# Buyer Brief: Nexmoot Agent Readiness Report

Nexmoot gives a security, platform, or engineering team an evidence-backed readiness decision before an AI agent receives repository, tool, or workflow access.

## What The Customer Gets

- One Complete Agent Readiness Report for a single agent or repository scope, with Coding, MCP, Browser, and Memory represented as report sections when in scope.
- Redacted Evidence Packet JSON and JSONL as technical evidence attachments.
- Signed Trust Passport JSON and compact JWS when the evidence supports a passport.
- Explicit denial record when the evidence does not support access.
- SARIF findings for security and code-review workflows as importable attachments.
- OPA policy data and customer-owned enforcement recommendations as enforcement attachments.
- Enforcement mapping for IAM, CI, OPA, SIEM, reverse proxy, and runtime gateway handoff.
- Audit packet and delivery ZIP for internal review.

## What Problem It Solves

AI agents often request broad access before the customer has a durable proof record. Nexmoot records what was assessed, what evidence was captured, what restrictions were recommended, what failed, and what remains customer-owned.

The buyer question is:

> Can this agent receive access to our repository, tools, or workflow under auditable restrictions?

Nexmoot answers with scoped evidence, not a blanket certification.

## Current Offer

The current `4.9.0` market-entry offer is free for now and self-service. The customer signs in, submits assessment input, receives an automated self-service decision, and downloads the artifact set without a Nexmoot person, founder, partner, reseller, consultant, or third party participating in customer scoping, review, handoff, or delivery.

## Decision Outcomes

| Outcome | Meaning |
| --- | --- |
| `go` | Evidence supports restricted access under the recommended controls. |
| `limited-go` | Evidence supports narrower access only under explicit limits. |
| `no-go` | The requested authority should not be granted until recorded issues are resolved. |
| `human-approval` | Customer approval remains required before material agent actions. |

## Customer Responsibilities

The customer owns IAM, CI, OPA, SIEM, reverse proxy, runtime gateway, backup storage, host secret manager, legal review, compliance interpretation, and final enforcement.

Nexmoot does not replace those systems and does not claim that an agent is unrestricted, vulnerability-free, externally certified, or production-ready without limitations.

## First Pilot Success

The first free self-service pilot is successful when a customer can complete setup, submit one assessment, receive a signed Trust Passport or evidence-backed denial, download the artifacts, and explain how the recommendation maps to customer-owned controls.