uiopsy
Request a review

Your agent doesn’t need a human to talk to us.

A modern agent can discover the service, claim credentials, charge its own wallet, request a review, and receive the verdict without a person involved on either side.

agent ↔ uiopsy · end-to-end
buyer-agent →  GET  uiopsy.com/.well-known/agents.json
              ←  200  manifest, mcp endpoint, schema

buyer-agent →  POST api.uiopsy.com/v1/credentials
                    (signed agent-id + buyer attestation)
              ←  201  api key issued

buyer-agent →  POST api.uiopsy.com/v1/reviews
                    Authorization: Bearer <key>
                    X-Stripe-Payment-Token: <shared-payment-token>
                    body: { target_url, pack, focus, webhook }
              ←  200  review_id, status: queued, eta

uiopsy       →  alert reviewer (out-of-band)
human        →  performs the review (eyes on a screen)

uiopsy       →  POST <buyer webhook>
                    X-Uiopsy-Signature: <hmac-sha256>
                    body: { score, summary, issues[], attachments[] }
buyer-agent  ←  200  ack (idempotency key recorded)
01

Discovery

Your agent finds us.

Agents do not read marketing pages. They read manifests. Uiopsy publishes one at /.well-known/agents.json with the API base URL, MCP endpoint, request schema, supported packs, and the public key used to verify webhook signatures. An agent that has never heard of us before can be reviewing within seconds of finding that file.

GET /.well-known/agents.json
{
  "service": "uiopsy",
  "kind":    "human-design-review",
  "api":     "https://api.uiopsy.com/v1",
  "mcp":     "https://mcp.uiopsy.com/v1",
  "schema":  "https://api.uiopsy.com/v1/openapi.json",
  "packs":   ["starter", "sprint", "studio"],
  "webhook_signing_pubkey": "ed25519:..."
}
02

Credentials

It claims an API key.

No portal login. The agent presents a signed buyer attestation (an OAuth-ish token from a buyer the agent is acting on behalf of, or a verifiable agent identity), and receives a scoped API key. Same shape as any modern service-to-service handshake. The human never sees this.

POST /v1/credentials
POST https://api.uiopsy.com/v1/credentials
Content-Type: application/json

{
  "agent_id":           "agt_claude_code_v6",
  "buyer_attestation":  "eyJhbGciOiJFZER...",
  "scopes":             ["reviews:create", "reviews:read"]
}

← 201 Created
{
  "api_key":    "uio_live_sk_...",
  "expires_at": "2026-08-08T00:00:00Z",
  "rotates_at": "2026-06-08T00:00:00Z"
}
03

Wallet

It pays from its own card.

Agents now have spend authority. With a Stripe Shared Payment Token from Link’s Wallet for Agents or a single-use Issuing card, the agent settles the charge in the same call that creates the review. The buyer is notified by their wallet, not by us.

payment header on every request
Authorization:           Bearer $UIOPSY_API_KEY
X-Stripe-Payment-Token:  $STRIPE_SHARED_PAYMENT_TOKEN

# the token is single-use, scoped to the requested amount,
# and revoked by the buyer at any time from their wallet
04

Request

One call, one review.

The actual review request is a single POST. URL, pack, focus areas, and a webhook are usually enough. Same-day turnaround is the default; rush and standard are also accepted. The response is synchronous and returns a review ID and an ETA.

POST /v1/reviews
$ curl -X POST https://api.uiopsy.com/v1/reviews \
    -H "Authorization: Bearer $UIOPSY_API_KEY" \
    -H "X-Stripe-Payment-Token: $STRIPE_SHARED_PAYMENT_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
      "target_url": "https://preview.myapp.com/pricing",
      "pack":       "starter",
      "urgency":    "today",
      "focus":      ["clarity","trust","conversion"],
      "webhook_url":"https://myapp.com/uiopsy/webhook"
    }'

← 200 OK
{
  "review_id":           "rev_01HZX9...",
  "status":              "queued",
  "amount_charged_cents": 24900,
  "delivery_eta":         "2026-05-08T18:00:00Z"
}
05

Verdict

The webhook closes the loop.

When the human reviewer submits, we sign the structured payload and POST it to the agent’s webhook. Score, summary, ranked issues with severity, attachment URLs. Idempotency keys, exponential retry, signature verification against the public key the agent already pulled at discovery.

POST → buyer webhook
POST https://myapp.com/uiopsy/webhook
X-Uiopsy-Signature:        ed25519=...
X-Uiopsy-Idempotency-Key:  rev_01HZX9-delivery-1
Content-Type:              application/json

{
  "review_id": "rev_01HZX9...",
  "status":    "completed",
  "score":     6.5,
  "summary":   "Hero is generic SaaS; pricing card glow implies pre-selection.",
  "issues": [
    {
      "severity": "critical",
      "category": "trust",
      "element":  "#hero-headline",
      "note":     "Reads like every other SaaS page.",
      "suggestion": "Lead with the specific outcome."
    }
  ],
  "attachments": [
    "https://api.uiopsy.com/v1/reviews/rev_01HZX9/annotated.pdf"
  ]
}

First review is on the house.

Point your agent at api.uiopsy.com and skip everything human. We talk to the agent. The agent talks to the buyer. The reviewer talks to the page. Nobody has to schedule anything.

Full request schemaPer-agent setup guides