Wrong tool
Agents may select the wrong operation when descriptions and usage boundaries are too vague.
Fail the build before unsafe agent-facing APIs or MCP tools are deployed.
OpenAPI operations and MCP tools need explicit boundaries before deployment: when to use them, when not to use them, which values are allowed, what requires confirmation, and how recovery should work.
Agents may select the wrong operation when descriptions and usage boundaries are too vague.
Refunds, deletes, emails, exports, and publishing flows need limits and confirmation rules.
Without a CI policy, risky tool surfaces can merge before anyone reviews the agent behavior.
AgentReady is more than a page-level scan. It creates artifacts a team can discuss in pull requests and keep as release evidence.
Agent-facing contracts can look valid while still giving autonomous tools the wrong path, missing guardrails, or too much reach.
Money movement should show intent, amount, customer, and explicit approval before execution.
Destructive account actions need clear confirmation, blocked states, and recovery behavior.
Outbound messaging needs recipient validation, preview, and a bounded sending flow.
Internal callbacks should not become general tools without purpose, scope, and safety notes.
Broad read tools need scoped parameters, output limits, and sensitive-data boundaries.
The central product path is the CI Gate. Browser scans remain useful for quick local review, sample reports, and preparing a contract before adding automation.
Check an OpenAPI JSON/YAML file or MCP tools JSON locally before agents use it.
Apply a policy such as --min-score 75 --fail-on critical in CI.
Keep the Markdown report and agentready.json as reviewable release artifacts.
OpenAPI or MCP tools JSON -> AgentReady analysis -> AgentReady Score -> risk findings -> recommended fixes -> human report -> agentready.json -> static scenario simulation -> agentready-simulation.json
Useful for API builders, MCP tool builders, platform teams, and AI agencies that need a release check before connecting agents to real actions.
AgentReady is not a penetration test and does not guarantee absolute safety. It identifies structural risks before deployment and leaves runtime enforcement to runtime systems.