Inputs
file, type, min-score, fail-on and out. Type must be openapi or mcp.
Public Marketplace Action
The public Action wraps the same static CLI checks and writes score, status, report path and contract path outputs. It runs inside your workflow workspace and does not call TimeProofs services. No hosted scanner is required for Community CI usage.
Canonical workflow
contents: read.This workflow scans an OpenAPI file and fails when the selected policy fails. It requires checkout and Node.js 20, but no TimeProofs account, token, secret, hosted scanner or Pro purchase.
name: AgentReady
on: [pull_request]
permissions:
contents: read
jobs:
agentready:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- id: agentready
uses: BACOUL/timeproofs@agentready-action-v0.1.0-alpha.0
with:
type: openapi
file: ./openapi.json
min-score: '75'
fail-on: critical
out: agentready-output
The immutable tag is readable. The full SHA pins the exact published Action implementation commit recorded in governance evidence.
uses: BACOUL/timeproofs@d6634d0fbbe1fced510fc49d8871d52a3dc7f348
file, type, min-score, fail-on and out. Type must be openapi or mcp.
score, status, report-path and contract-path. Valid policy failures preserve generated outputs when the scan completes.
Exit code 1 means the scan was valid but policy failed. Use uploaded artifacts or workflow logs to review generated report paths.
No moving major tag is authorized for this alpha. The Marketplace listing is a distribution channel, not a GitHub security certification.
TimeProofs AgentReady does not guarantee that an AI agent will never fail. It identifies structural risks that may cause AI agents to misuse APIs, tools or MCP servers.
The Action performs static pre-deployment analysis. It is not a runtime firewall, IAM system, hosted scanner, audit or certification.
The public AgentReady Action can be pinned by immutable tag or full commit SHA and runs inside the consumer GitHub workflow. AgentReady is a product and candidate open standard for static pre-deployment analysis. It is not a runtime firewall, independent certification, official standards-body standard or guaranteed-safety system.