Public Marketplace Action

Run AgentReady in GitHub Actions with read-only permissions.

The public Action wraps the same static CLI checks and writes score, status, report path and contract path outputs. It runs inside your workflow workspace and does not call TimeProofs services. No hosted scanner is required for Community CI usage.

Immutable tagagentready-action-v0.1.0-alpha.0
Full SHAd6634d0fbbe1fced510fc49d8871d52a3dc7f348
Minimum permissioncontents: read

Canonical workflow

Declare only contents: read.

This workflow scans an OpenAPI file and fails when the selected policy fails. It requires checkout and Node.js 20, but no TimeProofs account, token, secret, hosted scanner or Pro purchase.

name: AgentReady
on: [pull_request]
permissions:
  contents: read
jobs:
  agentready:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
      - id: agentready
        uses: BACOUL/timeproofs@agentready-action-v0.1.0-alpha.0
        with:
          type: openapi
          file: ./openapi.json
          min-score: '75'
          fail-on: critical
          out: agentready-output

Pin by full commit SHA when you need maximum precision.

The immutable tag is readable. The full SHA pins the exact published Action implementation commit recorded in governance evidence.

uses: BACOUL/timeproofs@d6634d0fbbe1fced510fc49d8871d52a3dc7f348

Inputs

file, type, min-score, fail-on and out. Type must be openapi or mcp.

Outputs

score, status, report-path and contract-path. Valid policy failures preserve generated outputs when the scan completes.

Policy failure

Exit code 1 means the scan was valid but policy failed. Use uploaded artifacts or workflow logs to review generated report paths.

Supply-chain boundary

No moving major tag is authorized for this alpha. The Marketplace listing is a distribution channel, not a GitHub security certification.

TimeProofs AgentReady does not guarantee that an AI agent will never fail. It identifies structural risks that may cause AI agents to misuse APIs, tools or MCP servers.

The Action performs static pre-deployment analysis. It is not a runtime firewall, IAM system, hosted scanner, audit or certification.

AgentReady at a glance

The public AgentReady Action can be pinned by immutable tag or full commit SHA and runs inside the consumer GitHub workflow. AgentReady is a product and candidate open standard for static pre-deployment analysis. It is not a runtime firewall, independent certification, official standards-body standard or guaranteed-safety system.

Availability
AgentReady Community is free and available. AgentReady Pro is planned and not purchasable.
Language
English is the current canonical language. No translated alternate route is published for this page.
Sources

AGENTREADY_MASTER_PLAN.mdGLOBAL_STANDARD_SITE_PROGRAM.mdSEO_GEO_AI_FIRST_REQUIREMENTS.mdSITE_COPY_GUIDE.mdaction.yml