Public documentation

Make tools ready before AI agents use them.

TimeProofs AgentReady analyzes OpenAPI specs before agent exposure. It produces a score, findings, a human report, and a machine-readable agentready.json.

Scan an OpenAPI spec View examples

Input

OpenAPI 3.0 / 3.1 in JSON or YAML.

Analysis

Static local checks for agent-facing clarity, risk boundaries, parameters, errors, and dangerous actions.

Output

AgentReady Score, recommendations, Markdown report, printable report, and agentready.json.

Core product flow

OpenAPI JSON/YAML
→ AgentReady analysis
→ AgentReady Score
→ endpoint findings
→ recommended fixes
→ agentready.json
→ human report

What AgentReady checks

Unclear operation names.
Ambiguous descriptions.
Missing “when to use” guidance.
Missing “when not to use” limits.
Unbounded numeric parameters.
Missing enums for closed fields.
Dangerous actions without human confirmation.
Irreversible actions.
Non-corrective error responses.
Sensitive data exposure and broad permissions.

What AgentReady is not

Not a runtime firewall.
Not a broad AI security platform.
Not a guarantee that agents will never fail.
Not a replacement for authorization or runtime controls.
Not an MCP marketplace.

Score statuses

85-100 : AgentReady
70-84  : Minor fixes
50-69  : Needs fixes
0-49   : Not AgentReady

agentready.json

agentready.json is the machine-readable contract generated from the scan. It gives agents, platforms, or future runtime layers a structured view of tool risks and execution boundaries.

{
  "agentready_version": "1.0",
  "summary": {
    "score": 72,
    "status": "Needs fixes"
  },
  "tools": [
    {
      "operation_id": "refundCustomer",
      "action_type": "REFUND",
      "risk_level": "critical",
      "requires_human_confirmation": true,
      "detected_risks": ["dangerous_action_without_confirmation"]
    }
  ]
}

Privacy and safety

The scanner runs locally in the browser.
Submitted API endpoints are not called.
No backend is required for the current V1 scanner.
The tool identifies structural risks, not absolute safety.

TimeProofs AgentReady does not guarantee that an AI agent will never fail. It identifies structural risks that may cause AI agents to misuse APIs, tools or MCP servers.