{ "@context": "https://knov.ai/schema/oars-manifest.json", "@type": "Organization", "schemaVersion": "2026-06-07", "generated": "2026-06-08", "language": "en-US", "narrative": "# Knov.ai\n\nKnov.ai is the founding organization behind OARS, the Open Agent Readiness Standard. We define what it means for a website or business to be machine-operable by AI agents, verify entities against the standard, and operate the directory agents query to find them.\n\n## What We Do\nWe maintain the OARS specification and its machine-readable schema, run a free assessment tool that scores any URL against the standard, generate oars.json manifests, review and verify entities, and expose the verified directory to AI agents over an MCP server and a public API.\n\n## What We Don't Do\nKnov.ai is infrastructure, not a marketing or GEO/AEO service. We do not optimize sites for AI search rankings, write content, or build websites. We define and verify the standard; implementation is up to each entity or its certified practitioners.\n\n## How to Engage\nRun a free OARS self-assessment of any domain at https://knov.ai/assess, generate a manifest at https://knov.ai/generate, then request verification at https://knov.ai/verify. Agents can query the verified directory programmatically over the MCP server.\n\n## This Manifest\nKnov.ai publishes its own oars.json as the reference implementation of the standard it maintains. The standards body should meet its own bar.", "identity": { "name": "Knov.ai", "legalName": "Knov.ai", "domain": "knov.ai", "sameAs": [ "https://github.com/tylerewillis/OARS-Standard", "https://x.com/knov_ai", "https://www.linkedin.com/company/knov-ai" ], "status": "active", "description": "The founding organization behind OARS, the Open Agent Readiness Standard. Maintains the standard and schema, runs a free OARS assessment tool and oars.json generator, verifies entities, and operates the verified directory that AI agents query over MCP and a public API.", "notDescription": "Does not provide GEO/AEO or AI-search-ranking optimization, content writing, or website development. Knov.ai defines and verifies the standard; it does not implement it on behalf of entities.", "categories": [ "Standards Organization", "Agent Infrastructure", "Web Standard" ], "locations": [ { "type": "headquarters", "country": "US" } ] }, "audience": { "serves": { "industries": [ "Any business or organization with a web presence", "AI agent and assistant developers", "Agencies and consultants implementing agent-readiness" ], "descriptions": [ "Businesses that want to be discoverable, readable, and operable by AI agents", "Developers building agents that need a trusted, structured index of agent-ready businesses", "Practitioners who implement and verify OARS compliance for clients" ] }, "idealClient": "Any entity that wants AI agents acting on behalf of users to be able to find, understand, interact with, transact with, or operate inside their business in a verifiable way." }, "engagement": { "firstStep": "Run a free OARS assessment of any domain at https://knov.ai/assess, then generate an oars.json and request verification.", "firstStepUrl": "https://knov.ai/assess", "process": [ "Assess any URL for free against OARS (no account)", "Generate an oars.json manifest from the findings", "Publish the manifest at /.well-known/oars.json on your domain", "Request verification and confirm domain ownership", "A Knov.ai reviewer completes the human review and assigns a verified level and tier" ], "pricing": { "model": "subscription", "range": "The OARS standard is free and open. The public assessment, the oars.json generator, verification, and a self-declared directory listing are all free. Paid subscriptions exist only for the Certified Implementor Program (consultancy directory listing plus OARS API access): Implementor $49/month (up to 500 API calls), Agency $199/month (up to 5,000 API calls), then $0.10 per additional API call. Apply at https://knov.ai/build.", "minimum": "$49/month (Certified Implementor Program only; the standard and public tools are free)", "currency": "USD" }, "remote": true, "languages": ["en"] }, "knowledge": { "topics": [ "Open Agent Readiness Standard (OARS)", "Agent-readiness levels: Reachable, Discoverable, Readable, Actionable, Transactable, Operable", "oars.json manifest authoring", "Machine-operable web infrastructure", "AI agent discovery and verification", "robots.txt, sitemaps, llms.txt, and structured data for agents" ], "authoritativeOn": [ "The Open Agent Readiness Standard, its Level 0 prerequisite, and its five cumulative levels", "How agent-readiness is assessed and verified", "The oars.json manifest format and schema" ], "commonQuestions": [ { "question": "What is OARS?", "answer": "OARS, the Open Agent Readiness Standard, defines what it means for a website or business to be ready for interaction with AI agents. It has a Level 0 prerequisite (Reachable) and five cumulative levels: Discoverable, Readable, Actionable, Transactable, and Operable. Knov.ai maintains the standard and verifies entities against it." }, { "question": "How does a business get listed in the Knov.ai directory?", "answer": "Generate an oars.json manifest and submit it for a free self-declared listing, or request verification. Verification adds a confirmed level and tier after a Knov.ai reviewer completes the human review." }, { "question": "Is OARS free to implement?", "answer": "Yes. The OARS specification and schema are open and may be implemented by any entity without license or fee. Assessment, the generator, and a self-declared directory listing are free." } ] }, "agents": { "canBook": false, "canQuote": false, "canTransact": false, "mcpServer": "https://knov.ai/.well-known/mcp.json", "restApi": "https://knov.ai/api/v1", "openapi": "https://knov.ai/api/openapi.json", "apiDocs": "https://knov.ai/api", "agentInstructions": "Query the Knov.ai verified directory to find businesses that are agent-ready against OARS. Two equivalent surfaces are offered: an MCP server (JSON-RPC) and a free public REST API (OpenAPI 3.1 at /api/openapi.json). Use them to list/search the directory, read a single domain's verification status and oars.json, and submit a domain for verification (an idempotent, long-running operation you poll to a terminal state). Each entry includes the entity's OARS level, verification tier, declared capabilities, and a link to its published oars.json.", "preferredInteraction": "read", "toolSurface": { "kind": "read-only", "tools": ["lookup_entity", "search_entities", "get_schema", "verify_entity"], "allowlist": "enforced", "authorization": "server-side", "tokenPassthrough": false, "note": "The MCP tool surface is a read-only facade over the public directory. Method dispatch is a server-side allowlist: any name outside the four published tools is rejected with JSON-RPC error -32602 before any work runs, and no client-supplied token or capability is trusted to widen access. There is nothing for per-call write-authorization to protect because no tool mutates state." }, "humanInLoop": { "destructiveOps": "none-exposed-to-agents", "stateChange": "verification submission only", "note": "The single state change an agent can initiate is submitting a domain for verification (POST /api/v1/verifications), which only creates a pending request. Granting a verified level, tier, or directory listing is performed by a human reviewer in the /admin queue — no agent call can approve, list, modify, or delete an entity." }, "auditLog": { "type": "append-only", "scope": "agent-interaction", "captures": ["timestamp", "tool-or-endpoint", "request-subject (domain/query)", "agent-identifier (User-Agent, Origin/Referer, IP)"], "retrievableForDays": 30, "export": "https://knov.ai/admin/activity/export?scope=agent (staff-gated; produced for an entity on legitimate request)", "note": "Every successful MCP tool call and the verification-submit API write one row to an append-only activity log. Exportable as CSV for any date range; ?scope=agent limits to agent-interaction actions (mcp.tool_called, verification.api_requested)." } }, "compliance": { "selfDeclaredLevel": "3-actionable", "targetLevel": "3-actionable", "statement": "Knov.ai publishes its own oars.json as the reference implementation of the standard it maintains. It is Discoverable and Readable, and exposes agent-callable capabilities both ways Level 3 defines: a documented, idempotent REST API with an OpenAPI 3.1 contract at /api/openapi.json, client-supplied idempotency keys on writes, RFC 9457 problem+json errors, and a long-running verification operation with explicit terminal states (3a Callable); and an MCP server plus an A2A agent card (3b Tool-Exposed). The API exposes only public operations, so OAuth 2.1 is not applicable: reads are open data, and the single mutation (submit-for-verification) is a public intake whose protected effect — getting a domain verified or listed — is authorized by a domain-ownership challenge that proves control of the specific domain, a control stronger than account-bearer auth for this action. Rate limiting (429 + Retry-After), enforced HTTPS, a coordinated vulnerability-disclosure policy (/.well-known/security.txt), and an agent-interaction audit log are in place. This is a self-declaration pending independent Knov reviewer verification. As a standards body and directory it does not sell goods, so Level 4 (Transactable) does not apply.", "specVersion": "1.2" }, "access": { "transport": { "httpsEnforced": true, "hsts": "max-age=31536000; includeSubDomains; preload", "minTlsVersion": "1.2", "mixedContent": "none", "note": "HTTPS is forced at the edge (301 redirect, honors X-Forwarded-Proto). HSTS preload and an upgrade-insecure-requests CSP directive are sent on every response. The TLS protocol and cipher floor (TLS 1.2+, no 3DES/RC4) is enforced at the Apache/cPanel layer." }, "userAgentPolicy": { "cloaking": "none", "note": "Non-browser User-Agents receive byte-identical substantive responses to browsers. No User-Agent is used for routing, blocking, content substitution, or stripping. Dogfoods the OARS no_cloaking criterion Knov.ai itself publishes." }, "botChallenge": { "interactiveChallenge": "none", "note": "No CAPTCHA, JS challenge, or bot-management interstitial is served to any User-Agent. The Directory API read endpoints and POST /api/v1/verifications are open (the submit is gated by a domain-ownership challenge, not auth); the consultant assessment endpoint (POST /api/assess) uses non-interactive Bearer / API-key auth.", "nonInteractiveAuth": { "method": "apiKey", "scheme": "Authorization: Bearer (or ?key=)", "obtain": "https://knov.ai/build" }, "webBotAuth": "not-required" }, "rateLimits": { "policy": "Per-IP fixed-window, applied only to compute-heavy endpoints; read-only directory, MCP, and discovery endpoints are unthrottled. Fails open.", "onLimit": "HTTP 429 with a Retry-After header (seconds).", "buckets": { "/assess": "20 / 3600s", "/generate": "15 / 3600s", "/verify": "12 / 3600s", "/api/assess": "120 / 3600s", "/api/v1/directory": "600 / 3600s", "POST /api/v1/verifications": "30 / 3600s" }, "notThrottled": ["/mcp", "/.well-known/*", "/llms.txt", "/robots.txt", "/sitemap.xml"] }, "authorization": { "model": "public", "oauth": "not-applicable", "note": "The Directory API exposes only public operations, so there is nothing for account-level auth to protect. Reads require no authorization. The submit-for-verification mutation is open to any caller; its protected effect — verifying or listing a domain — is authorized out-of-band by a domain-ownership challenge (publish a per-request token via oars.json, a /.well-known file, or a DNS TXT record), which binds authorization to control of the specific domain rather than to a caller account. OAuth 2.1 with PKCE would be introduced only if account-scoped protected operations are added. The consultant assessment endpoint (POST /api/assess) uses non-interactive API-key auth." }, "disclosure": { "policy": "https://knov.ai/api#disclosure", "securityTxt": "https://knov.ai/.well-known/security.txt", "contact": "mailto:support@knov.ai" } }, "freshness": { "lastVerified": "2026-06-07", "nextReview": "2027-06-07", "verifiedBy": "self", "changelog": [ { "date": "2026-06-07", "changes": [ "Published the free Directory API (Level 3a Callable): an OpenAPI 3.1 contract at /api/openapi.json, list/search and single-domain reads, and an idempotent submit-for-verification operation with RFC 9457 problem+json errors. Declared the Directory API surfaces under agents, raised the self-declared compliance level to 3-actionable, and added the new rate-limit buckets." ] }, { "date": "2026-06-05", "changes": [ "Updated to OARS v1.2: added the optional identity.sameAs field for externally verifiable identity references, and declared Knov.ai's GitHub, X, and LinkedIn profiles." ] }, { "date": "2026-05-31", "changes": [ "Updated to OARS v1.1: renamed Interactable to Actionable, added Level 0 (Reachable) to the level vocabulary, and declared a self-declared compliance level (3b Tool-Exposed)." ] }, { "date": "2026-05-30", "changes": ["Initial oars.json published as the OARS reference implementation"] } ] } }