Skip to content
Agent-facing contract readiness

APIs and MCP tools written for humans can be unsafe for autonomous agents.

AgentReady is a static readiness gate for OpenAPI and MCP contracts. It looks for ambiguous, destructive or overbroad tool surfaces before they reach a browser scan, CLI run or GitHub CI gate.

AgentReady Community available for free No account or backend required AgentReady Pro planned, not purchasable
Reproducible OpenAPI exampleagentready-examples/commercial/openapi-refund-risk.bad.json
54
AgentReady Score
Policy FAIL
1Critical
4High
6Medium
0Low
AR001_UNBOUNDED_WRITE_ACTION

A refund operation can change state without a clear confirmation boundary or bounded rollback path.

node bin/agentready.js scan openapi agentready-examples/commercial/openapi-refund-risk.bad.json --min-score 75 --fail-on critical

Fixed fixture comparison: openapi-refund-risk.fixed.json returns score 84 and policy PASS with the same engine.

Product

Use browser scanners for quick local review, the npm CLI for repeatable local checks, and the public GitHub Action for repository gates.

CLI path: npx @timeproofs/agentready@alpha

View product overview

Public method

AgentReady publishes stable AR001-AR010 rule codes, severity and policy semantics, and an agentready.json v0.1 output contract. The browser scanner, CLI and GitHub Action are reference implementations of that method.

Read the public method

Rules and governance

Review the public rule catalogue, limitations, versioning and change-control boundaries before adopting AgentReady in CI or release review.

Open AR001-AR010

From first scan to CI adoption.

Start with a local contract, inspect the findings, then run the same static checks in CI with minimum permissions.

Scan locally

OpenAPI JSON/YAML and MCP tool JSON stay in the browser or local CLI.

Read outputs

Review score, severity, rule codes, Markdown and agentready.json.

Gate changes

Use the GitHub Action with contents: read and immutable pinning.

Limitation: TimeProofs AgentReady does not guarantee that an AI agent will never fail. It identifies structural risks that may cause AI agents to misuse APIs, tools or MCP servers. AgentReady performs static analysis of agent-facing OpenAPI and MCP contracts. Runtime behavior and dynamically constructed capabilities may not be detectable.