Create siteai.json for your Website to siteai.json

Where: ⚡ Action Permissions → 📝 Contact Form

What to do:

1. Find the "⚡ Action Permissions" section in the editor
2. Look for "📝 Contact Form"
3. Toggle the switch to OFF (grey)
4. Optionally add a note: "Contact form submissions require a real human."

Result in JSON:

"permissions": {
  "action": {
    "submitContactForm": {
      "allowed": false,
      "note": "Contact form submissions require a real human."
    }
  }
}

Where: ⚡ Action Permissions → 🔍 Search

What to do:

1. Find "🔍 Search" in Action Permissions
2. Toggle to ON (green)
3. In the rate/min field, enter a number like 20

Result in JSON:

"permissions": {
  "action": {
    "search": {
      "allowed": true,
      "rateLimit": 20
    }
  }
}

Where: ⚡ Action Permissions → 💳 Checkout

What to do:

1. Toggle "💳 Checkout" to ON
2. Check the 🧑 checkbox next to it (human verification)
3. In "🧑 Human Verification" section, select the method: redirect-to-browser
4. In "Required For" field, type: checkout

What this means: An AI agent can add items and proceed to checkout, but the final purchase must be confirmed by the human user (e.g., redirected to a browser window).

"permissions": {
  "action": {
    "checkout": {
      "allowed": true,
      "humanVerification": true,
      "note": "Final purchase requires human confirmation."
    }
  }
},
"humanVerification": {
  "methods": ["redirect-to-browser"],
  "requiredFor": ["checkout"]
}

Where: 🔗 Discovery Links

What to do:

1. Open the "🔗 Discovery Links" section
2. In "OpenAPI Spec", enter your API documentation URL: https://yoursite.com/api/v1/openapi.json
3. If you have an MCP server: fill in "MCP Endpoint"
4. If you have an A2A agent card: fill in "A2A Agent Card"

Why? This tells AI agents where to find your structured API, so they can interact with your service programmatically instead of scraping your website.

"discovery": {
  "robotsTxt": "https://yoursite.com/robots.txt",
  "openApi": "https://yoursite.com/api/v1/openapi.json",
  "mcpEndpoint": "https://yoursite.com/.well-known/mcp.json",
  "schemaOrg": true
}

Where: 🤖 Agent Identification

What to do:

1. Toggle "Require User-Agent Header" to ON
2. Toggle "Allow Anonymous Agents" to OFF
3. Check the required fields: agentName, agentOperator, agentPurpose

What this means: Well-behaved AI agents will send a User-Agent header identifying who they are, who operates them, and what they're trying to do. You can then decide per-agent what's allowed.

"agentIdentification": {
  "requireUserAgent": true,
  "requiredFields": ["agentName", "agentOperator", "agentPurpose"],
  "allowAnonymousAgents": false
}

Where: 🕷️ Scraping Policies

What to do:

1. Toggle "Training Data Usage" to OFF
2. Toggle "Content Reproduction" to OFF
3. Toggle "Bulk Data Extraction" to OFF

What this means: You're explicitly telling AI companies that your content must not be used for model training, reproduced elsewhere, or bulk-scraped. This is the digital equivalent of "All Rights Reserved" for AI.

"scraping": {
  "bulkDataExtraction": false,
  "contentReproduction": false,
  "trainingDataUsage": false,
  "priceMonitoring": false,
  "competitiveAnalysis": false
}

Where: 🔒 Data Protection

What to do:

1. Toggle ALL data permissions to OFF: Customer Records, Order History, Payment Info, Internal Analytics, Employee Data
2. This is the recommended default — sensitive data should never be exposed to agents

When would you turn one ON? Only if you have a trusted internal agent (e.g., your own CRM bot) that needs order history. In that case, combine with Agent Identification to whitelist specific agents.

"permissions": {
  "data": {
    "customerRecords": { "allowed": false },
    "orderHistory": { "allowed": false },
    "paymentInfo": { "allowed": false },
    "internalAnalytics": { "allowed": false },
    "employeeData": { "allowed": false }
  }
}

Where: ⚖️ Legal

What to do:

1. Enter your Terms URL — link to your AI-specific terms of service
2. Toggle "Transparency Required" to ON — agents must disclose they're AI
3. Set "Risk Classification" to your category:
   • minimal — Blog, portfolio (most websites)
   • limited — E-commerce, SaaS
   • high — Healthcare, finance, education
4. If your site handles critical decisions, toggle "Human Oversight Mandatory" to ON

"legal": {
  "termsUrl": "https://yoursite.com/legal/ai-terms",
  "euAiActCompliance": {
    "transparencyRequired": true,
    "riskClassification": "limited",
    "humanOversightMandatory": false
  }
}