Gaps. Discovery works, but trust does not.

Aesop scores 47 out of 100, landing squarely in the Gaps band, and the diagnosis is unusually clean: the catalog itself is well-structured for machines, but the surrounding infrastructure (checkout, trust, policy) is either locked behind edge protection or simply absent. An agent arriving at aesop.com can read the products. It cannot buy them, verify the merchant, or understand the return terms. For a brand that has spent decades curating a sensory retail experience, the agent-facing equivalent is a locked door with a beautifully labeled window. The most expensive failure is transactability, where Aesop forfeits 14 of 17 available points. The root cause is visible in the evidence: https://aesop.com/cart and https://aesop.com/checkout both return 403, as do /terms, /privacy, and /about on the apex domain. The scanner observed a 23 percent block rate across 30 fetches, with the apex domain itself returning 403 to a standard request. The merchant verifiability classifier captured the symptom precisely, returning the quote "Just a moment... Enable JavaScript and cookies to continue." Aesop is running aggressive bot mitigation on its primary surfaces while leaving regional Shopify subdomains (malaysia.aesop.com, thailand.aesop.com) open. Agents do not negotiate with challenge pages. The Shop Pay, Apple Pay, and Google Pay rails detected on product pages are wasted infrastructure if the cart endpoint refuses the agent that found them. The second consequential gap is trust signaling, where Aesop loses 8 of 10 points. There is no /returns page reachable, no homepage link to one, no Trustpilot or Yotpo or Bazaarvoice presence detected across eleven checked review platforms, no aggregate rating markup anywhere in the sample, and no extractable business name or address because the apex domain blocked the classifier. A luxury brand banking on reputation is invisible to the systems that now mediate reputation. The 5.3 full credit for price consistency is genuine, but it is a small consolation. Third, agent-native content underperforms relative to what Aesop clearly knows how to write. Specification completeness scored 2 of 4 with seven high-signal hits out of nine, and conversational descriptions captured strong copy like the Aurner notes and the Aposē lamp specifications. But decision-support metadata only landed one high-signal page, delivery dates are entirely unstructured ("Complimentary Shipping on all orders" is not an ETA), and price validity windows are absent across all nine sampled products. The content team is writing for humans beautifully and for agents accidentally. Fourth, structured product attributes scored 0 of 6 despite full credit on Product plus Offer schema. Only four of nine sampled URLs surfaced two or more structured attributes, and zero pages used labeled attribute markup. The JSON-LD says "this is a product with a price." It does not say "this is a 100mL toner suited to oily skin." That distinction is the difference between being indexed and being recommended. Finally, the missing sitemap.xml (403 at https://aesop.com/sitemap.xml, despite robots.txt declaring https://www.aesop.com/sitemap_index.xml) and absent llms.txt and ai-plugin.json round out the discoverability erosion. The single highest-leverage move is to whitelist verified agent traffic on the apex cart, checkout, and policy pages, because every other fix compounds only after agents can actually transact.