we publish a skill.

### Changed

- **Author skills bumped to v0.1.1** — added a new "Step 5b —
  Platform-specific embedding recipes" section in all three
  variants (`skills/claude/agentic-first/SKILL.md`,
  `skills/codex/agentic-first/SKILL.md`,
  `skills/agentic-first.agent-prompt.md`). The new section
  contains a host-to-mode-to-paste-target decision table covering
  every platform on the recipes hub, plus the verification
  triplet to run after publish. Reader skills are unchanged at
  v0.1.0.
- `adopt/index.html` — under "Three ways to publish", the
  hosting-recipes link now points at the new
  `/adopt/embed-recipes/` hub (with a one-paragraph summary of
  what's covered) and additionally cross-links the spec-level
  `/standard/#host` notes.
- `standard/index.html` — the "Coming in the next site update"
  panel under §How to host it has been replaced with a CTA to the
  new recipes hub. The promise made there is now delivered.

### Notes for skill consumers

If you've already installed `agentic-first` v0.1.0 on Claude or
Codex, the skills-update path on each runtime will pick up v0.1.1
automatically (Claude Desktop: Settings → Skills → Update;
Codex CLI: re-`curl` the SKILL.md from
`https://www.agentic-first.co/skills/{runtime}/agentic-first/SKILL.md`).
The user-facing change is concrete platform recipes inline rather
than a generic "check the website" handoff.

---

## [2026-04-19] — Reader skills

### Added

- **Reader-skill family v0.1.0** — three drop-in skills that turn an
  AI agent into an agentic-first directory consumer (lookup, search,
  diligence sweep, protected-tier negotiation, prompt-injection
  guardrails). Inverse of the existing author-skill family.
  - `skills/claude/agentic-first-reader/SKILL.md` — Claude Desktop /
    Claude Code variant. Trigger phrases include "look up
    {domain} on agentic-first", "search agentic-first for UK
    fintech, Series A or later", "run a diligence sweep on
    {domain}".
  - `skills/codex/agentic-first-reader/SKILL.md` — Codex CLI variant.
    Adds shell + filesystem write so the diligence summary lands at
    `./diligence/{domain}.md` for later attachment to a memo or
    deal-room. With network enabled, fetches the canonical schema
    live rather than relying on whatever the skill remembers.
  - `skills/agentic-first-reader.agent-prompt.md` — portable system
    prompt for ChatGPT / Gemini / Cursor chat / any custom
    assistant. No install — paste into the system-prompt field.
- `adopt/reader/index.html` — consolidated reader hub (one page
  covering all three runtimes, install instructions, trigger
  phrases, the six-step workflow, the safe-handling pattern, and the
  versioning rule).

### Changed

- `adopt/index.html` — added a "Reading other people's profiles"
  section pointing at the new reader hub, plus three cards (reader
  hub, Claude reader skill, Codex reader skill, generic agent
  prompt). Page TOC, OG card, and `<title>` updated to reflect
  publish-OR-read framing.
- All six skills now carry an explicit `version: 0.1.0` field
  (frontmatter for SKILL.md files; top blockquote for agent
  prompts). This is the per-skill version axis; bump it whenever the
  underlying surface a skill targets changes.
- `README.md` — new "Versioning" section documenting the two axes
  (site-wide + per-skill) and the sync rule for changes below this
  directory.

### Notes for skill consumers

If you have already installed the author skills, the reader skills
sit beside them at `~/.claude/skills/agentic-first-reader/` and
`~/.codex/skills/agentic-first-reader/` respectively — they do not
collide with the existing `agentic-first` author-skill installs.

---

## [2026-04-15] — Site live

### Added

- Initial public version of `www.agentic-first.co`:
  - `index.html` — landing page with the "why" pitch, "today vs with
    agentic-first" table, and the four hard problems any standard in
    this space has to answer (trust, adoption, maintenance,
    incentive).
  - `standard/index.html` — agentic-first standard v0.1.0 spec page
    documenting the four profile types
    (Company/Personal × Public/Protected), the well-known URI
    naming decision (with citations to RFC 8615, MCP SEP-1960/2127,
    A2A agent-card, llms.txt), and host-it-yourself instructions for
    plain HTML, Vercel/Netlify, and Squarespace.
  - `landscape/index.html` + five per-standard deep-dives
    (`schema-org/`, `xbrl/`, `mcp-json/`,
    `verifiable-credentials/`, `lei/`) covering the standards
    landscape and where agentic-first sits within it.
  - `adopt/index.html` — adoption hub: three publishing modes
    (file at `/.well-known/`, embedded data island, inline-XML
    fallback) and three authoring paths (generic agent prompt,
    Claude Skill, Codex Skill).
  - `adopt/agent/`, `adopt/claude-skill/`, `adopt/codex-skill/` —
    per-runtime author-skill landing pages with install
    instructions, behaviour table, embedded SKILL.md preview.
  - `security/index.html` — three-actor threat model
    (publisher, reading agent, DoS attacker), publisher rules, the
    safe-handling pattern for reading agents (delimiter-wrapped
    untrusted-content turns, no profile prose in system prompts),
    the directory's enforcement ruleset on ingest, the
    rejected-pattern list, unicode hardening rules.
  - `examples/*.example.json` — four downloadable canonical
    example profiles (`company-public`, `company-protected`,
    `personal-public`, `personal-protected`).
  - `skills/agentic-first.agent-prompt.md`,
    `skills/claude/agentic-first/SKILL.md`,
    `skills/codex/agentic-first/SKILL.md` — author-skill family
    v0.1.0 (versions stamped retroactively in the 2026-04-19
    release).
- Single shared stylesheet at `static/css/site.css`. No build step.