Sample output

Preview what a client receives from AgentReady.

This sample shows the score, top risks, endpoint findings, recommended fixes, Markdown report, and agentready.json contract produced by TimeProofs AgentReady. It is illustrative, not a real scan of your API.

AgentReady Score

One readiness score with status, severity counts, and a clear signal for whether the contract needs fixes before agent exposure.

Top Risks

A short list of the most important risks, including dangerous actions, missing confirmation, unsafe parameters, and weak recovery paths.

Endpoint Findings

Endpoint or tool-level findings with action type, severity, detected risk codes, and practical context for engineering review.

Recommended Fixes

Concrete suggestions for confirmation wording, parameter bounds, output schemas, status fields, blocked reasons, and corrective errors.

agentready.json

A machine-readable readiness contract for gates, checklists, and static simulations.

Markdown report

A human-readable report for product, engineering, security, or launch review.

62

Sample AgentReady Score

Status: Needs fixes before agent exposure

This example API contains useful structure, but it also exposes risky actions that are not clearly bounded for AI agents.

2Critical
4High
7Medium
9Low

Executive summary

The API should not be exposed directly to autonomous agents until refund, deletion, and customer export actions have stronger constraints and explicit confirmation rules.

The strongest risks are not syntax problems. They are agent-behavior problems: unclear action boundaries, dangerous operations, missing confirmation, and insufficient recovery guidance.

Top findings

POST /refundscriticalrefund

Refund action is available without a clear human confirmation requirement.

Recommendation: require explicit confirmation, amount validation, customer identity verification, and a reversible review step.

DELETE /files/{id}criticaldelete

Irreversible deletion action lacks clear preconditions and recovery guidance.

Recommendation: add confirmation, safe-mode behavior, ownership validation, and a clear error response when deletion is blocked.

GET /customers/exporthighsensitive data

Customer export can expose sensitive data without enough scope limitation.

Recommendation: require narrow filters, permission checks, export purpose, destination validation, and audit logging.

Generic 500 errorsmediumrecovery

Error responses do not tell an agent what to correct or what not to retry.

Recommendation: add corrective error messages, non-retry guidance, and structured error codes.

Recommended action plan

  1. Add human confirmation rules for refund and deletion actions.
  2. Bound numeric parameters such as refund amount and export limits.
  3. Add enums for closed fields such as status, reason, and format.
  4. Improve descriptions with “when to use” and “when not to use”.
  5. Add corrective error responses for agent recovery.
  6. Run a static simulation scenario before exposing the tool to agents.

Sample agentready.json

This is the machine-readable deliverable for downstream gates, checklists, and static simulations. The Markdown report is the human-readable companion for engineering and product review.

{
  "agentready_version": "1.0",
  "source_type": "openapi",
  "summary": {
    "score": 62,
    "status": "Needs fixes",
    "risk_counts": {
      "critical": 2,
      "high": 4,
      "medium": 7,
      "low": 9
    }
  },
  "tools": [
    {
      "operation_id": "refundCustomer",
      "risk_level": "critical",
      "requires_human_confirmation": true
    }
  ]
}

Markdown report

The customer receives a concise human report with score, status, top risks, recommended fixes, limitations, and endpoint or tool details.

agentready.json

The customer receives a machine-readable contract with action types, risk levels, confirmation requirements, detected risks, allowed/forbidden usage, failure modes, and recommendations.

Next actions

The report points to practical fixes such as confirmation flow wording, parameter bounds, output schemas, status fields, blocked reasons, and corrective errors.

What this sample proves

AgentReady is not only checking whether a schema is valid. It checks whether the tool surface is clear enough, bounded enough, and explicit enough for AI agents to use safely before live execution.

AgentReady is not a penetration test and does not guarantee absolute safety. It is a static readiness scanner for agent-facing contracts.