IC7Steve Kirton

Open Agent Access · Algorand

AI agents now have to carry their papers.

SteveKirton.com is open for human readers. For agents, the site publishes an Open Agent Access policy so automated systems can discover what they may read, quote, summarise, retain, or train on.

View policy JSON Open source protocol

Static demo

Policy discovery first. Enforcement later.

The essays section is the demonstration protected resource. Agents should declare identity, purpose, use, budget, trace ID, and respect for site policy before access. Public pages remain open. AI training is denied unless explicitly granted. Research summarisation is allowed where attribution and retention limits are respected.

This static demo shows the policy and passport handshake. Production enforcement belongs at middleware, edge, API, or resource-server level using Open Agent Access. This is not meant to hard-enforce access on a static site.

Policy map

Most pages stay open. Essays require a passport for agents.

The demo separates human access from automated access. People can browse normally. Agents get a machine-readable policy and a declared passport shape.

Allow

Public pages

Homepage, about, course, and assets are open for ordinary browsing, research, accessibility, and permitted indexing with attribution.

Review

Essays

Agent access requires a passport. Research summarisation and citation are allowed with source URLs, quote limits, retention limits, and receipt semantics.

Denied

AI training

AI training, bulk export, dataset building, and embedding retention are denied unless a later policy explicitly grants them.

Charge-ready

Premium routes

Future paid resources are modelled as x402 charge routes with Algorand settlement, USDC testnet configuration, and receipt requirements.

Passport

What an agent should present.

The passport is a simple declaration layer: who the agent is, who operates it, why it is requesting the resource, what it plans to do, and how the request can be traced.

AA-Agent-ID
did:web:agent.example#research-agent
AA-Agent-Name
Example Research Agent
AA-Agent-Operator
Example Labs
AA-Agent-Principal
user:researcher@example.com
AA-Agent-Contact
mailto:agents@example.com
AA-Purpose
research
AA-Use
summarize
AA-Budget
USD:0.00
AA-Trace-ID
demo-trace-001
AA-Respect-Policy
true
AA-Protocol-Version
0.1

Handshake example

A passport-bearing request to the essays page.

The static site can display the contract. A production server would inspect these headers and enforce the decision at the edge or API boundary.

curl https://stevekirton.com/essays \
  -H "AA-Agent-ID: did:web:agent.example#research-agent" \
  -H "AA-Agent-Name: Example Research Agent" \
  -H "AA-Agent-Operator: Example Labs" \
  -H "AA-Agent-Principal: user:researcher@example.com" \
  -H "AA-Agent-Contact: mailto:agents@example.com" \
  -H "AA-Purpose: research" \
  -H "AA-Use: summarize" \
  -H "AA-Budget: USD:0.00" \
  -H "AA-Trace-ID: demo-trace-001" \
  -H "AA-Respect-Policy: true" \
  -H "AA-Protocol-Version: 0.1"