Agent-Ready Storefront
Use this guide when making a storefront useful to crawlers, LLMs, and shopping agents.
Prerequisites
Section titled “Prerequisites”- Product pages render visible product, price, availability, and variant state.
ProductStructuredData.astrois copied or implemented for JSON-LD.- The host can serve root
llms.txtand/.well-known/mika-agent.json. - Protected tool surfaces are not public until host auth, confirmation, idempotency, and provider policy exist.
Start with public metadata:
- visible HTML product content;
- matching
ProductorProductGroupJSON-LD; - accurate price, availability, variants, and seller identity;
- root
llms.txt; /.well-known/mika-agent.jsonwith public descriptors only.
Protected agent tools come later. OAuth, policy, confirmations, payment credentials, payment rails, request signatures, webhooks, settlement, tax, shipping, compliance, and final production services are host-owned.
Public Metadata Checklist
Section titled “Public Metadata Checklist”- Product HTML, JSON-LD, and visible availability agree.
llms.txtdescribes public reads and protected boundaries./.well-known/mika-agent.jsonincludes public descriptors only.- Protected cart, checkout, account, admin, and payment flows are summaries, not runnable public tools.
- Any ACP, MCP, OpenAPI, UCP, AP2, MPP, or x402 surface is mounted by host-owned infrastructure.
Public Agent Manifest
Section titled “Public Agent Manifest”Serve /.well-known/mika-agent.json from the public descriptors only:
import { createMikaAgentManifest } from "@bnomei/emdash-mika/agent";import type { APIRoute } from "astro";
export const GET: APIRoute = () => Response.json(createMikaAgentManifest({ include: ["public"] }));createMikaAgentManifest() is a descriptor source, not a tool server: it does not publish protected mutation routes, validate OAuth, verify AP2 mandates, run MCP, or process payments. Public agent reads are only catalog.sellables and stock.availability; trusted projections like cart.quote and checkout.preview stay behind host auth. The ⓐ copyable Astro manifest endpoint also adds routeBasePath and protectedFlowSummaries to the response.
Verify
Section titled “Verify”Validate the public endpoint with a browser or curl before publishing:
curl http://localhost:4321/.well-known/mika-agent.jsoncurl http://localhost:4321/llms.txtThe manifest should list public read routes and summaries of protected flows, not runnable checkout/account/admin tools.
llms.txt
Section titled “llms.txt”src/pages/llms.txt.ts returns a plain-text surface index: the public reads, that browser mutations go through Astro Actions (not JSON routes), and that protected flows need host OAuth, policy, and provider wiring. Keep JSON-LD, llms.txt, and the manifest in agreement with the visible catalog.
Trusted Projections
Section titled “Trusted Projections”For protected agent integrations, treat Mika descriptors as source material. cart.quote, checkout.preview, and order.invoice are good early candidates because they can be placed behind host auth and confirmation before any payment handoff.
Protected protocol projections remain host-owned; Mika only supplies descriptors, ACP helpers, and optional provider adapters.
Next: Product JSON-LD shows the structured-data copy path. LLMs And Manifest shows the public metadata files. Agent Manifest lists exact manifest helpers.
Source Anchors
Section titled “Source Anchors”- ⓐ
../emdash-mika/src/templates/astro/examples/agent-ready-storefront.md - ⓟ
../emdash-mika/src/agent.ts - ⓟ
../emdash-mika/src/acp.ts - ⓐ
../emdash-mika/src/templates/astro/pages/.well-known/mika-agent.json.ts - ⓐ
../emdash-mika/src/templates/astro/pages/llms.txt.ts