Back to work

Agent-readiness OpenAPI linter2026

ToolSafe

ToolSafe turns an OpenAPI contract into concrete findings about destructive actions, weak schemas, missing guardrails, and agent-facing ambiguity.

Interface preview for ToolSafe, showing API checks and risk findings.

Details

  • Finds missing guards around destructive operations, risky mutations, weak schemas, missing error contracts, and underspecified behavior.
  • Offline-first CLI with JSON, Markdown, and SARIF reports for CI and GitHub code scanning.
  • Generates guard policy drafts and eval ideas from the source contract before MCP or tool wrappers are built.

Why it exists

Agent-facing APIs need a different review pass than human-only APIs. ToolSafe looks for the parts of an OpenAPI contract that become risky once an autonomous caller can invoke them repeatedly and quickly.

Product shape

The CLI is designed to be deterministic and CI-friendly. It produces human-readable findings for review, structured output for automation, and SARIF for code scanning workflows.

Engineering focus

The core challenge is translating vague API risk into repeatable rules. The analyzer favors explicit checks and explainable findings over magic scoring, so teams can fix the contract instead of debating the tool.