AgentReady public method

Static readiness rules for agent-facing OpenAPI and MCP contracts.

AgentReady checks whether contracts expose clear, bounded and reviewable tools before autonomous agents can use them. It is a pre-deployment static analysis method, not a runtime control plane.

InputOpenAPI or MCP contract
AnalysisStatic rules, score, policy gate
Outputagentready.json and Markdown report

Canonical definition

What AgentReady is

AgentReady is a static readiness gate for agent-facing contracts. It inspects OpenAPI operations and MCP tool definitions before deployment and reports structural risks that could make an agent choose, parameterize or execute a tool incorrectly.

The current reference implementation runs locally in the browser scanner, npm CLI and GitHub Action. It does not require a TimeProofs account, a hosted scanner, API upload or secrets for Community use.

What AgentReady is not

  • Not a runtime firewall, gateway or IAM system.
  • Not a live API, live MCP server or LLM evaluator.
  • Not a security certification or compliance certificate.
  • Not a guarantee that an AI agent will never fail.
  • Not a claim of recognition by any formal standards body.
Source scopeOpenAPI and MCP
Current contractagentready.json v0.1
Rule namespaceAR001-AR010
Runtime boundaryNo live execution

Reference implementation relationship

Method, rules and implementation are separate surfaces.

The public method defines the vocabulary, result contract and governance expectations. The current scanner is the reference implementation that applies those rules to static OpenAPI and MCP inputs. The CLI, browser scanner and GitHub Action are distribution paths for that implementation.

Diagram showing contracts flowing through static AgentReady rules to reports, CI policy and remediation.

Normative public sources

Rule identifiers, agentready.json v0.1, policy semantics, namespace ownership and change control are the stable public surfaces for this foundation.

Rule codes

Explanatory material

Examples, report walkthroughs and resource guides explain how to use the method without adding rule semantics or changing scanner behavior.

Examples

Governance boundary

Rule changes require recorded review and change control. No public page may invent a standards body, certification authority or official global-standard status.

Governance resources

Limitations that remain in scope

TimeProofs AgentReady does not guarantee that an AI agent will never fail. It identifies structural risks that may cause AI agents to misuse APIs, tools or MCP servers.

Runtime behavior, dynamically constructed capabilities, live authorization policy, production data boundaries and human operating discipline may not be detectable from a static contract. Passing AgentReady is useful evidence for release review, but it is not a complete safety proof.