Agent402 / tools / openapi-lint

OpenAPI agent-readiness lint

FREE with proof-of-work · or $0.002 in USDC · POST /api/openapi-lint

Score an OpenAPI 3.x or Swagger 2.x spec on agent-readiness — i.e. does an LLM-driven caller have what it needs to call the API correctly without guessing. Returns a 0..100 score, severity counts, and a structured list of violations with stable rule codes. Checks: documented title/servers/paths, per-operation summary/description/operationId/tags, documented 2xx + error responses, param descriptions/schemas/examples, response descriptions, JSON response schemas. Pure CPU — deterministic, no network, no $ref dereferencing.

Input

FieldTypeDescription
spec *anyOpenAPI/Swagger document (object or JSON string)

Example output

{
  "ok": true,
  "score": 97,
  "counts": {
    "error": 0,
    "warning": 1,
    "info": 0
  },
  "violations": [
    {
      "rule": "operation-missing-operationid",
      "severity": "warning",
      "location": "GET /users",
      "message": "Operation has no operationId — agents can't refer to this call by a stable name."
    }
  ]
}

Try it — see the 402 challenge (free)

curl -i -X POST https://agent402.tools/api/openapi-lint \
  -H "Content-Type: application/json" \
  -d '{"spec":{"openapi":"3.0.0","info":{"title":"Demo","version":"1.0.0","description":"An example API"},"servers":[{"url":"https://api.example.com"}],"paths":{"/users":{"get":{"summary":"List users","tags":["users"],"parameters":[{"name":"limit","in":"query","description":"Max results","schema":{"type":"integer","example":10}}],"responses":{"200":{"description":"ok","content":{"application/json":{"schema":{"type":"array"}}}},"400":{"description":"bad input"}}}}}}}'

The response is HTTP 402 Payment Required with exact payment requirements. Any x402 v2 client pays automatically and retries:

Paid call (JavaScript agent)

import { wrapFetchWithPayment } from "@x402/fetch";
import { x402Client } from "@x402/core/client";
import { registerExactEvmScheme } from "@x402/evm/exact/client";
import { privateKeyToAccount } from "viem/accounts";

const client = new x402Client();
registerExactEvmScheme(client, { signer: privateKeyToAccount(KEY) });
const payFetch = wrapFetchWithPayment(fetch, client);

const res = await payFetch("https://agent402.tools/api/openapi-lint", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    "spec": {
      "openapi": "3.0.0",
      "info": {
        "title": "Demo",
        "version": "1.0.0",
        "description": "An example API"
      },
      "servers": [
        {
          "url": "https://api.example.com"
        }
      ],
      "paths": {
        "/users": {
          "get": {
            "summary": "List users",
            "tags": [
              "users"
            ],
            "parameters": [
              {
                "name": "limit",
                "in": "query",
                "description": "Max results",
                "schema": {
                  "type": "integer",
                  "example": 10
                }
              }
            ],
            "responses": {
              "200": {
                "description": "ok",
                "content": {
                  "application/json": {
                    "schema": {
                      "type": "array"
                    }
                  }
                }
              },
              "400": {
                "description": "bad input"
              }
            }
          }
        }
      }
    }
  }),
});

No wallet? Pay with compute

This is a pure-CPU tool, so an agent without a wallet can pay with proof-of-work instead of USDC: fetch a challenge, solve the sha256 puzzle (16 leading zero bits — a fraction of a second of CPU, no money, no AI tokens), and resend with the X-Pow-Solution header.

import { createHash } from "node:crypto";
const lz = (b) => { let t = 0; for (const x of b) { if (!x) { t += 8; continue; } t += Math.clz32(x) - 24; break; } return t; };
const c = await (await fetch("https://agent402.tools/api/pow/challenge?slug=openapi-lint")).json();
let n = 0;
while (lz(createHash("sha256").update(c.challenge + ":" + n).digest()) < c.difficulty) n++;
await fetch("https://agent402.tools/api/openapi-lint", { method: "POST", headers: { "X-Pow-Solution": c.token + ":" + n, "Content-Type": "application/json" }, body: JSON.stringify({"spec":{"openapi":"3.0.0","info":{"title":"Demo","version":"1.0.0","description":"An example API"},"servers":[{"url":"https://api.example.com"}],"paths":{"/users":{"get":{"summary":"List users","tags":["users"],"parameters":[{"name":"limit","in":"query","description":"Max results","schema":{"type":"integer","example":10}}],"responses":{"200":{"description":"ok","content":{"application/json":{"schema":{"type":"array"}}}},"400":{"description":"bad input"}}}}}}}) });

Related tools

Email validate

USDC $0.002 · POST /api/email-validate

Validate an email address: syntax check plus live MX record lookup on the domain (deliverability signal, not a guarantee…

URL parse

FREE with compute · or $0.001 USDC · POST /api/url-parse

Parse a URL into components: protocol, host, port, path, query params (decoded), hash, origin, punycode hostname.

IP info

USDC $0.002 · POST /api/ip-info

Classify an IP address: version, public/private/loopback/link-local, integer form, and reverse-DNS (PTR) lookup.