AgentReady Score
One readiness score with status, severity counts, and a clear signal for whether the contract needs fixes before agent exposure.
This sample shows the score, top risks, endpoint findings, recommended fixes, Markdown report, and agentready.json contract produced by TimeProofs AgentReady. It is illustrative, not a real scan of your API.
One readiness score with status, severity counts, and a clear signal for whether the contract needs fixes before agent exposure.
A short list of the most important risks, including dangerous actions, missing confirmation, unsafe parameters, and weak recovery paths.
Endpoint or tool-level findings with action type, severity, detected risk codes, and practical context for engineering review.
Concrete suggestions for confirmation wording, parameter bounds, output schemas, status fields, blocked reasons, and corrective errors.
A machine-readable readiness contract for gates, checklists, and static simulations.
A human-readable report for product, engineering, security, or launch review.
Status: Needs fixes before agent exposure
This example API contains useful structure, but it also exposes risky actions that are not clearly bounded for AI agents.
The API should not be exposed directly to autonomous agents until refund, deletion, and customer export actions have stronger constraints and explicit confirmation rules.
The strongest risks are not syntax problems. They are agent-behavior problems: unclear action boundaries, dangerous operations, missing confirmation, and insufficient recovery guidance.
Refund action is available without a clear human confirmation requirement.
Recommendation: require explicit confirmation, amount validation, customer identity verification, and a reversible review step.
Irreversible deletion action lacks clear preconditions and recovery guidance.
Recommendation: add confirmation, safe-mode behavior, ownership validation, and a clear error response when deletion is blocked.
Customer export can expose sensitive data without enough scope limitation.
Recommendation: require narrow filters, permission checks, export purpose, destination validation, and audit logging.
Error responses do not tell an agent what to correct or what not to retry.
Recommendation: add corrective error messages, non-retry guidance, and structured error codes.
This is the machine-readable deliverable for downstream gates, checklists, and static simulations. The Markdown report is the human-readable companion for engineering and product review.
{
"agentready_version": "1.0",
"source_type": "openapi",
"summary": {
"score": 62,
"status": "Needs fixes",
"risk_counts": {
"critical": 2,
"high": 4,
"medium": 7,
"low": 9
}
},
"tools": [
{
"operation_id": "refundCustomer",
"risk_level": "critical",
"requires_human_confirmation": true
}
]
}
The customer receives a concise human report with score, status, top risks, recommended fixes, limitations, and endpoint or tool details.
The customer receives a machine-readable contract with action types, risk levels, confirmation requirements, detected risks, allowed/forbidden usage, failure modes, and recommendations.
The report points to practical fixes such as confirmation flow wording, parameter bounds, output schemas, status fields, blocked reasons, and corrective errors.
AgentReady is not only checking whether a schema is valid. It checks whether the tool surface is clear enough, bounded enough, and explicit enough for AI agents to use safely before live execution.
AgentReady is not a penetration test and does not guarantee absolute safety. It is a static readiness scanner for agent-facing contracts.