PAI Agent Readiness Index

Readiness console

Generate the report

The Index weights PSF controls, public evidence signals, and operational context. Repository scanning is limited to public GitHub file paths.

0/24 checks

Project or agent nameOrganisationPublic GitHub repositoryContact emailSystem typeProduction stageAutonomy levelDeployment surface

Public report and badgePublic reports create a citeable URL and an embeddable badge. This is not a credential.

Input boundary

Scope, allowed sources, abuse controls, and prompt injection boundaries.

Are the agent's allowed inputs, sources, and operating scope documented?Scope docs, API contracts, product policy, or operating instructions.

Are prompt injection, untrusted content, and boundary-crossing cases tested?Red-team cases, eval fixtures, attack tests, or review notes.

Are abuse controls such as rate limits, identity checks, or input filters in place?Rate limiting, auth checks, input filters, abuse monitoring, or gateway controls.

Output validation

Contracts, schemas, refusals, confidence thresholds, and failure paths.

Are outputs validated against schemas, contracts, policies, or acceptance criteria before action?JSON schema, Zod, Pydantic, validators, policy checks, or acceptance tests.

Does the system have explicit refusal, fallback, or escalation paths when confidence is low?Refusal policy, fallback branch, confidence thresholds, escalation queue, or retries.

Are output failures measured and reviewed through evals or production checks?Eval dashboards, failed-output reviews, test reports, or incident tags.

Data stewardship

Classification, minimisation, retention, redaction, and vendor data access.

Is sensitive data classified before it enters prompts, tools, logs, or model providers?Data classification matrix, prompt data policy, or provider access map.

Are minimisation, retention, and redaction rules documented and enforced?Retention config, redaction layer, logging policy, or deletion process.

Can the team explain what data each model, tool, and vendor can access?Vendor inventory, tool permission map, model data policy, or DPIA.

Observability

Traces, evals, incidents, drift, operational review, and production metrics.

Are prompts, tool calls, model versions, traces, and key decisions observable?Tracing, structured logs, request IDs, model version capture, or tool call records.

Are incidents, drift, refusals, hallucinations, and unsafe actions tracked over time?Incident log, drift monitor, eval trend, refusal analytics, or safety dashboard.

Are readiness metrics reviewed on a regular operational cadence?Weekly review, release readiness check, governance forum, or lab report.

Deployment control

Versioning, release gates, canaries, rollbacks, and reproducibility.

Are prompt, model, tool, and policy changes versioned and reviewable?Git history, prompt registry, policy versioning, release notes, or approval trail.

Are eval gates, canary releases, rollbacks, or staged deployments used before production changes?CI eval gates, staging environments, canary config, rollback runbook, or release checklist.

Can the team reproduce which agent version produced a given output or action?Trace IDs, version IDs, prompt hashes, deployment metadata, or audit records.

Human oversight

Autonomy limits, approvals, escalations, overrides, and audit trails.

Are high-impact or irreversible actions gated by human review?Approval workflow, policy gate, review queue, sign-off logs, or role-based permissions.

Are autonomy levels, escalation rules, and manual override paths documented?Autonomy matrix, escalation policy, override procedure, or operator handbook.

Are human approvals and interventions logged for audit and learning?Approval logs, intervention records, audit trail, or post-action review.

Security posture

Tool permissions, secrets, agent threat testing, and integration risk.

Are tool permissions, secrets, credentials, and external actions least-privilege by default?Scoped tokens, permission manifests, secret scanning, isolated tools, or RBAC.

Are agent-specific threats such as prompt injection, tool abuse, and data exfiltration tested?Threat model, red-team tests, security review, or adversarial evals.

Are dependency, provider, and integration risks reviewed before production release?Dependency review, provider risk register, integration review, or security checklist.

Ecosystem resilience

Provider fallbacks, dependency inventory, portability, and degraded modes.

Can the system degrade gracefully if a model, provider, tool, or API fails?Fallback model, degraded mode, retry policy, circuit breaker, or incident playbook.

Is there a documented dependency inventory for models, vendors, datasets, and tools?Dependency inventory, vendor list, model card registry, or tool manifest.

Are portability, fallback, and exit paths considered for critical capabilities?Provider abstraction, fallback plan, exit plan, or compatible API layer.

The generated report separates self-reported controls from public evidence. Formal PSF credentials require a separate review.

Why this can earn links

A public report, a transparent methodology, and a README badge give teams something specific to cite while keeping PAI positioned as the standards and lab institution.

Revenue stays downstream

The Index builds trust first. Deploy Studio, Lab reviews, credentials, and partner programs become credible only after the public standard feels real.

Benchmark an AI agent against the production standard.

Generate the report

Input boundary

Output validation

Data stewardship

Observability

Deployment control

Human oversight

Security posture

Ecosystem resilience

Designed for credibility, not vanity scoring.