$ man production-readiness-score
/production-readiness-score(1)
PRICE / CALL
$0.10
USDC · base mainnet · scheme: exact
──────────────────────────────────────────────────────────────────────────────
NAME
production-readiness-score — production readiness score / ai app deploy gate / prooflayer cluster aggregator / repo prod-risk composite / one-call audit / unified pro…
SYNOPSIS
POST https://x402.org/v1/production-readiness-score
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION
production readiness score / AI app deploy gate / Prooflayer cluster aggregator / repo prod-risk composite / one-call audit / unified production readiness API / vibe-coded app safety scan. Calls all 5 Prooflayer component scanners (secrets-exposure-check, deploy-config-risk, db-migration-risk, dep-risk-summary, prompt-injection-surface) in parallel in-process and rolls findings into a weighted composite score (default weights: secrets 0.30, migrations 0.20, deps 0.20, deploy 0.15, prompt 0.15). Returns composite 0-100, production_grade (production-ready | needs-review | risky | do-not-ship), per-component sub-scores, top-N deduped findings sorted by severity + score_contribution, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} or {files: [{path, content}, …]}. Optional 'weights' override (each in [0,0.5], proportionally normalized) and 'max_findings' (default 10, cap 50).
OUTPUT — response shape
| field | type | description |
|---|
| score | number | Weighted composite production-readiness score from 0-100 across all 5 Prooflayer component scanners. |
| risk_level | string | Risk bucket derived from the composite score (e.g. low, medium, high, critical). |
| production_grade | string | Deploy verdict: production-ready, needs-review, risky, or do-not-ship. |
| component_scores | object | Per-scanner sub-scores keyed by component (secrets, migrations, deps, deploy, prompt). |
| weights_used | object | Actual weights applied per component after normalization, defaults or caller overrides. |
| findings | array | Top-N deduped findings sorted by severity and score_contribution, capped by max_findings (default 10). |
| signals | object | Raw per-component signal counts and flags (e.g. secrets found, risky migrations, vulnerable deps). |
| summary | string | Venice plain-English verdict explaining the grade and the biggest risks to fix before shipping. |
| metadata | object | Run metadata: repo or file count, components called, latency per scanner, and weights source. |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.org/v1/production-readiness-score \
-H 'Content-Type: application/json' \
-d '{ }'first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# install once
claude mcp add x402 --command "npx x402-deployer-mcp"
# then ask Claude Code:
# "use the production-readiness-score tool to ..."
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- securityproduction-readinessauditai-safetyprooflayer
- env
- VENICE_API_KEY
- methods
- POST
- cluster
- prooflayer
- price
- $0.10 USDC per call
ADJACENT — other endpoints in prooflayer
| endpoint | description | price |
|---|
| ai-content-detector | AI content detector / GPT detector / ChatGPT plagiarism checker. | $0.03 |
| dep-risk-summary | repo dependency risk audit / package.json + lockfile vetter / unpinned dep detector / transitive dep counter / requirements.txt audit / p… | $0.03 |
| github-repo-health | GitHub repo health score / open-source maintainability checker. | $0.03 |
| package-risk-npm | npm package risk score / supply-chain scanner / typosquat detector. | $0.03 |
| prompt-injection-surface | AI prompt injection surface scanner / LLM call-site audit / unsanitized user input in prompts detector / system-message mixing flag / unb… | $0.03 |
| db-migration-risk | DB migration risk audit / SQL migration safety check / DROP COLUMN detector / unsafe ALTER TABLE detector / Postgres CREATE INDEX CONCURR… | $0.02 |
| deploy-config-risk | deploy config audit / Dockerfile lint / vercel.json hardening / wrangler.toml review / docker-compose.yml safety / fly.toml secrets check… | $0.02 |
| secrets-exposure-check | secrets exposure scan / hardcoded API key detector / .env-committed-key audit / Next.js client env leak detector / pre-deploy secret gate. | $0.02 |