Select Page

A Retainer Service Built for the Age of Ai Search

CA-Canon is an open protocol that converts a micro business's Google reviews and contact data into a deterministic, machine-readable identity layer — one that AI crawlers can trust, verify, and use to recommend the business to local users.

It's a legitimate technical service you can offer to existing clients, bill as an ongoing retainer, and deliver with tools you already know.

What the Problem Actually Is

LLMs answering local service queries — "find me a plumber in Sandton," "who's a good driving instructor near me" — need structured, trustworthy data to make recommendations. Standard business websites don't provide this. Reviews are behind JavaScript. Contact details are buried in footer HTML. Content varies depending on who's crawling. SEO plugins inject metadata that contradicts itself.

The result is that a micro business with five years of genuine five-star reviews is effectively invisible to an AI assistant making a local recommendation, because the data it would need to make that recommendation is neither structured nor verifiable.

CA-Canon solves this at the infrastructure level.

What CA-Canon Actually Is

CA-Canon installs a small set of static, structured files in the .well-known directory of a client's website. These files expose:

  • A machine-readable identity record with the business name, service area, and verified contact details

  • An append-only series of review snapshots in flat CSV format, timestamped by date

  • A canonical index that declares every artifact, its SHA-256 hash, and a log of every validation checkpoint

  • A discovery layer via robots.txt and sitemap so AI crawlers find the canon without guessing

The serving rules are strict: every file returns HTTP 200, identical content regardless of user agent, no redirects, no authentication, no dynamic rendering. This is what "deterministic" means in this context — the same byte-for-byte response to Googlebot, GPTBot, ClaudeBot, and a standard browser.

The Checkpoint Model

Once the canon is live, maintenance is a periodic checkpoint procedure. You freeze a UTC timestamp, pull the current Google reviews into a new dated CSV, hash each artifact, update the index, append the new entries to the sitemap, run a validation suite across multiple user agents, and publish a validation log that itself becomes part of the canon record.

No prior entries are ever overwritten or removed. The canon is longitudinal — it records what was observable at each point in time. This append-only discipline is what gives the record its integrity.

The checkpoint also explicitly verifies contact invariants: the WhatsApp URL must return a 200 response, the E.164 phone number must match across all identity artifacts, and the contact.json hash must match what's declared in the index. A business that quietly changes its number without updating the canon fails the checkpoint — which matters because a broken contact recommendation is worse than no recommendation.

The Retainer Argument

The technical work per checkpoint is not large. What you are charging for is custodianship — the discipline of running the procedure correctly, on schedule, and maintaining a record that accumulates value over time.

The longer a client stays on the retainer, the more valuable their canon becomes. A three-year verified history of reviews, checkpoints, and validation logs is a genuine asset that a competitor who signed up last month cannot replicate. That's a switching cost that works in your favour as the service provider.

Pricing tiers map naturally to checkpoint frequency:

  • A quarterly checkpoint is a basic maintenance package

  • Monthly is a premium tier

  • Initial setup is a one-time project fee before the retainer begins

The validation log and hash anchoring give you a deliverable you can show the client after each checkpoint — not just "I updated your site" but a timestamped, signed record of what was verified and when.

Section: The Technical Stack

If you manage WordPress sites, you already have everything you need. The canon files are static — plain text, JSON, and CSV. They live in .well-known/ca-canon/ and are served directly by Apache or Nginx. The .htaccess configuration for caching and headers is straightforward. The validation suite is a set of curl commands that any developer can run from a terminal.

The v2.0 protocol adds SHA-256 hash anchoring directly inside index.json, optional external anchoring via a public GitHub commit (recommended for routine checkpoints), and explicit contact integrity verification at every checkpoint. These are the steps that move the system from "structured data" to "tamper-evident infrastructure."

Full build documentation is available covering every phase from initial environment setup through periodic attestation, including the complete validation suite.

Why Now

AI-assisted local search is not a future trend. It's the current behaviour of a growing share of users who ask an assistant rather than type a query. The businesses that have verifiable, machine-readable identity records in place when those queries are being answered will have a structural advantage over those that don't.

CA-Canon is designed to be implementable today, on infrastructure that already exists, by developers who already manage client websites. The protocol is open. The tooling is standard. The opportunity is in the custodianship.

Closing / CTA

The full technical documentation for CA-Canon is available here. If you want to discuss implementation or licensing the service under your own offering, get in touch.