What does agent-readiness mean?

Agent-readiness is a measurable property of a site, an API, or a product surface. It describes how well AI agents can discover, read, and operate it.

How much does it cost?

Prices (EUR, VAT not included): Audit €6,500 fixed price, Advisory €3,000/month (minimum 3 months), Implementation €1,500/day scoped per task. Final price is confirmed in writing after scope is agreed.

Do I need to share production credentials?

No. Production credentials are not requested. Read access is enough for the audit.

Are there calls or video meetings?

No. Engagement is async-only. No calls and no calendar links at any stage.

How long does the audit take?

The audit is fixed scope, 2-3 weeks.

Can our engineering team implement the fixes?

Yes. The audit report is the spec. Either I implement or your team does the work with the report as the spec.

How is the result verified?

The result shows up in scanner numbers. The next scan reads higher than the previous one in the categories the report named.

How do I get in touch?

In writing: email or Signal @turva.19. First reply within one business day.

agent-readiness · independently verified

Agent-readinessaudits

Get your product truly agent-ready. Measured by two independent scanners, fixed in priority order, fully auditable.

#1 on startuphub.ai | ✓ 100/100 verified | Business ID 3600281-7

turva@audit · verify independent report

›turva verify --source startuphub.ai

# independent agent-readiness scan of turva.dev

✓scannerstartuphub.ai 3rd-party ↗

discoverability100/100

content100/100

access-control100/100

capabilities100/100

commerce100/100

quality100/100

verified100/100#1 ranked A+

Audits, advisory, and implementation for product teams

EVIDENCE

turva.dev is my own reference build. It is ranked #1 of all publicly-scanned sites on the startuphub.ai agent-readiness leaderboard, with 100/100 verified by two independent scanners. Measured 2026-06-08.

startuphub.ai leaderboard: #1 of top 100 sites, 100/100 (A+).

Discoverability, Content, Access Control, Capabilities, Commerce, Quality:

100/100 each. https://www.startuphub.ai/agent-readiness

isitagentready.com: 100/100, Level 5 (Agent-Native).
https://isitagentready.com/turva.dev

The Cloudflare Worker that produces these results is open source:

github.com/busygoat/turvadev-pretender. You can read every line before you

hire me.

Backed by a registered company, publicly verifiable:

Business ID 3600281-7, registered in Finland.

PRH/YTJ business register: https://tietopalvelu.ytj.fi/yritys/3600281-7

The process has three stages and no surprises

First, measurement. Two independent agent-readiness scanners read the

current state of the site or API and produce a numeric baseline plus

a categorized list of where points are missing.

Then a written report. Three to ten priority fixes in order of impact,

with technical reasoning written so the reader does not need an

agent-readiness background to follow it.

Then the fixes. I implement them, or your engineering team does the

work with the report as the spec. Both routes are supported and the

choice is yours.

All communication runs async. No calls and no calendar links. Live

meetings are not part of how this work is done. Short questions go

through Signal, longer documents through email and CryptPad. Everything

stays in writing, which means the work and the trail are auditable

end-to-end.

Production credentials are not requested. Write access to repositories

is not taken by default. Read access is enough for the audit, and

write access is scoped per task if implementation is purchased

separately.

The result shows up in scanner numbers. That is the contract. The next

scan reads higher than the previous one, in the categories the report

named, by the dates the report named.

Services

Audit. Fixed scope, two to three weeks. Two independent scanners run
against the site or API. Written report with a prioritized fix list.
You receive a measured baseline and a clear "do this first" plan.

Advisory. Monthly retainer, async-only. Ongoing review as the site,
API or product evolves. Each scanner cycle reads higher than the last,
or the report explains why a tradeoff was kept on purpose.

Implementation. On request. Worker-level changes, well-known
manifests, MCP server work, JSON-LD and Schema fixes. The improvement
is verifiable against the audit baseline in the next scan.

MCP server design. On request. Read-only discovery tools and
streamable HTTP transport. No auth surface and no logging by default.
The endpoint stays readable for agents and does not turn into an
abuse vector.

Internal workshops. On request, async-first. Recorded session or
written guide. Topics include how scanners read your site, what x402
and AP2 actually require in practice, and how to keep agent-readiness
intact after the audit period ends.

Who I am

The work is done by one person under a registered company. My

background is engineering: measurement, testing, and reducing

things to what actually matters. I have worked in international

companies for years, moved from general security work into

agent-readiness, and kept only the tools and methods that hold up

in daily client work.

The reason this service exists is narrow on purpose. Agent-readiness

is a measurable property of a site, an API, or a product surface.

Either the scanners read it higher next week than this week, or they

do not. That is the question I answer.

Ready to see where your site or API stands? Two scans, one report, a prioritized fix list. The baseline is measured before any work begins, and the same scanners read the result after. Async-only engagement. No calls and no calendar links. The first reply lands in writing within one business day.

Contact me

Written contact only. Email for longer messages, Signal for short

questions. The first reply is in writing within one business day.

No calls and no calendar links at any stage of the engagement.