Run advisory checks against an agent shape
const url = 'https://app.everruns.com/api/v1/agents/analyze';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"capabilities":[{"config":{},"ref":"current_time"},{"config":{},"ref":"test_math"}],"mcpServers":{"additionalProperty":{"args":["example"],"auth_mode":"none","command":"example","env":{"additionalProperty":"example"},"headers":{"additionalProperty":"example"},"oauth_provider_id":"example","tool_discovery":true,"type":"http","url":"example"}},"system_prompt":"You are a helpful customer support agent.","tools":[{}]}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://app.everruns.com/api/v1/agents/analyze \ --header 'Content-Type: application/json' \ --data '{ "capabilities": [ { "config": {}, "ref": "current_time" }, { "config": {}, "ref": "test_math" } ], "mcpServers": { "additionalProperty": { "args": [ "example" ], "auth_mode": "none", "command": "example", "env": { "additionalProperty": "example" }, "headers": { "additionalProperty": "example" }, "oauth_provider_id": "example", "tool_discovery": true, "type": "http", "url": "example" } }, "system_prompt": "You are a helpful customer support agent.", "tools": [ {} ] }'Runs built-in rules plus on-demand LLM analysis (specs/agent-checks.md) and returns merged advisory findings. Requires the system utility LLM service to be configured.
Request Body required
Section titled “Request Body required ”Request to preview the final agent shape with capabilities applied
object
Capabilities to apply with per-agent configuration.
Per-agent capability configuration
Associates a capability with an agent, including optional per-agent configuration. The config field allows the same capability to behave differently per-agent.
object
Per-agent configuration for this capability (capability-specific)
Reference to the capability ID
Example
[ { "config": {}, "ref": "current_time" }, { "config": {}, "ref": "test_math" }]Remote MCP servers scoped to the previewed agent.
object
Session-, agent-, or harness-scoped remote MCP server configuration.
This intentionally mirrors the mcpServers object shape used by common MCP
client config files while staying within Everruns’ current remote-HTTP-only
support.
object
Arguments passed to the stdio command.
Authentication mode used when executing tools from this scoped server.
Example
api_keyExecutable to spawn for a stdio transport server.
Environment variables set for the stdio command.
object
Additional HTTP headers sent on MCP requests (HTTP transport only).
object
Provider id used to resolve a user-scoped bearer token.
Whether to discover tool definitions live from this server.
MCP transport type. Only remote HTTP is supported today.
Example
httpURL of the remote MCP server endpoint. Required for HTTP transport; empty/ignored for stdio.
The base system prompt (before capability additions)
Example
You are a helpful customer support agent.Client-side tools to include in the preview.
object
Responses
Section titled “ Responses ”Agent analysis completed
Response from on-demand agent analysis (built-in rules + LLM checkers)
object
Advisory findings, built-in and LLM-sourced (specs/agent-checks.md)
A single advisory finding about an agent configuration.
object
Proposed replacement text (phase 2+; always absent for builtin rules).
Pointer to the config field (and optional byte span within it) a finding refers to.
object
Config field name, e.g. system_prompt, tools.
Byte offset range into the field’s authored text, when applicable.
Human-readable explanation. Safe to render in user-facing messages.
Stable rule identifier, e.g. prompt.duplicate_paragraphs.
Advisory severity. There is deliberately no error: checks never gate
save/publish (specs/agent-checks.md, Non-Goals).
Which tier produced the finding.
Example
{ "findings": [ { "category": "structure", "severity": "warning", "source": "builtin" } ]}Utility LLM service not configured
Standard error response.
Wire shape is RFC 9457 Problem Details:
every error response includes title and status, and may include
detail, code, allowed_actions, retry_after_seconds, instance,
and type. The content type is rewritten to application/problem+json
by [problem_json_content_type].
object
Recovery actions the caller can take next.
Agent-actionable link describing a follow-up the caller can take. Used in two contexts:
- Error recovery —
ErrorResponse.allowed_actionscarriesrels likeretry,retry-later,unarchive,get-existingso the agent knows the right next call after a 4xx/429. - Entity hypermedia —
WithUrls<T>.allowed_actionscarries state-awarerels likecancel,events,self,updateon the entity itself so the agent can follow links instead of reconstructing routes from prose.
The shape is intentionally identical across both contexts; the closed
rel vocabulary documented in specs/api-conventions.md distinguishes
them.
object
Short, agent-readable hint (e.g. “Shorten ‘name’ to <= 200 chars.”, “Cancel the active turn for this session.”).
Absolute (preferred) or relative URL the caller may invoke
directly. Always present on entity hypermedia actions
(WithUrls<T>.allowed_actions); optional on error-recovery
actions (ErrorResponse.allowed_actions) where the matching
operation_id is enough and the URI is implicit from the failed
call.
HTTP method to use against href. Required for entity hypermedia
actions; usually omitted on error-recovery actions where the same
operation is retried with its original method.
OpenAPI operationId the caller should invoke. Lets an MCP client
resolve the call without parsing href.
Link relation describing the action. Closed vocabulary documented
in specs/api-conventions.md — examples: self, cancel, pause,
resume, events, retry, retry-later, unarchive,
get-existing, delete, update.
OpenAPI $ref to the request-body schema, when the action takes one
(e.g. #/components/schemas/UpdateSessionRequest). Lets a tool-calling
agent fetch the input shape without scanning the whole spec.
Stable, machine-readable error code (snake_case).
Human-readable explanation specific to this occurrence.
Request URI for this occurrence.
Seconds the caller should wait before retrying (429 / transient 503).
HTTP status code; mirrors the response status line.
Short, human-readable summary of the problem (e.g. “Not Found”).
RFC 9457 problem type URI. Optional; identifies the problem class.
Example
{ "allowed_actions": [ { "method": "POST" } ], "code": "session_not_found", "detail": "Session session_01933b5a000070008000000000000001 not found in org org_01933b5a000070008000000000000001.", "instance": "/v1/sessions/session_01933b5a000070008000000000000001", "retry_after_seconds": 30, "status": 404, "title": "Session not found", "type": "https://docs.everruns.com/errors/session_not_found"}Internal server error
Standard error response.
Wire shape is RFC 9457 Problem Details:
every error response includes title and status, and may include
detail, code, allowed_actions, retry_after_seconds, instance,
and type. The content type is rewritten to application/problem+json
by [problem_json_content_type].
object
Recovery actions the caller can take next.
Agent-actionable link describing a follow-up the caller can take. Used in two contexts:
- Error recovery —
ErrorResponse.allowed_actionscarriesrels likeretry,retry-later,unarchive,get-existingso the agent knows the right next call after a 4xx/429. - Entity hypermedia —
WithUrls<T>.allowed_actionscarries state-awarerels likecancel,events,self,updateon the entity itself so the agent can follow links instead of reconstructing routes from prose.
The shape is intentionally identical across both contexts; the closed
rel vocabulary documented in specs/api-conventions.md distinguishes
them.
object
Short, agent-readable hint (e.g. “Shorten ‘name’ to <= 200 chars.”, “Cancel the active turn for this session.”).
Absolute (preferred) or relative URL the caller may invoke
directly. Always present on entity hypermedia actions
(WithUrls<T>.allowed_actions); optional on error-recovery
actions (ErrorResponse.allowed_actions) where the matching
operation_id is enough and the URI is implicit from the failed
call.
HTTP method to use against href. Required for entity hypermedia
actions; usually omitted on error-recovery actions where the same
operation is retried with its original method.
OpenAPI operationId the caller should invoke. Lets an MCP client
resolve the call without parsing href.
Link relation describing the action. Closed vocabulary documented
in specs/api-conventions.md — examples: self, cancel, pause,
resume, events, retry, retry-later, unarchive,
get-existing, delete, update.
OpenAPI $ref to the request-body schema, when the action takes one
(e.g. #/components/schemas/UpdateSessionRequest). Lets a tool-calling
agent fetch the input shape without scanning the whole spec.
Stable, machine-readable error code (snake_case).
Human-readable explanation specific to this occurrence.
Request URI for this occurrence.
Seconds the caller should wait before retrying (429 / transient 503).
HTTP status code; mirrors the response status line.
Short, human-readable summary of the problem (e.g. “Not Found”).
RFC 9457 problem type URI. Optional; identifies the problem class.
Example
{ "allowed_actions": [ { "method": "POST" } ], "code": "session_not_found", "detail": "Session session_01933b5a000070008000000000000001 not found in org org_01933b5a000070008000000000000001.", "instance": "/v1/sessions/session_01933b5a000070008000000000000001", "retry_after_seconds": 30, "status": 404, "title": "Session not found", "type": "https://docs.everruns.com/errors/session_not_found"}