|
| 1 | +# Adopter Guide |
| 2 | + |
| 3 | +## Purpose |
| 4 | + |
| 5 | +This guide helps maintainers try the Agentic Enterprise Readiness Profile in their own repository without adopting the whole framework at once. |
| 6 | + |
| 7 | +The profile is not a certification. It is a way to expose evidence for agentic AI repositories that need clearer review around agent instructions, tool/action boundaries, human approval, identity, auditability, OSS fallbacks, and validation. |
| 8 | + |
| 9 | +## Minimal Adoption Path |
| 10 | + |
| 11 | +Start with three files: |
| 12 | + |
| 13 | +1. `AGENTS.md` |
| 14 | +2. `docs/AGENTIC_BOUNDARY_MODEL.md` |
| 15 | +3. `agentic-readiness.json` |
| 16 | + |
| 17 | +Then add these as the repository matures: |
| 18 | + |
| 19 | +- `CONTRIBUTING.md` |
| 20 | +- `SECURITY.md` |
| 21 | +- `GOVERNANCE.md` |
| 22 | +- `ROADMAP.md` |
| 23 | +- validation evidence |
| 24 | +- threat model |
| 25 | +- observability or audit model |
| 26 | +- OSS/self-hosted fallback notes |
| 27 | + |
| 28 | +## Step 1: Add AGENTS.md |
| 29 | + |
| 30 | +Document how AI coding agents and human contributors should work in the repository. |
| 31 | + |
| 32 | +Include: |
| 33 | + |
| 34 | +- safe edit boundaries |
| 35 | +- validation commands |
| 36 | +- secret-safety rules |
| 37 | +- human review expectations |
| 38 | +- AI assistance disclosure expectations |
| 39 | + |
| 40 | +## Step 2: Add Boundary Model |
| 41 | + |
| 42 | +Copy: |
| 43 | + |
| 44 | +- `templates/AGENTIC_BOUNDARY_MODEL.md` |
| 45 | + |
| 46 | +Fill in: |
| 47 | + |
| 48 | +- high-risk action boundary |
| 49 | +- actors |
| 50 | +- identity boundary |
| 51 | +- tool/action boundary |
| 52 | +- human approval gates |
| 53 | +- audit events |
| 54 | +- local proof path |
| 55 | +- OSS/self-hosted fallbacks |
| 56 | + |
| 57 | +## Step 3: Add agentic-readiness.json |
| 58 | + |
| 59 | +Use the schema: |
| 60 | + |
| 61 | +- `schema/agentic-readiness.schema.json` |
| 62 | + |
| 63 | +Minimal example: |
| 64 | + |
| 65 | +```json |
| 66 | +{ |
| 67 | + "schema": "https://github.com/kmishra1204/agentic-enterprise-readiness-profile/schema/agentic-readiness.schema.json", |
| 68 | + "generatedAt": "2026-07-05T00:00:00Z", |
| 69 | + "maintainer": "Example Maintainer", |
| 70 | + "repository": "https://github.com/example/repo", |
| 71 | + "product": "Example Agentic Repository", |
| 72 | + "domain": "Agentic workflow or tool governance", |
| 73 | + "independentStatus": "Independent project; no endorsement claimed.", |
| 74 | + "profileLevel": 2, |
| 75 | + "profileLevelMeaning": "Agentic readiness evidence started", |
| 76 | + "readinessScore": { |
| 77 | + "score": 8, |
| 78 | + "max": 15 |
| 79 | + }, |
| 80 | + "flagship": false, |
| 81 | + "aaifAdjacentThemes": [ |
| 82 | + "AGENTS.md", |
| 83 | + "MCP-style tool boundaries", |
| 84 | + "human approval", |
| 85 | + "audit events" |
| 86 | + ], |
| 87 | + "publicContributionTheme": "Document and validate agent/tool boundaries.", |
| 88 | + "validationCommands": { |
| 89 | + "test": "npm test" |
| 90 | + }, |
| 91 | + "evidence": { |
| 92 | + "README.md": true, |
| 93 | + "AGENTS.md": true, |
| 94 | + "docs/AGENTIC_BOUNDARY_MODEL.md": true |
| 95 | + } |
| 96 | +} |
| 97 | +``` |
| 98 | + |
| 99 | +## Step 4: Score Conservatively |
| 100 | + |
| 101 | +Use: |
| 102 | + |
| 103 | +- `docs/SCORING_GUIDE.md` |
| 104 | + |
| 105 | +Rules: |
| 106 | + |
| 107 | +- Score only public evidence. |
| 108 | +- Treat missing evidence as incomplete. |
| 109 | +- Treat blocked runtime proof as a blocker, not a pass. |
| 110 | +- Do not claim production readiness from documentation alone. |
| 111 | +- Do not claim AAIF/Linux Foundation affiliation from profile adoption. |
| 112 | + |
| 113 | +## Step 5: Ask For Review |
| 114 | + |
| 115 | +Open a public issue using: |
| 116 | + |
| 117 | +- `.github/ISSUE_TEMPLATE/adoption_review.md` |
| 118 | + |
| 119 | +Ask reviewers: |
| 120 | + |
| 121 | +- Are the action boundaries clear? |
| 122 | +- Are approval gates realistic? |
| 123 | +- Are audit events useful? |
| 124 | +- Are OSS fallbacks practical? |
| 125 | +- Is the profile level too high, too low, or justified? |
| 126 | + |
| 127 | +## Good Candidate Repositories |
| 128 | + |
| 129 | +The profile is most useful for repositories that include: |
| 130 | + |
| 131 | +- agents that call tools |
| 132 | +- MCP servers or clients |
| 133 | +- coding agents |
| 134 | +- workflow agents |
| 135 | +- support or knowledge agents |
| 136 | +- identity or policy agents |
| 137 | +- sandboxed execution |
| 138 | +- human approval loops |
| 139 | +- production-readiness claims |
| 140 | + |
| 141 | +## Poor Candidate Repositories |
| 142 | + |
| 143 | +The profile is likely too heavy for: |
| 144 | + |
| 145 | +- tiny demos |
| 146 | +- pure libraries with no agent/tool boundary |
| 147 | +- private/internal-only projects |
| 148 | +- projects that cannot expose any evidence publicly |
| 149 | + |
| 150 | +## Anti-Claims |
| 151 | + |
| 152 | +Adopting the profile does not mean: |
| 153 | + |
| 154 | +- production-ready |
| 155 | +- enterprise-certified |
| 156 | +- AAIF project |
| 157 | +- Linux Foundation project |
| 158 | +- endorsed by any foundation |
| 159 | +- externally adopted without proof |
| 160 | + |
| 161 | +## Feedback |
| 162 | + |
| 163 | +Share feedback here: |
| 164 | + |
| 165 | +- https://github.com/kmishra1204/agentic-enterprise-readiness-profile/discussions/3 |
0 commit comments