# Agent Precall - Secure Endpoint API

> Pre-call trust and safety layer for autonomous agents. Before your agent calls any external endpoint, ask Agent Precall first. Returns a structured Should Call / Use Caution / Do Not Call decision.

## What is this?

Agent Precall is a security and trust API purpose-built for AI agents. It scans external endpoints and returns a deterministic trust score, risk signals, and a clear go/no-go decision — with no LLM dependencies in the core path. Lightweight, fast, and Replit-deployable.

## Quick start

Call the decision endpoint inline in your agent execution path:

```
GET https://agentprecall.com/api/v1/decision?target={url}
```

Response:
```json
{
  "decision": "should_call",
  "should_call": true,
  "trust_score": 81,
  "risk_level": "low",
  "confidence": 0.87,
  "reason_codes": ["https_enabled", "tls_valid", "openapi_detected"]
}
```

## API endpoints

- `GET /api/v1/decision?target={url}` — Compact go/no-go decision (agent-optimized, low latency)
- `POST /api/v1/scan` — Full scan with all trust signals and flags
- `POST /api/v1/deep-scan` — Premium deep scan (x402 payment gated)
- `GET /api/v1/stats` — Aggregate scan statistics
- `GET /api/v1/demos` — Seeded demo scan results
- `GET /api/healthz` — Health check
- `GET /api/version` — Product version

## OpenAPI spec

Full spec available at: https://agentprecall.com/openapi.json

## Decision values

- `should_call` — Endpoint is safe and agent-ready. Proceed.
- `use_caution` — Risk factors present. Human review recommended.
- `do_not_call` — Critical issues. Do not call without remediation.

## Trust signals checked

HTTPS, TLS validity, HSTS, CSP, CORS policy, robots.txt, llms.txt, OpenAPI spec presence, OAuth metadata, MCP server card, rate limit headers, authentication requirements, x402 payment support, known vulnerability matches, exposed debug paths, SSRF risk vectors.

## Authentication

No authentication required for basic scans. Deep scan requires x402 micropayment.

## Docs

https://agentprecall.com/docs