Permissions
AMES gives publishers a standardized, machine-readable way to express how automated systems may use their content. It communicates intent; it does not enforce it. AMES does not prevent retrieval, determine whether a use is lawful, or compel a consuming system to honor a declaration. Publishers remain responsible for technical controls, contractual terms, and legal remedies where needed.
Where Permissions Are Declared
Section titled “Where Permissions Are Declared”Page-level AMES permissions are declared in the HTML source and repeated in the Agent Exchange document when one is published.
- In the canonical HTML page, permissions appear in a
<meta name="ames-policy">element in the document<head>. - In the
.ax.mdtranslation, if one exists, the same permission state appears in the manifest Permissions block.
The two declarations use different syntax but must communicate the same policy.
For example, the HTML declaration uses the compact four-position tuple:
The corresponding manifest declaration expands the tuple into named fields:
The manifest declaration must not contradict the policy stated in the canonical HTML page. Keeping the two in agreement is the publisher’s burden, and a stale translation is a live declaration: a consuming system may rely on whichever declaration it retrieves. A translation that no longer reflects the canonical page’s permissions should be updated or withdrawn.
A publisher using a custom permissions policy follows the same principle: the HTML declaration identifies the custom state and notice, and the manifest repeats the corresponding declaration when an Agent Exchange document is published.
The Site-Level Declaration
Section titled “The Site-Level Declaration”AMES also recommends publishing the standard site declaration at:
A site using AMES native permissions should copy the prescribed ames-ai.txt declaration verbatim, changing only the publisher-specific field values, rather than rewriting, summarizing, or customizing its explanatory language. The notice language is written to work with the rest of the AMES permissions framework.
The file provides automated systems with a stable, predictable discovery point for the AMES implementation and its site-level policy. It may also establish the default permissions applicable when a valid page-level declaration is absent.
Site-level declarations do not replace page-level HTML permissions. The HTML declaration communicates the policy applicable to the particular page, while ames-ai.txt provides site-wide discovery and fallback information.
A complete ames-ai.txt file is in the Permissions-Only Deployment example.
AMES Native Permissions
Section titled “AMES Native Permissions”The native AMES framework expresses permissions through four actions in a fixed order:
Each position is assigned:
1to allow the use; or0to deny the use.
All four positions must be present. A partial tuple, such as 1/1/0, is invalid.
The permissions are independent. Allowing one action does not imply permission for any other action.
index: Search Indexing
Section titled “index: Search Indexing”Expresses the publisher’s permission for transient reproduction and processing for traditional search indexing intended to route users to the source page.
In practice this is classic search: a crawler indexes the page so a results page can send readers to it.
This includes ordinary search-engine indexing and the generation of snippets, previews, or other navigational text or images associated with a search result.
AMES describes conduct, not actors. Indexing that routes users to the source page falls under index regardless of the technology behind it, including AI-assisted search. What is sometimes loosely called indexing but is actually persistent storage or model training belongs to store and train.
The index declaration should agree with the site’s robots.txt posture. A publisher that blocks search crawlers while declaring index: 1, or invites them while declaring index: 0, is sending conflicting signals.
ephemeral: Synthesize and Discard
Section titled “ephemeral: Synthesize and Discard”Expresses the publisher’s permission for retrieval in response to an immediate, specific user request, including tool-mediated retrieval and live agentic browsing.
In practice this is a chat assistant fetching the page to answer one user’s question in the moment, then letting it go.
A system may excerpt, summarize, or synthesize the content for that request, provided it supplies meaningful citation and does not retain the content beyond the lifecycle of the request.
This permission does not extend to systematic, scheduled, or speculative retrieval, or to corpus-building.
store: Synthesize and Retain
Section titled “store: Synthesize and Retain”Expresses the publisher’s permission for persistent retention and processing of the content across multiple requests.
In practice this is an answer engine: a system that keeps a copy of the content so it can answer future questions without returning to the page.
This includes ingestion into retrieval systems, databases, knowledge stores, or similar systems that preserve the content for later use. Persistence is the dividing line between ephemeral and store.
train: Model Development
Section titled “train: Model Development”Expresses the publisher’s permission to extract and use the content for text and data mining associated with machine-learning model development.
In practice this is foundational model training: the content becomes part of the data a model learns from.
This includes training, fine-tuning, validation, benchmarking, and evaluation.
Example Native Policy
Section titled “Example Native Policy”This declaration expresses the publisher’s permission for search indexing and request-specific retrieval while withholding permission for persistent storage and model development.
Custom Permissions
Section titled “Custom Permissions”Publishers are not required to use the AMES native permissions framework.
A publisher that governs automated use through existing terms of service, an enterprise licensing framework, a rights statement, or another permissions policy may use the custom form.
A custom declaration makes no native AMES permission grant. It directs automated systems to the governing terms through a standardized machine-readable pointer.
A notice, when supplied, must be an absolute URL. Free-form policy text is not valid in place of the URL.
A page declaring custom permissions is in the Permissions-Only Deployment example.
Permissions and robots.txt
Section titled “Permissions and robots.txt”AMES and robots.txt operate at different layers.
robots.txtcommunicates whether identified crawlers may access specified resources.- AMES communicates what automated uses the publisher authorizes after content has been accessed.
A crawler may be permitted to retrieve a page while some downstream uses remain denied. Conversely, an AMES permission declaration does not override a crawler restriction imposed through robots.txt.
Publishers may use both systems, together with authentication, rate limiting, contractual terms, licensing arrangements, or other controls appropriate to their objectives.
The Permissions Cascade
Section titled “The Permissions Cascade”AMES resolves permissions from the most specific valid declaration to the broadest applicable valid declaration:
Zone overrides Page. Page overrides Site.
- Site level (
ames-ai.txt): Establishes the applicable site-level default for the host on which it is served. - Page level (HTML
<head>): A valid<meta name="ames-policy">declaration establishes the page-level policy and overrides the site-level default. - Zone level (
data-ames-policy): A validdata-ames-policydeclaration overrides the page-level native policy for the structural element on which it appears.
Constraint on Zone Overrides
Section titled “Constraint on Zone Overrides”A zone-level override is defined relative to a page-level native baseline.
For example:
This override is valid only when the page carries a valid page-level AMES native permission declaration.
A zone-level override cannot be used when:
- the page relies only on the site-level default; or
- the page uses a
custompolicy.
This requirement gives each zone-level variation an explicit, locally discoverable page-level baseline.
Because AMES zone markers operate as waypoints in the translated sequence, a zone-level override must be placed directly on each structural element to which it applies. It does not cascade through later structural markers in the manner of a CSS rule.
A worked page with a zone-level override is in the Zone-Level Permission Override example.
Rights and Limitations
Section titled “Rights and Limitations”An AMES permission declaration expresses the uses authorized by the publisher. It does not transfer ownership, waive copyright or moral rights, or authorize conduct beyond the uses expressly permitted by the applicable declaration.
In particular, a train: 1 declaration is not a transfer of copyright, a waiver of copyright or moral rights, or a general license to reproduce, distribute, display, or create derivative works beyond the training-related uses described by the declaration. Any broader use remains subject to the publisher’s rights and any applicable law, license, or agreement.
AMES permissions apply only to material over which the publisher has authority to grant the stated permissions. They do not independently grant rights in third-party media, stock photography, executable code, embedded resources, or other separately licensed material displayed or referenced on the page.
Publishers should ensure that their declarations accurately reflect both their intended policy and the rights they hold in the affected content.