$ man agent-prelaunch-audit
/agent-prelaunch-audit
PRICE / CALL
$0.08
USDC · base mainnet · scheme: exact
──────────────────────────────────────────────────────────────────────────────
NAME
agent-prelaunch-audit — ship-readiness check before you push an ai app live: agent due diligence and prelaunch audit in one call instead of six
SYNOPSIS
POST https://x402.agentutility.ai/agent-prelaunch-audit
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION
Ship-readiness check before you push an AI app live: agent due diligence and prelaunch audit in one call instead of six. Inspects deploy config, secret exposure, prompt-injection surface, dependency risk, and database migration risk, then rolls the result into one readiness view. Composite: one call runs deploy-config-risk + secrets-exposure-check + prompt-injection-surface + dep-risk-summary + db-migration-risk + production-readiness-score in parallel into {deploy_config, secrets, prompt_injection, dependencies, db_migration, readiness_score}. Send a repo ('owner/name') for a live scan, or any mix of config, deps, prompt, and sql; each maps to its matching check, so partial input still returns a partial verdict. Advisory and heuristic only, it flags patterns and never executes code. Use it as an ai app security check, a pre-deploy audit gate, or a ship-readiness score.
INPUT — request schema
| property | type | description | req? |
|---|
| repo | string | GitHub repo in 'owner/name' format to scan live instead of sending inline config/deps/prompt/sql. When present, all six checks run against the repo and the other fields are ignored. | optional |
| config | object | string | Deploy config to audit for open CORS, exposed admin ports, plaintext secrets, dev/debug mode left on, and missing healthchecks. Object or raw config-file text. | optional |
| deps | array | object | Dependency list to audit for deprecation, install-script risk, and lockfile/pinning issues. Either an array of package names/{name,version} objects, or a name-to-version object. | optional |
| prompt | string | System or app prompt to check for prompt-injection surface: unsanitized user input reaching the prompt, unbounded completions, and system/user role mixing. | optional |
| sql | string | Migration SQL to audit for destructive DDL, lock-heavy ALTER TABLE, NOT NULL columns without a DEFAULT, and unbounded TRUNCATE/DELETE. | optional |
OUTPUT — response shape
| field | type | description |
|---|
| mode | string | — |
| repo | string | — |
| deploy_config | string | — |
| secrets | string | — |
| prompt_injection | string | — |
| dependencies | string | — |
| db_migration | string | — |
| readiness_score | string | — |
| composed_of | string | — |
| components | string | — |
| degraded | string | — |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/agent-prelaunch-audit \
-H 'Content-Type: application/json' \
-d '{ }'first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>
# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...
# Then call the agent-prelaunch-audit tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- composeagentprelaunchauditagent-prelaunch-audit
- methods
- POST
- cluster
- compose
- price
- $0.08 USDC per call
ADJACENT — other endpoints in compose
| endpoint | description | price |
|---|
| company-intel-pack | Company research bundle for B2B enrichment agents: firmographic profile, domain intelligence, WHOIS registration, TLS posture, tech stack… | $0.08 |
| country-risk-monitor | Re-runnable country monitor: recency-scoped web search headlines, any live Polymarket prediction markets referencing the country (data-on… | $0.08 |
| cyber-exposure-brief | External exposure summary for a domain: DNS records, the hosting network/ASN behind the resolved IP, TLS certificate posture, and a web s… | $0.08 |
| domain-threat-report | Domain threat report API for a security investigation on any domain: is this a phishing domain, a lookalike squat, or a legitimate regist… | $0.08 |
| esg-company-scan | Summary of a company's publicly reported ESG posture: a web search scoped to sustainability/emissions/labor/governance coverage plus a st… | $0.08 |
| image-asset-pipeline | Turns a text prompt into a production-ready image asset in one call: generate, sharpen, cut out the background. | $0.08 |
| meeting-brief | Turns a meeting or call recording into speaker-labeled notes and a summary in one call. | $0.08 |
| patent-landscape-brief | Approximate patent/prior-art landscape for a topic, built from published technical prior art rather than a patent-office filing search: a… | $0.08 |