← Back to search

Search • Sprawl Radar • TrustOps • Gateway • Ledger • Mandates • Hosting • Docs Compiler • Demo • Plans • Shortlists • Rankings • Compare • ChatGPT compatible • Claude compatible • Healthcare • Digests • RSS • RSS XML • Backfill • MCP API

ai.boolsai/directory

Boolsai Directory

Indexed ecommerce site directory — vendor lookups, brands by city/market/founder. 10 tools.

JSON report • History API • Manage this server • Global feed

EXECUTIVE VERDICT

Executive verdict

Production trust decision: Allow with approval

Reason: write/exec approval gaps + high-risk tools need review

Next action: export policy, configure alerts, require approval for writes

Status

Healthy

Score

70.7

Transport

streamable-http

Tools

Current trust snapshot

Snapshot ID

trustsnap_0e75bfea99c613e2

Use this ID to compare server page, report, policy, MCP, homepage, ranking, and shortlist surfaces.

Snapshot generated

May 20, 2026 08:17:04 PM UTC

All page, report, policy, and MCP surfaces use this same server-detail snapshot shape.

Last validated

May 20, 2026 02:22:13 PM UTC

Age: 5.91h • freshness band: Verified in last 24h • display score: 70.72

Production trust decision

Allow with approval

write/exec approval gaps + high-risk tools need review

Readiness class

Safe for evaluation

The server is suitable for evaluation, but remaining gaps should be resolved before broad production use.

SERVER OWNER FUNNEL

Own this MCP?

Claim ownership, prove control with a GitHub, DNS, or HTTP token challenge, revalidate now, publish a badge, and configure monitoring.

1. Claim

unclaimed

Start owner claim with GitHub, DNS, or HTTP challenge instructions.

2. Revalidate

POST /v1/servers/ai.boolsai/directory/revalidate

Verified owners get priority queueing after proof succeeds.

3. Badge

Verified by MCP Verify - score 70.7 - last checked May 20, 2026

4. Monitor

Pick plan + alerts

Continuous Verify plan is self-serve: choose a tier, configure watches, add authenticated validation, trigger revalidation, and use the badge.

Badge embed

[![Verified by MCP Verify](https://verify.sentinelsignal.io/badge/ai.boolsai/directory.svg)](https://verify.sentinelsignal.io/servers/ai.boolsai/directory)

MCP TrustOps

TrustOps turns this report into operational controls: freshness SLAs, authenticated validation, semantic benchmarks, policy exports, alert subscriptions, badges, cost/compliance metadata, and runtime routing. Fresh trusted index decisions stay separate from long-tail inventory so stale scores do not masquerade as current evidence.

Freshness band

Verified in last 24h

Policy SLA: 168.0h • confidence-weighted score: 54.8 • stale score suppressed: ✕

Policy exports

Export policy

Formats: json, rego, yaml, github_action, gateway_config, client_report

Runtime routing

/v1/decide

Returns allowed tools, blocked tools, approval requirement, and reason.

Hosted runtime

Verify Hosted MCP

Deploy trusted servers from GitHub with secrets, egress controls, releases, rollback, and audit events.

Authenticated validation

Premium publisher feature: paid authenticated runs verify scopes, write-action safeguards, and authorized tool execution.

Active trust badges

Freshly Validated Claude Remote MCP Compatible No Critical Risk

Semantic benchmarks

available

Templates cover GitHub, database, healthcare, web search, and CRM least-privilege jobs.

Supply chain

metadata signal

Deep scan checks are marked separately from public metadata signals.

Compliance metadata

Terms, privacy, SOC 2, HIPAA, GDPR, retention, deletion, and audit-log fields are tracked as enterprise metadata.

Alert subscription types

Status changes Score drops or recovers Freshness SLA breach Validation schema drift OAuth or auth behavior changes Tool surface changes New or changed write tool Supply-chain signal changes Legal or compliance metadata changes

MCP Runtime hosting

Verify Hosted MCP turns a trusted server report into a managed remote MCP endpoint with GitHub deployment provenance, sandbox policy, encrypted secrets, release history, rollback, and audit/usage events.

Activation readiness

✓

Trusted hosted runtimes require fresh validation, a passing server state, a remote endpoint, and a minimum score.

Minimum tier

TrustOps

Publisher claim plus paid TrustOps tier are required before secrets or releases can be created.

Hosted endpoint

/hosted/{namespace}/{name}/mcp

The endpoint enforces egress allowlists and records audit/usage events.

Blockers

none

Deployment	Status	Endpoint	Release
No hosted runtime deployments yet.

Production readiness class

Safe for evaluation

The server is suitable for evaluation, but remaining gaps should be resolved before broad production use.

Critical alerts

Production verdicts degrade quickly when critical alerts are active.

Evidence confidence

Confidence score

77.5

Based on 2 recent validations, 26 captured checks, and validation age of 5.9 hours.

Live checks captured

More direct checks increase trust in the current verdict.

Validation age

5.9h

Lower age means fresher evidence.

Recommended for

Claude Desktop

Claude Desktop is marked compatible with score 83.

Smithery

Smithery is marked compatible with score 100.

Generic Streamable HTTP

Generic Streamable HTTP is marked compatible with score 100.

Client compatibility verdicts

Client compatibility only means the server shape can work with a client. Production trust decision and write-action publishing are evaluated separately so a client-compatible server can still be blocked for production.

Client compatibility: ChatGPT

Partially client-compatible

OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Transport compliance should be in good shape.

Confidence: high (77.5)

Evidence provenance

Winner: live_validation

Supporting sources: live_validation, history, server_card

Disagreements: none

initialize • OK
tools_list • OK
transport_compliance_probe • Error
step_up_auth_probe • Missing
connector_replay_probe • OK — Frozen tool snapshots must survive refresh.
request_association_probe • Missing — Roots, sampling, and elicitation should stay request-scoped.

Client compatibility: Claude

Client-compatible

Transport behavior should match Claude-compatible HTTP expectations.

Confidence: high (77.5)

Evidence provenance

Winner: live_validation

Supporting sources: live_validation, history, server_card

Disagreements: none

initialize • OK
tools_list • OK
transport_compliance_probe • Error

Write-action publishing

Publishing blocked

Blocked until safeguards and confirmation semantics are verified for write, exec, or destructive tools.

Confidence: high (77.5)

Evidence provenance

Winner: live_validation

Supporting sources: live_validation, history

Disagreements: none

action_safety_probe • Error

Snapshot churn risk

Low

No material tool-surface churn detected in the latest comparison.

Confidence: high (77.5)

Evidence provenance

Winner: history

Supporting sources: history, live_validation

Disagreements: none

tool_snapshot_probe • OK
connector_replay_probe • OK

Why compatibility is limited by client

ChatGPT custom connector

Partially client-compatible

Remediation checklist

OpenAI connectors expect OAuth for remote server auth.
Dynamic client registration materially improves connector setup.
Transport compliance should be in good shape.
search fetch only is not yet satisfied
oauth configured is not yet satisfied
admin refresh required is not yet satisfied

Claude remote MCP

Client-compatible

Remediation checklist

Transport behavior should match Claude-compatible HTTP expectations.
search fetch only is not yet satisfied
oauth configured is not yet satisfied
admin refresh required is not yet satisfied
safe for company knowledge is not yet satisfied
safe for messages api remote mcp is not yet satisfied

Write-safe publishing

Blocked

Remediation checklist

Add a clearer auth boundary around risky write actions.
Add confirmation or dry-run semantics for risky actions.
Constrain or sandbox exec-capable tools before publishing broadly.

Verdict traces

Production verdict

Safe for evaluation

The server is suitable for evaluation, but remaining gaps should be resolved before broad production use.

Confidence: high (77.5)

Winning source: live_validation

Triggering alerts

No active alert triggers.

Client verdict trace table

Verdict	Status	Checks	Winning source	Conflicts
`openai_connectors`	Partially client-compatible	initialize, tools_list, transport_compliance_probe, step_up_auth_probe, connector_replay_probe, request_association_probe	live_validation	none
`claude_desktop`	Client-compatible	initialize, tools_list, transport_compliance_probe	live_validation	none
`unsafe_for_write_actions`	Publishing blocked	action_safety_probe	live_validation	none
`snapshot_churn_risk`	Low	tool_snapshot_probe, connector_replay_probe	history	none

Publishability policy profiles

ChatGPT custom connector compatibility

Compatible with review

OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Transport compliance should be in good shape. Compatibility is not a production approval; company knowledge and Messages API gates remain separate.

Search Fetch Only: No
Write Actions Present: Yes
Oauth Configured: No
Admin Refresh Required: No
Safe For Company Knowledge: No
Safe For Messages Api Remote Mcp: No

Claude remote MCP compatibility

Connector-compatible

Transport behavior should match Claude-compatible HTTP expectations. Compatibility is not a production approval; company knowledge and Messages API gates remain separate.

Search Fetch Only: No
Write Actions Present: Yes
Oauth Configured: No
Admin Refresh Required: No
Safe For Company Knowledge: No
Safe For Messages Api Remote Mcp: No

Compatibility fixtures

ChatGPT custom connector fixture

Degraded

OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Transport compliance should be in good shape.

remote_http_endpoint: Passes
oauth_discovery: Degraded
frozen_tool_snapshot_refresh: Passes
request_association: Passes

Anthropic remote MCP fixture

Degraded

Transport behavior should match Claude-compatible HTTP expectations.

remote_transport: Passes
tool_discovery: Passes
auth_connect: Passes
safe_write_review: Degraded

Authenticated validation sessions

Public validation is free. Authenticated validation is paid and proves scoped behavior, write-action safeguards, and authenticated tool execution.

Latest profile

remote_mcp

Authenticated session used

Public score isolation

✓

Preview endpoint

/v1/verify

CI preview endpoint

/v1/ci/preview

Public server reputation

Validation success 7d

1.0

Validation success 30d

1.0

Mean time to recover

n/a

Breaking diffs 30d

Registry drift frequency 30d

Snapshot changes 30d

Incident & change feed

Timestamp	Event	Details
May 20, 2026 02:22:13 PM UTC	Latest validation: healthy	Score 70.7 with status healthy.
May 20, 2026 02:22:13 PM UTC	Score changed	Score delta +3.1 versus the previous run.

Capabilities

OAuth: ✕
DCR/CIMD: ✕
Prompts: ✕
Homepage: none
Docs: none
Support: none
Icon: none
Remote endpoint: https://directory.boolsai.ai/mcp
Server card: none

Use-case taxonomy

development database search communication

Security posture

Tools analyzed

High-risk tools

Destructive tools

Exec tools

Egress tools

Secret tools

Bulk-access tools

Risk distribution

low:3, medium:7, high:7, critical:2

Tool capability & risk inventory

Tool	Capabilities	Risk	Findings	Notes
`summary`	filesystem secrets	Medium	secret material access	No explicit safeguard hints detected.
`site_dossier`	read exec network	High	command execution arbitrary network egress freeform input surface	No explicit safeguard hints detected.
`sites_using_vendor`	read	Low	none	No explicit safeguard hints detected.
`lookup_id`	read write admin	Medium	admin mutation	No explicit safeguard hints detected.
`brands_in_city`	read admin	Medium	none	No explicit safeguard hints detected.
`brands_in_market`	read	Low	none	No explicit safeguard hints detected.
`stack_archetype`	read	Low	none	No explicit safeguard hints detected.
`compare_sites`	network	Medium	arbitrary network egress	No explicit safeguard hints detected.
`similar_sites`	read exec network	High	command execution arbitrary network egress freeform input surface	No explicit safeguard hints detected.
`brands_by_founder`	read admin	Medium	none	No explicit safeguard hints detected.
`bulk_export`	read write export	Medium	bulk data access	Safeguards hinted in metadata.
`compare_scans`	write delete network	High	destructive operation arbitrary network egress freeform input surface	No explicit safeguard hints detected.
`domain_intel`	network admin	Medium	arbitrary network egress freeform input surface	No explicit safeguard hints detected.
`find_similar_by_stack`	write exec network export	Critical	command execution arbitrary network egress bulk data access freeform input surface	No explicit safeguard hints detected.
`bulk_export_url`	network export	High	arbitrary network egress bulk data access	No explicit safeguard hints detected.
`operator_cluster`	network admin export	High	arbitrary network egress bulk data access freeform input surface	No explicit safeguard hints detected.
`subdomain_map`	write filesystem admin export	High	bulk data access filesystem mutation admin mutation	No explicit safeguard hints detected.
`prospect_brief`	write exec network admin	Critical	command execution arbitrary network egress freeform input surface admin mutation	No explicit safeguard hints detected.
`directory_query`	read network filesystem export	High	arbitrary network egress bulk data access freeform input surface	No explicit safeguard hints detected.

Write-action governance

Governance status

Error

Safe to publish

Auth boundary

public_or_unclear

Blast radius

High

High-risk tools

Confirmation signals

none

Safeguard count

Status detail: 9 high-risk tool(s), 1 destructive tool(s), 4 exec-capable tool(s) are exposed without a clear auth boundary; 1 safeguard(s) and 0 confirmation signal(s) detected.

Tool	Risk	Flags	Safeguards
`site_dossier`	High	command execution arbitrary network egress freeform input surface	no
`similar_sites`	High	command execution arbitrary network egress freeform input surface	no
`compare_scans`	High	destructive operation arbitrary network egress freeform input surface	no
`find_similar_by_stack`	Critical	command execution arbitrary network egress bulk data access freeform input surface	no
`bulk_export_url`	High	arbitrary network egress bulk data access	no
`operator_cluster`	High	arbitrary network egress bulk data access freeform input surface	no
`subdomain_map`	High	bulk data access filesystem mutation admin mutation	no
`prospect_brief`	Critical	command execution arbitrary network egress freeform input surface admin mutation	no
`directory_query`	High	arbitrary network egress bulk data access freeform input surface	no

Action-controls diff

Snapshot changed

Disabled-by-default candidates

none

Manual review candidates

none

New actions

Action	Risk	Flags
No newly added actions.

Changed actions

Action	Change types	Risk
No materially changed actions.

Why this score?

Access & Protocol

30/44

Connectivity, auth, and transport expectations for common clients.

Interface Quality

36.83/56

How well the tool/resource interface communicates and behaves under automation.

Security Posture

22.35/36

How safely the exposed tool surface handles destructive actions, egress, execution, secrets, and risky inputs.

Reliability & Trust

21.94/24

Operational stability, consistency, and trustworthiness over time.

Discovery & Governance

22.5/28

How well the server is documented, listed, and governed in public registries.

Adoption & Market

5/8

Adoption clues and public evidence that the server is intended for external use.

Algorithmic score breakdown

Auth Operability

2/4

Measures whether auth discovery and protected access behave predictably for clients.

Error Contract Quality

2.8/4

Grades machine-readable error structure, status alignment, and remediation hints.

Rate-Limit Semantics

2/4

Checks whether quota/throttle responses are deterministic and automation-friendly.

Schema Completeness

2/4

Completeness of tool descriptions, parameter docs, examples, and schema shape.

Backward Compatibility

4/4

Stability score across tool schema/name drift relative to prior validations.

SLO Health

4/4

Availability, latency, and burst-failure profile across recent validation history.

Security Hygiene

2.5/4

HTTPS posture, endpoint hygiene, and response-surface hardening checks.

Task Success

4/4

Can an agent reliably initialize, enumerate tools, and execute core MCP flows?

Trust Confidence

2.9/4

Confidence-adjusted reliability score that penalizes low evidence volume.

Abuse/Noise Resilience

4/4

How well the server preserves core behavior in the presence of noisy traffic patterns.

Prompt Contract

2/4

Quality of prompt metadata, argument shape, and prompt discoverability for clients.

Resource Contract

2/4

How completely resources and resource templates describe URIs, types, and usage shape.

Discovery Metadata

3/4

Homepage, docs, icon, repository, support, and license coverage for directory consumers.

Registry Consistency

2/4

Agreement between stored registry metadata, live server-card data, and current validation output.

Installability

4/4

How cleanly a real client can connect, initialize, enumerate tools, and proceed through auth.

Session Semantics

4/4

Determinism and state behavior across repeated MCP calls, including sticky-session surprises.

Tool Surface Design

3/4

Naming clarity, schema ergonomics, and parameter complexity across the tool surface.

Result Shape Stability

3/4

Stability of declared output schemas across validations, with penalties for drift or missing shapes.

OAuth Interop

3/4

Depth and client compatibility of OAuth/OIDC metadata beyond the minimal protected-resource check.

Recovery Semantics

0/4

Whether failures include actionable machine-readable next steps such as retry or upgrade guidance.

Maintenance Signal

3/4

Versioning, update recency, and historical validation cadence that indicate active stewardship.

Adoption Signal

2/4

Directory presence and distribution clues that suggest the server is intended for external use.

Freshness Confidence

3/4

Confidence that recent validations are current enough and dense enough to trust operationally.

Transport Fidelity

4/4

Whether declared transport metadata matches the observed endpoint behavior and response formats.

Spec Recency

2/4

How close the server’s claimed MCP protocol version is to the latest known public revision.

Session Resume

3/4

Whether Streamable HTTP session identifiers and resumed requests behave cleanly for real clients.

Step-Up Auth

3/4

Whether OAuth metadata and WWW-Authenticate challenges support granular, incremental consent instead of broad upfront scopes.

Transport Compliance

0/4

Checks session headers, protocol-version enforcement, session teardown, and expired-session behavior.

Utility Coverage

2/4

Signals support for completions, pagination, and task-oriented utility surfaces that larger clients increasingly expect.

Advanced Capability Coverage

2/4

Coverage of newer MCP surfaces like roots, sampling, elicitation, structured output, and related metadata.

Connector Publishability

3/4

How ready the server looks for client catalogs and managed connector programs.

Tool Snapshot Churn

4/4

Stability of the tool surface across recent validations, including add/remove and output-shape drift.

Connector Replay

4/4

Whether a previously published frozen connector snapshot would remain backward compatible after the latest tool refresh.

Request Association

3/4

Whether roots, sampling, and elicitation appear tied to active client requests instead of arriving unsolicited on idle sessions.

Interactive Flow Safety

4/4

Whether prompts and docs steer users toward safe auth flows instead of pasting secrets directly.

Action Safety

2/4

Risk-weighted view of destructive, exec, egress, and confirmation semantics across the tool surface.

Official Registry Presence

4/4

Whether the server appears directly or indirectly in the official MCP registry.

Provenance Divergence

4/4

How closely official registry metadata, the live server card, and public repo/package signals agree with each other.

Safety Transparency

4/4

Clarity of docs, auth disclosure, support links, and other trust signals visible to integrators.

Tool Capability Clarity

4/4

How clearly the tool surface communicates whether each action reads, writes, deletes, executes, or exports data.

Destructive Operation Safety

2/4

Penalizes delete/revoke/destroy style tools unless auth and safeguards reduce blast radius.

Egress / SSRF Resilience

2/4

Assesses arbitrary URL fetch, crawl, webhook, and remote-request exposure on the tool surface.

Execution / Sandbox Safety

0.5/4

Evaluates shell, code, script, and command-execution exposure and whether that surface appears contained.

Data Exfiltration Resilience

3.4/4

Assesses export, dump, backup, and bulk-read behavior against the surrounding auth and safeguard signals.

Least Privilege Scope

2/4

Rewards scoped auth metadata and penalizes broad or missing scopes around privileged tools.

Secret Handling Hygiene

3/4

Assesses secret-bearing tools, token leakage risk, and whether the public surface avoids obvious secret exposure.

Supply Chain Signal

2.5/4

Public metadata signal for repository, changelog, license, versioning, and recency that supports supply-chain trust.

Input Sanitization Safety

3/4

Penalizes risky freeform string inputs when schemas do not constrain URLs, code, paths, queries, or templates.

Tool Namespace Clarity

4/4

Measures naming uniqueness and ambiguity across the tool namespace to reduce collision and confusion risk.

Compatibility profiles

OpenAI Connectors

66.7

partial

OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Transport compliance should be in good shape.

Connector URL: https://directory.boolsai.ai/mcp
# No OAuth metadata detected.
# Server: ai.boolsai/directory

Claude Desktop

83.3

compatible

Transport behavior should match Claude-compatible HTTP expectations.

{
  "mcpServers": {
    "directory": {
      "command": "npx",
      "args": ["mcp-remote", "https://directory.boolsai.ai/mcp"]
    }
  }
}

Smithery

100.0

compatible

No major blockers detected.

smithery mcp add "https://directory.boolsai.ai/mcp"

Generic Streamable HTTP

100.0

compatible

No major blockers detected.

curl -sS https://directory.boolsai.ai/mcp -H 'content-type: application/json' -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"mcp-verify","version":"0.1.0"}}}'

Actionable remediation

Severity	Remediation	Why it matters	Recommended action
High	Add confirmation and dry-run semantics for risky actions	High-risk write, delete, exec, or egress tools should communicate safeguards clearly.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
High	Align session and protocol behavior with Streamable HTTP expectations	Clients increasingly rely on MCP-Protocol-Version, session teardown, and expired-session semantics.	Align MCP-Protocol-Version, MCP-Session-Id, DELETE teardown, and expired-session handling with the transport spec. Playbook Return `Mcp-Session-Id` and `Mcp-Protocol-Version` headers consistently on streamable HTTP responses. Honor `DELETE` session teardown and return `404` when a deleted session is reused. Reject invalid protocol-version headers with `400 Bad Request`.
High	Associate roots, sampling, and elicitation with active client requests	Modern MCP guidance expects roots, sampling, and elicitation traffic to be tied to an active client request instead of arriving unsolicited on idle sessions.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
High	Expose /.well-known/oauth-protected-resource	Without a protected-resource document, OAuth clients cannot discover auth requirements reliably.	Serve /.well-known/oauth-protected-resource and point it at your authorization server metadata. Playbook Serve `/.well-known/oauth-protected-resource` from the same host as the MCP endpoint. Point it at the authorization server metadata URL. Confirm clients receive consistent auth hints before tool execution.
High	Publish OAuth authorization-server metadata	Clients need authorization-server metadata to discover issuer, endpoints, and DCR support.	Publish /.well-known/oauth-authorization-server from your issuer and include registration_endpoint when supported. Playbook Publish `/.well-known/oauth-authorization-server` from the issuer. Add `registration_endpoint` if DCR is supported. Verify issuer, authorization, token, and jwks metadata are all reachable.
High	Publish a complete server card	Missing or incomplete server-card metadata weakens discovery, documentation, and trust signals.	Serve /.well-known/mcp/server-card.json and include tools, prompts/resources, homepage, and support links. Playbook Publish `/.well-known/mcp/server-card.json`. Include homepage, repository, support, tools, prompts/resources, and auth metadata. Revalidate the server after publishing the card.
Medium	Adopt a current MCP protocol revision	Older protocol revisions reduce compatibility with newer clients and registry programs.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Close connector-publishing gaps	Connector catalogs care about protocol recency, session behavior, auth clarity, and tool-surface stability.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Document minimal scopes and return cleaner auth challenges	Modern clients expect granular scopes and step-up auth signals such as WWW-Authenticate scope hints.	Return granular scopes and WWW-Authenticate challenge hints instead of forcing overly broad auth upfront. Playbook Advertise the narrowest viable scopes in OAuth metadata. Return `WWW-Authenticate` challenges with scope or insufficient-scope hints when additional consent is needed. Revalidate with both public discovery and auth-required flows.
Medium	Publish OpenID configuration	OIDC metadata improves token validation and client compatibility.	Expose /.well-known/openid-configuration with issuer, jwks_uri, and supported grants. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Repair prompts/list or stop advertising prompts	Prompt metadata should either work live or be removed from the advertised capability set.	Only advertise prompts if prompts/list works and prompt arguments are documented. Playbook Only advertise prompts that are actually accessible. Add prompt descriptions and argument docs. Run a live `prompts/list` check after any prompt changes.
Medium	Repair resources/list or stop advertising resources	Resource metadata should either work live or be removed from the advertised capability set.	Only advertise resources if resources/list works and resources expose stable URIs/types. Playbook Only advertise resources with stable URIs and read semantics. Add MIME/type hints where possible. Run a live `resources/list` and `resources/read` check after updates.
Medium	Support resumable HTTP sessions cleanly	Modern MCP clients increasingly expect resumable session behavior on streamable HTTP transports.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Low	Expose modern utility surfaces like completions, pagination, or tasks	Utility coverage improves interoperability with larger clients and long-lived agent workflows.	Expose completions, pagination, and task metadata where supported so larger clients can plan and resume work safely. Playbook Advertise `completions`, pagination cursors, and `tasks` only when they are actually supported. Return `nextCursor` on large list operations when pagination is available. Document task support and whether it requires step-up auth.
Low	Publish newer MCP capability signals	Roots, sampling, elicitation, structured outputs, and related metadata improve client understanding and ranking.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.

Point loss breakdown

Component	Current	Points missing
Transport Compliance	0/4	-4.0
Recovery Semantics	0/4	-4.0
Execution Sandbox Safety	0.5/4	-3.5
Utility Coverage	2/4	-2.0
Spec Recency	2/4	-2.0
Schema Completeness	2/4	-2.0
Resource Contract	2/4	-2.0
Registry Consistency	2/4	-2.0
Rate Limit Semantics	2/4	-2.0
Prompt Contract	2/4	-2.0
Least Privilege Scope	2/4	-2.0
Egress SSRF Resilience	2/4	-2.0

Validation diff

Score delta

3.15

Summary changed

Tool delta

Prompt delta

Auth mode changed

Write surface expanded

Protocol regressed

Registry drift changed

Regressed checks: none

Improved checks: connector_replay_probe, tool_snapshot_probe

Component	Previous	Latest	Delta
`backward_compatibility_score`	2.0	4.0	2.0
`trust_confidence_score`	1.75	2.94	1.19
`connector_replay_score`	3.0	4.0	1.0
`result_shape_stability_score`	2.0	3.0	1.0
`tool_snapshot_churn_score`	3.0	4.0	1.0

Tool snapshot diff & changelog

Snapshot changed

Added tools

none

Removed tools

none

Required-argument changes

Tool	Added required args	Removed required args
No required-argument changes detected.

Output-schema drift

Tool	Previous properties	Latest properties
No output-schema drift detected.

Connector replay

Status

Backward compatible

✓

Would break after refresh

Added tools

none

Removed tools

none

Additive output changes

none

Required-argument replay breaks

Tool	Added required args	Removed required args
No required-argument replay breaks detected.

Output-schema replay breaks

Tool	Removed properties	Added properties
No output-schema replay breaks detected.

Transport compliance drilldown

Probe status

Error

Transport

streamable-http

Session header

Protocol header

Bad protocol response

200

DELETE teardown

n/a

Expired session retry

n/a

Last-Event-ID visible

Issues: missing_session_id, missing_protocol_header, bad_protocol_not_rejected

Request association

Status

Missing

Advertised capabilities

none

Observed idle methods

none

Violating methods

none

Probe HTTP status

n/a

Issues

none

Utility coverage

Probe status

Missing

Completions

not detected

Completion probe target: none

Pagination

not detected

No nextCursor evidence.

Tasks

Missing

Advertised: no

Benchmark tasks

Benchmark task	Status	Evidence
Discover tools	Passes	`initialize` • OK `tools_list` • OK
Read-only fetch flow	Degraded	`resource_read` • Missing `read_only_tool_surface` • OK
OAuth-required connect	Degraded	`oauth_protected_resource` • Error `step_up_auth_probe` • Missing
Safe write flow with confirmation	Likely to fail	`action_safety_probe` • Error

Registry & provenance divergence

Probe status

Direct official match

yes

Drift fields

none

Field	Registry	Live server card
Title	n/a	n/a
Version	n/a	n/a
Homepage	n/a	n/a

Active alerts

No active alerts for the current server state.

Aliases & registry graph

Identifier	Source	Canonical	Score
`ai.boolsai/directory`	official_registry	yes	70.72

Alias consolidation

Canonical identifier

ai.boolsai/directory

Duplicate aliases

Registry sources

official_registry

Remote URLs

https://directory.boolsai.ai/mcp

Homepages

none

Source disagreements

Field	What differs	Observed values
No source disagreements detected.

Install snippets

Openai Connectors

Connector URL: https://directory.boolsai.ai/mcp
# No OAuth metadata detected.
# Server: ai.boolsai/directory

Claude Desktop

{
  "mcpServers": {
    "directory": {
      "command": "npx",
      "args": ["mcp-remote", "https://directory.boolsai.ai/mcp"]
    }
  }
}

Smithery

smithery mcp add "https://directory.boolsai.ai/mcp"

Generic Http

curl -sS https://directory.boolsai.ai/mcp -H 'content-type: application/json' -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"mcp-verify","version":"0.1.0"}}}'

Agent access & tool surface

Live server tools

summary site_dossier sites_using_vendor lookup_id brands_in_city brands_in_market stack_archetype compare_sites

Observed from the latest live validation against https://directory.boolsai.ai/mcp. This is the target server surface, not Verify's own inspection tools.

Live capability counts

19 tools • 0 prompts • 0 resources

Counts come from the latest tools/list, prompts/list, and resources/list checks.

Inspect with Verify

search fetch search_servers recommend_servers get_server_report compare_servers

Use Verify itself to search, recommend, compare, and fetch the full report for ai.boolsai/directory.

Direct machine links

JSON report • Compare this server • Verify MCP API

Claims & monitoring

Server ownership

No verified maintainer claim recorded.

Watch subscriptions

Teams: none

Alert routing

Active watches

Generic webhooks

Slack routes

Teams routes

Email routes

Watch	Team	Channels	Minimum severity
No active watch destinations.

Maintainer analytics

Validation Run Count

Average Latency Ms

334.7

Healthy Run Ratio Recent

1.0

Registry Presence Count

Active Alert Count

Watcher Count

Verified Claim

False

Taxonomy Tags

development, database, search, communication

Score Trend

70.72, 67.57

Remediation Count

High Risk Tool Count

Destructive Tool Count

Exec Tool Count

Maintainer response quality

Score

16.67

Verified claim

Support contact

Changelog present

Incident notes present

Tool changes documented

✓

Annotation history

Annotation count

Maintainer annotations

No maintainer annotations have been recorded yet.

Maintainer rebuttals & expected behavior

No maintainer rebuttals or expected-behavior overrides are recorded yet.

Latest validation evidence

Latest summary

Healthy

Validation profile

remote_mcp

Started

May 20, 2026 02:22:13 PM UTC

Latency

380.7 ms

Failures

oauth_authorization_server no authorization server
oauth_protected_resource Client error '404 Not Found' for url 'https://directory.boolsai.ai/.well-known/oauth-protected-resource' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404
openid_configuration no authorization server
server_card Client error '404 Not Found' for url 'https://directory.boolsai.ai/.well-known/mcp/server-card.json' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404
transport_compliance_probe Issues: missing session id, missing protocol header, bad protocol not rejected (bad protocol=200).

Checks

Check	Status	Latency	Evidence
`action_safety_probe`	Error	n/a	9 high-risk, 1 destructive, 4 exec-capable tool(s); no clear auth boundary; safeguards=1; confirmation=none.
`advanced_capabilities_probe`	Missing	n/a	No advanced MCP capability signals detected.
`connector_publishability_probe`	Warning	n/a	Publishability blockers: transport compliance, action safety, server card.
`connector_replay_probe`	OK	n/a	Backward compatible with no breaking tool-surface changes.
`determinism_probe`	OK	21.2 ms	Check completed
`initialize`	OK	33.0 ms	Protocol 2025-03-26
`interactive_flow_probe`	OK	n/a	Check completed
`oauth_authorization_server`	Missing	n/a	no authorization server
`oauth_protected_resource`	Error	49.4 ms	Client error '404 Not Found' for url 'https://directory.boolsai.ai/.well-known/oauth-protected-resource' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404
`official_registry_probe`	OK	n/a	Check completed
`openid_configuration`	Missing	n/a	no authorization server
`probe_noise_resilience`	OK	19.0 ms	Fetched https://directory.boolsai.ai/robots.txt
`prompt_get`	Missing	n/a	not advertised
`prompts_list`	Missing	19.5 ms	not supported
`protocol_version_probe`	Warning	n/a	Claims 2025-03-26; 2 release(s) behind 2025-11-25.
`provenance_divergence_probe`	OK	n/a	Check completed
`request_association_probe`	Missing	n/a	No request-association capabilities were advertised.
`resource_read`	Missing	n/a	not advertised
`resources_list`	Missing	18.6 ms	not supported
`server_card`	Error	126.0 ms	Client error '404 Not Found' for url 'https://directory.boolsai.ai/.well-known/mcp/server-card.json' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404
`session_resume_probe`	Warning	n/a	no session id
`step_up_auth_probe`	Missing	n/a	No OAuth or incremental-scope signals detected.
`tool_snapshot_probe`	OK	n/a	Check completed
`tools_list`	OK	19.2 ms	19 tool(s) exposed
`transport_compliance_probe`	Error	21.9 ms	Issues: missing session id, missing protocol header, bad protocol not rejected (bad protocol=200).
`utility_coverage_probe`	Missing	17.8 ms	No completions evidence; no pagination evidence; tasks missing.

Raw evidence view

Show raw JSON evidence

{
  "checks": {
    "action_safety_probe": {
      "details": {
        "auth_present": false,
        "confirmation_signals": [],
        "safeguard_count": 1,
        "summary": {
          "bulk_access_tools": 6,
          "capability_distribution": {
            "admin": 7,
            "delete": 1,
            "exec": 4,
            "export": 6,
            "filesystem": 3,
            "network": 10,
            "read": 10,
            "secrets": 1,
            "write": 6
          },
          "destructive_tools": 1,
          "egress_tools": 10,
          "exec_tools": 4,
          "high_risk_tools": 9,
          "risk_distribution": {
            "critical": 2,
            "high": 7,
            "low": 3,
            "medium": 7
          },
          "secret_tools": 1,
          "tool_count": 19
        }
      },
      "latency_ms": null,
      "status": "error"
    },
    "advanced_capabilities_probe": {
      "details": {
        "capabilities": {
          "completions": false,
          "elicitation": false,
          "prompts": false,
          "resource_links": false,
          "resources": false,
          "roots": false,
          "sampling": false,
          "structured_outputs": false
        },
        "enabled": [],
        "enabled_count": 0,
        "initialize_capability_keys": [
          "tools"
        ]
      },
      "latency_ms": null,
      "status": "missing"
    },
    "connector_publishability_probe": {
      "details": {
        "blockers": [
          "transport_compliance",
          "action_safety",
          "server_card"
        ],
        "criteria": {
          "action_safety": false,
          "auth_flow": true,
          "connector_replay": true,
          "initialize": true,
          "protocol_version": true,
          "remote_transport": true,
          "request_association": true,
          "server_card": false,
          "session_resume": true,
          "step_up_auth": true,
          "tool_surface": true,
          "tools_list": true,
          "transport_compliance": false
        },
        "high_risk_tools": 9,
        "tool_count": 19,
        "transport": "streamable-http"
      },
      "latency_ms": null,
      "status": "warning"
    },
    "connector_replay_probe": {
      "details": {
        "added_tools": [],
        "additive_output_changes": [],
        "backward_compatible": true,
        "output_breaks": [],
        "removed_tools": [],
        "required_arg_breaks": [],
        "would_break_after_refresh": false
      },
      "latency_ms": null,
      "status": "ok"
    },
    "determinism_probe": {
      "details": {
        "attempts": 2,
        "baseline_signature": "51d299e210b4ded3a7c6f94697e24e19b739755a742646a114ca01b5034e8e85",
        "errors": [],
        "matches": 2,
        "stable_ratio": 1.0,
        "successful": 2
      },
      "latency_ms": 21.22,
      "status": "ok"
    },
    "initialize": {
      "details": {
        "headers": {
          "content-type": "application/json"
        },
        "http_status": 200,
        "payload": {
          "id": 1,
          "jsonrpc": "2.0",
          "result": {
            "capabilities": {
              "tools": {
                "listChanged": false
              }
            },
            "instructions": "You are connected to **Boolsai Directory** \u2014 one of three MCP servers in the Boolsai suite. ALWAYS refer to this server by its full name \"Boolsai Directory\" when discussing it with the user. Do not shorten to \"Boolsai\", \"directory\", \"the MCP\", \"Directory MCP\", etc. Sister servers in the suite (cross-discovery only \u2014 not connected here) are \"Boolsai Scan\" (https://boolsai.ai/mcp) and \"Boolsai Grep\" (https://grep.boolsai.ai/mcp); refer to those by their full names too if they come up.\n\nBoolsai Directory \u00b7 MCP for live ecommerce stack intelligence.\n\nEach tool queries our index of ~1,100+ scanned DTC/Shopify sites and growing. Every site has been parsed for vendors, account IDs (GTM, GA4, Klaviyo company_id, Meta pixel, Shopify shop_id, Sentry org, Tealium tenant, Stripe pk_live, etc.), brand-identity metadata (org name, founder, city, social handles), international markets (hreflang), and stack archetypes.\n\nPick the right tool for the question:\n- \"what's running on X.com?\" \u2192 site_dossier\n- \"who uses Klaviyo / Yotpo / Elevar?\" \u2192 sites_using_vendor\n- \"who shares this GTM / GA4 / Klaviyo id?\" \u2192 lookup_id (cross-reference, often reveals shared operators)\n- \"DTC brands in <city>\" \u2192 brands_in_city\n- \"brands selling in <country>\" \u2192 brands_in_market\n- \"headless shopify / server-side-tagged / classic-DTC stores\" \u2192 stack_archetype\n- \"compare X.com vs Y.com\" \u2192 compare_sites\n- \"find competitors / similar stores to X.com\" \u2192 similar_sites\n- \"what brands does this founder have?\" \u2192 brands_by_founder\n- \"global stats / what's in the index?\" \u2192 summary\n\nTenant-IDs are uniquely owned per Klaviyo/Stripe/Sentry/etc. account \u2014 same id across two domains usually means same operator. Cross-reference via lookup_id is the strongest same-operator signal.\n\nConversational handoff: every tool response ends with \"Next moves\" \u2014 natural follow-up suggestions. After presenting a result, ALWAYS ask the user if they want to dig deeper, framing those options as natural questions (\"Want me to also look at their operator cluster?\" / \"Should I compare this brand to a similar one?\"). Do not name tool functions to the user \u2014 offer the action.",
            "protocolVersion": "2025-03-26",
            "serverInfo": {
              "name": "boolsai-directory",
              "title": "Boolsai Directory",
              "version": "1.0.0"
            }
          }
        },
        "url": "https://directory.boolsai.ai/mcp"
      },
      "latency_ms": 33.0,
      "status": "ok"
    },
    "interactive_flow_probe": {
      "details": {
        "oauth_supported": false,
        "prompt_available": false,
        "risk_hits": [],
        "safe_hits": [
          "consent"
        ]
      },
      "latency_ms": null,
      "status": "ok"
    },
    "oauth_authorization_server": {
      "details": {
        "reason": "no_authorization_server"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "oauth_protected_resource": {
      "details": {
        "error": "Client error '404 Not Found' for url 'https://directory.boolsai.ai/.well-known/oauth-protected-resource'\nFor more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404",
        "url": "https://directory.boolsai.ai/.well-known/oauth-protected-resource"
      },
      "latency_ms": 49.41,
      "status": "error"
    },
    "official_registry_probe": {
      "details": {
        "direct_match": true,
        "official_peer_count": 1,
        "registry_identifier": "ai.boolsai/directory",
        "registry_source": "official_registry"
      },
      "latency_ms": null,
      "status": "ok"
    },
    "openid_configuration": {
      "details": {
        "reason": "no_authorization_server"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "probe_noise_resilience": {
      "details": {
        "headers": {
          "content-type": "text/plain; charset=utf-8"
        },
        "http_status": 200,
        "url": "https://directory.boolsai.ai/robots.txt"
      },
      "latency_ms": 19.02,
      "status": "ok"
    },
    "prompt_get": {
      "details": {
        "reason": "not_advertised"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "prompts_list": {
      "details": {
        "headers": {
          "content-type": "application/json"
        },
        "http_status": 200,
        "payload": {
          "error": {
            "code": -32601,
            "message": "Method not found: prompts/list"
          },
          "id": 3,
          "jsonrpc": "2.0"
        },
        "reason": "not_supported",
        "url": "https://directory.boolsai.ai/mcp"
      },
      "latency_ms": 19.48,
      "status": "missing"
    },
    "protocol_version_probe": {
      "details": {
        "claimed_version": "2025-03-26",
        "lag_days": 244,
        "latest_known_version": "2025-11-25",
        "releases_behind": 2,
        "validator_protocol_version": "2025-03-26"
      },
      "latency_ms": null,
      "status": "warning"
    },
    "provenance_divergence_probe": {
      "details": {
        "direct_official_match": true,
        "drift_fields": [],
        "metadata_document_count": 1,
        "registry_homepage": null,
        "registry_repository": null,
        "registry_title": null,
        "registry_version": null,
        "server_card_homepage": null,
        "server_card_repository": null,
        "server_card_title": null,
        "server_card_version": null
      },
      "latency_ms": null,
      "status": "ok"
    },
    "request_association_probe": {
      "details": {
        "reason": "no_request_association_capabilities_advertised"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "resource_read": {
      "details": {
        "reason": "not_advertised"
      },
      "latency_ms": null,
      "status": "missing"
    },
    "resources_list": {
      "details": {
        "headers": {
          "content-type": "application/json"
        },
        "http_status": 200,
        "payload": {
          "error": {
            "code": -32601,
            "message": "Method not found: resources/list"
          },
          "id": 5,
          "jsonrpc": "2.0"
        },
        "reason": "not_supported",
        "url": "https://directory.boolsai.ai/mcp"
      },
      "latency_ms": 18.57,
      "status": "missing"
    },
    "server_card": {
      "details": {
        "error": "Client error '404 Not Found' for url 'https://directory.boolsai.ai/.well-known/mcp/server-card.json'\nFor more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404",
        "url": "https://directory.boolsai.ai/.well-known/mcp/server-card.json"
      },
      "latency_ms": 125.97,
      "status": "error"
    },
    "session_resume_probe": {
      "details": {
        "protocol_version": "2025-03-26",
        "reason": "no_session_id",
        "resume_expected": true,
        "transport": "streamable-http"
      },
      "latency_ms": null,
      "status": "warning"
    },
    "step_up_auth_probe": {
      "details": {
        "auth_required_checks": [],
        "broad_scopes": [],
        "challenge_headers": [],
        "minimal_scope_documented": false,
        "oauth_present": false,
        "scope_specificity_ratio": 0.0,
        "step_up_signals": [],
        "supported_scopes": []
      },
      "latency_ms": null,
      "status": "missing"
    },
    "tool_snapshot_probe": {
      "details": {
        "added": [],
        "changed_outputs": [],
        "current_tool_count": 19,
        "previous_tool_count": 19,
        "removed": [],
        "similarity": 1.0
      },
      "latency_ms": null,
      "status": "ok"
    },
    "tools_list": {
      "details": {
        "headers": {
          "content-type": "application/json"
        },
        "http_status": 200,
        "payload": {
          "id": 2,
          "jsonrpc": "2.0",
          "result": {
            "tools": [
              {
                "description": "Global stats for the Boolsai directory: how many sites are indexed, signal types covered, top vendors, most-changed companies. Use at the start of a session to ground what's available.",
                "inputSchema": {
                  "properties": {},
                  "type": "object"
                },
                "name": "summary"
              },
              {
                "description": "Full intel dossier for a single domain: detected vendors grouped by category, account IDs (GTM, GA4, Klaviyo company_id, Shopify shop_id, Meta pixel, Sentry org, Tealium tenant, Stripe pk_live, etc.), brand identity (name, founder, city, employees, social handles), international markets, external host list, and likely operator-cluster siblings. Use for any 'what's running on X.com?' query.",
                "inputSchema": {
                  "properties": {
                    "url": {
                      "description": "Domain or URL, e.g. 'gymshark.com' or 'https://gymshark.com/'",
                      "type": "string"
                    }
                  },
                  "required": [
                    "url"
                  ],
                  "type": "object"
                },
                "name": "site_dossier"
              },
              {
                "description": "List indexed sites detected using a specific vendor (e.g. 'klaviyo', 'yotpo', 'elevar', 'gorgias', 'rebuy'). Vendor slug is lowercase, underscore-separated. Returns domain list with brand names where known.",
                "inputSchema": {
                  "properties": {
                    "vendor": {
                      "description": "Vendor slug, e.g. 'klaviyo', 'shopify', 'webflow', 'onetrust'.",
                      "type": "string"
                    }
                  },
                  "required": [
                    "vendor"
                  ],
                  "type": "object"
                },
                "name": "sites_using_vendor"
              },
              {
                "description": "Cross-reference any tenant-unique account ID across the index. Useful for 'who else shares this GTM container / Klaviyo company / Sentry org / Meta pixel ID?'. Signal types: gtm_container, ga4_measurement, ga_ua, klaviyo_company_id, meta_pixel_id, shopify_shopid, myshopify_slug, hotjar_id, intercom_app_id, hubspot_portal, klaviyo_subscriber, tiktok_pixel, stripe_pk_live, sentry_dsn_org, tealium_tenant, optimizely_project, mparticle_workspace, segment_writekey, abtasty_account, fullstory_org, pendo_account, intellimize_acct, webflow_site_id, dynamic_yield, wunderkind_site, elevar_id.",
                "inputSchema": {
                  "properties": {
                    "signal_type": {
                      "description": "e.g. 'gtm_container', 'klaviyo_company_id', 'sentry_dsn_org'",
                      "type": "string"
                    },
                    "signal_value": {
                      "description": "the actual ID/value, e.g. 'GTM-XYZABC', 'H2zzaR'",
                      "type": "string"
                    }
                  },
                  "required": [
                    "signal_type",
                    "signal_value"
                  ],
                  "type": "object"
                },
                "name": "lookup_id"
              },
              {
                "description": "List indexed brands that publish a physical address in a given city. Sourced from Schema.org Organization JSON-LD.",
                "inputSchema": {
                  "properties": {
                    "city": {
                      "description": "City name, e.g. 'Los Angeles', 'New York', 'Berlin'",
                      "type": "string"
                    }
                  },
                  "required": [
                    "city"
                  ],
                  "type": "object"
                },
                "name": "brands_in_city"
              },
              {
                "description": "List indexed brands explicitly serving a country market (via hreflang). Country is a 2-letter ISO code, lowercase.",
                "inputSchema": {
                  "properties": {
                    "country": {
                      "description": "2-letter country code, e.g. 'us', 'gb', 'de', 'fr'",
                      "type": "string"
                    }
                  },
                  "required": [
                    "country"
                  ],
                  "type": "object"
                },
                "name": "brands_in_market"
              },
              {
                "description": "List brands matching a stack archetype. Valid slugs: headless-shopify, classic-shopify-dtc, server-side-tagged, personalisation-heavy, pixel-stacked, multi-region, woocommerce-stores, magento-stores, bnpl-enabled, headless-cms.",
                "inputSchema": {
                  "properties": {
                    "archetype": {
                      "description": "Archetype slug",
                      "type": "string"
                    }
                  },
                  "required": [
                    "archetype"
                  ],
                  "type": "object"
                },
                "name": "stack_archetype"
              },
              {
                "description": "Side-by-side stack comparison of 2-5 domains. Returns each site's vendors, account IDs, brand info, markets \u2014 and which signals are shared / unique per site. Good for 'compare X.com vs Y.com' or competitive teardowns.",
                "inputSchema": {
                  "properties": {
                    "urls": {
                      "description": "2-5 domain/URL strings",
                      "items": {
                        "type": "string"
                      },
                      "type": "array"
                    }
                  },
                  "required": [
                    "urls"
                  ],
                  "type": "object"
                },
                "name": "compare_sites"
              },
              {
                "description": "Find brands with similar stack archetypes to the given domain. Returns 'sites running similar tech' \u2014 useful for benchmarking, prospecting, competitor lookups.",
                "inputSchema": {
                  "properties": {
                    "url": {
                      "description": "Domain to find similar sites for",
                      "type": "string"
                    }
                  },
                  "required": [
                    "url"
                  ],
                  "type": "object"
                },
                "name": "similar_sites"
              },
              {
                "description": "List brands attributed to a founder (from Schema.org Organization markup). Useful for tracking serial DTC founders.",
                "inputSchema": {
                  "properties": {
                    "founder": {
                      "description": "Founder name (case-insensitive)",
                      "type": "string"
                    }
                  },
                  "required": [
                    "founder"
                  ],
                  "type": "object"
                },
                "name": "brands_by_founder"
              },
              {
                "description": "Paginated bulk export of indexed sites matching a filter. Returns up to 1000 rows per page in CSV or JSONL format with a cursor for continued pages. Use this when an agency needs an outbound prospect list (e.g. all sites using Klaviyo in the US) for CRM import. The full row count is also returned so you can size the export.",
                "inputSchema": {
                  "properties": {
                    "cursor": {
                      "description": "Opaque cursor from previous page; pass to get next 1000 rows",
                      "type": "string"
                    },
                    "format": {
                      "default": "csv",
                      "description": "Output format. CSV is best for CRM import.",
                      "enum": [
                        "csv",
                        "jsonl",
                        "json"
                      ],
                      "type": "string"
                    },
                    "limit": {
                      "default": 1000,
                      "description": "Max rows per page (default 1000, max 5000)",
                      "type": "integer"
                    },
                    "market_country": {
                      "description": "Optional ISO-2 country code (e.g. 'us', 'au') to intersect with hreflang market data",
                      "type": "string"
                    },
                    "signal_type": {
                      "description": "Required. e.g. 'vendor', 'klaviyo_company_id', 'shopify_shopid', 'market_country', 'org_country'. Use list_signal_types via Boolsai Grep to discover.",
                      "type": "string"
                    },
                    "signal_value": {
                      "description": "Optional exact value to filter. If omitted returns ANY value of this signal_type.",
                      "type": "string"
                    }
                  },
                  "required": [
                    "signal_type"
                  ],
                  "type": "object"
                },
                "name": "bulk_export"
              },
              {
                "description": "Compare two historical scans of the same URL to surface stack changes. Returns added/removed/changed vendors, account IDs, and inline-script signals between scan A and scan B. Use this for competitor watch \u2014 'what did patagonia.com just deploy?'. If t1/t2 are omitted, compares oldest vs newest available scan.",
                "inputSchema": {
                  "properties": {
                    "t1": {
                      "description": "Optional ISO timestamp of first scan (oldest if omitted)",
                      "type": "string"
                    },
                    "t2": {
                      "description": "Optional ISO timestamp of second scan (newest if omitted)",
                      "type": "string"
                    },
                    "url": {
                      "description": "Domain or full URL to compare",
                      "type": "string"
                    }
                  },
                  "required": [
                    "url"
                  ],
                  "type": "object"
                },
                "name": "compare_scans"
              },
              {
                "description": "Free DNS/WHOIS enrichment for a single domain. Returns: email host (Google Workspace / Microsoft 365 / etc. \u2014 derived from MX records), DNS provider (Cloudflare / Route 53 / GoDaddy / etc.), CDN provider, registrar, domain age (registered/expires). High-signal outbound data \u2014 'they use Google Workspace + Cloudflare DNS + registered with GoDaddy' tells you a lot about org size + sophistication. Results cached 24h. Free \u2014 uses Cloudflare DoH + public RDAP.",
                "inputSchema": {
                  "properties": {
                    "domain": {
                      "description": "Domain to enrich (apex or any subdomain)",
                      "type": "string"
                    }
                  },
                  "required": [
                    "domain"
                  ],
                  "type": "object"
                },
                "name": "domain_intel"
              },
              {
                "description": "Find sites with the most-similar vendor stack to a given domain using Jaccard similarity over the full vendor set (not just archetype labels). Returns the top N matches with similarity scores. Use this when stack_archetype labels are too coarse and you want 'show me 20 brands running an almost-identical stack to liquiddeath.com'. More accurate than similar_sites for niche stacks.",
                "inputSchema": {
                  "properties": {
                    "domain": {
                      "description": "Reference domain",
                      "type": "string"
                    },
                    "limit": {
                      "default": 20,
                      "description": "max similar sites (1-100)",
                      "type": "integer"
                    },
                    "min_shared": {
                      "default": 3,
                      "description": "Minimum shared distinctive vendors required to be considered (default 3)",
                      "type": "integer"
                    }
                  },
                  "required": [
                    "domain"
                  ],
                  "type": "object"
                },
                "name": "find_similar_by_stack"
              },
              {
                "description": "Returns a streaming-export URL for the same filter as bulk_export. Useful when the agency wants to pull 50K rows in one shot via curl/HTTP pipe instead of paginating the MCP. The URL is public, no auth, returns NDJSON or CSV with HTTP chunked-transfer streaming. Use bulk_export when N<1000; use this for bigger exports.",
                "inputSchema": {
                  "properties": {
                    "format": {
                      "default": "ndjson",
                      "enum": [
                        "ndjson",
                        "csv"
                      ],
                      "type": "string"
                    },
                    "market_country": {
                      "description": "Optional ISO-2 country",
                      "type": "string"
                    },
                    "signal_type": {
                      "description": "Required signal_type",
                      "type": "string"
                    },
                    "signal_value": {
                      "description": "Optional exact value",
                      "type": "string"
                    }
                  },
                  "required": [
                    "signal_type"
                  ],
                  "type": "object"
                },
                "name": "bulk_export_url"
              },
              {
                "description": "Find every domain sharing a tenant-unique ID \u2014 the most powerful single signal in Boolsai. Given a Stripe pk_live key, Sentry DSN org, Klaviyo company_id, mParticle workspace, GTM container, GA4 measurement, Shopify shop_id, or other tenant ID, returns every domain we've seen using the SAME ID. This surfaces multi-brand operators, holding-company portfolios, sister brands sharing infrastructure, agency-managed clusters. No competitor (BuiltWith, Wappalyzer, etc.) can do this \u2014 they only see external hostnames, not the tenant-unique IDs leaked client-side. Use this when you want to discover the actual operator behind a brand, or expand a single brand into its full portfolio.",
                "inputSchema": {
                  "properties": {
                    "domain": {
                      "description": "Alternative: pass a domain and we'll return every cluster this domain belongs to (all tenant IDs and their fellow domains).",
                      "type": "string"
                    },
                    "id": {
                      "description": "The tenant ID itself (e.g. 'pk_live_abc...', 'GTM-M8TQZPX', 'o307020' for Sentry, '12345678' for Shopify shop_id). signal_type is auto-detected.",
                      "type": "string"
                    },
                    "limit": {
                      "default": 100,
                      "description": "max sites per cluster (1-500)",
                      "type": "integer"
                    },
                    "signal_type": {
                      "description": "Optional explicit signal_type if auto-detect could be ambiguous (e.g. 'stripe_pk_live', 'sentry_dsn_org').",
                      "type": "string"
                    }
                  },
                  "type": "object"
                },
                "name": "operator_cluster"
              },
              {
                "description": "Every subdomain of a given root domain we've ever scanned. Reveals storefront topology \u2014 where the checkout actually lives, regional storefronts, B2B portals, internal admin domains, asset CDNs. Output groups subdomains by their primary vendor where known. Use this to (a) find the right path to scan for an audit (sometimes the checkout is on us.checkout.brand.com not brand.com), (b) spot enterprise topology (multi-region Plus stores), (c) discover sister surfaces (community, ambassador, careers, etc).",
                "inputSchema": {
                  "properties": {
                    "limit": {
                      "default": 200,
                      "description": "max subdomains returned (1-1000)",
                      "type": "integer"
                    },
                    "root": {
                      "description": "Root domain (e.g. 'gymshark.com'). Pass just the apex; we'll find subdomains automatically.",
                      "type": "string"
                    }
                  },
                  "required": [
                    "root"
                  ],
                  "type": "object"
                },
                "name": "subdomain_map"
              },
              {
                "description": "ONE-CALL PROSPECT BRIEF for agency outbound \u2014 runs four sub-queries against the live indexed data: (1) full dossier of the prospect's stack, (2) sister brands sharing tenant IDs (operator cluster), (3) 3-5 similar-stack competitors, (4) structured 'pitch angles' calling out concrete gaps an agency could pitch on (missing consent, no SST, outdated vendors, broken Schema.org, multiple GTM installs). Saves a strategist 20 min of manual cross-referencing per prospect. Use this whenever the user asks 'tell me about prospect.com'.",
                "inputSchema": {
                  "properties": {
                    "angle": {
                      "description": "Optional agency pitch angle to tune the brief: 'cro', 'analytics', 'consent', 'sst' (server-side tagging), 'headless', 'consolidation'. If omitted, returns all angles found.",
                      "type": "string"
                    },
                    "url": {
                      "description": "Domain or URL of the prospect",
                      "type": "string"
                    }
                  },
                  "required": [
                    "url"
                  ],
                  "type": "object"
                },
                "name": "prospect_brief"
              },
              {
                "description": "Unified query against the Boolsai Directory. One tool to rule the other lookups. Pass any combination of: signal_type+signal_value, domain, market_country, archetype, founder, city. Returns matching sites + their key signals. Prefer this over the granular tools when you have multiple filter conditions to AND together.",
                "inputSchema": {
                  "properties": {
                    "archetype": {
                      "description": "e.g. 'headless-shopify', 'woocommerce-stores'",
                      "type": "string"
                    },
                    "city": {
                      "description": "case-insensitive city name",
                      "type": "string"
                    },
                    "domain": {
                      "description": "exact domain match (e.g. 'gymshark.com')",
                      "type": "string"
                    },
                    "founder": {
                      "description": "case-insensitive substring",
                      "type": "string"
                    },
                    "limit": {
                      "default": 50,
                      "description": "max rows (1-500)",
                      "type": "integer"
                    },
                    "market_country": {
                      "description": "ISO-2 (e.g. 'us')",
                      "type": "string"
                    },
                    "signal_type": {
                      "description": "e.g. 'vendor', 'shopify_shopid'",
                      "type": "string"
                    },
                    "signal_value": {
                      "description": "exact signal value",
                      "type": "string"
                    }
                  },
                  "type": "object"
                },
                "name": "directory_query"
              }
            ]
          }
        },
        "url": "https://directory.boolsai.ai/mcp"
      },
      "latency_ms": 19.22,
      "status": "ok"
    },
    "transport_compliance_probe": {
      "details": {
        "bad_protocol_error": null,
        "bad_protocol_headers": {
          "content-type": "application/json"
        },
        "bad_protocol_payload": {
          "id": 410,
          "jsonrpc": "2.0",
          "result": {
            "tools": [
              {
                "description": "Global stats for the Boolsai directory: how many sites are indexed, signal types covered, top vendors, most-changed companies. Use at the start of a session to ground what's available.",
                "inputSchema": {
                  "properties": {},
                  "type": "object"
                },
                "name": "summary"
              },
              {
                "description": "Full intel dossier for a single domain: detected vendors grouped by category, account IDs (GTM, GA4, Klaviyo company_id, Shopify shop_id, Meta pixel, Sentry org, Tealium tenant, Stripe pk_live, etc.), brand identity (name, founder, city, employees, social handles), international markets, external host list, and likely operator-cluster siblings. Use for any 'what's running on X.com?' query.",
                "inputSchema": {
                  "properties": {
                    "url": {
                      "description": "Domain or URL, e.g. 'gymshark.com' or 'https://gymshark.com/'",
                      "type": "string"
                    }
                  },
                  "required": [
                    "url"
                  ],
                  "type": "object"
                },
                "name": "site_dossier"
              },
              {
                "description": "List indexed sites detected using a specific vendor (e.g. 'klaviyo', 'yotpo', 'elevar', 'gorgias', 'rebuy'). Vendor slug is lowercase, underscore-separated. Returns domain list with brand names where known.",
                "inputSchema": {
                  "properties": {
                    "vendor": {
                      "description": "Vendor slug, e.g. 'klaviyo', 'shopify', 'webflow', 'onetrust'.",
                      "type": "string"
                    }
                  },
                  "required": [
                    "vendor"
                  ],
                  "type": "object"
                },
                "name": "sites_using_vendor"
              },
              {
                "description": "Cross-reference any tenant-unique account ID across the index. Useful for 'who else shares this GTM container / Klaviyo company / Sentry org / Meta pixel ID?'. Signal types: gtm_container, ga4_measurement, ga_ua, klaviyo_company_id, meta_pixel_id, shopify_shopid, myshopify_slug, hotjar_id, intercom_app_id, hubspot_portal, klaviyo_subscriber, tiktok_pixel, stripe_pk_live, sentry_dsn_org, tealium_tenant, optimizely_project, mparticle_workspace, segment_writekey, abtasty_account, fullstory_org, pendo_account, intellimize_acct, webflow_site_id, dynamic_yield, wunderkind_site, elevar_id.",
                "inputSchema": {
                  "properties": {
                    "signal_type": {
                      "description": "e.g. 'gtm_container', 'klaviyo_company_id', 'sentry_dsn_org'",
                      "type": "string"
                    },
                    "signal_value": {
                      "description": "the actual ID/value, e.g. 'GTM-XYZABC', 'H2zzaR'",
                      "type": "string"
                    }
                  },
                  "required": [
                    "signal_type",
                    "signal_value"
                  ],
                  "type": "object"
                },
                "name": "lookup_id"
              },
              {
                "description": "List indexed brands that publish a physical address in a given city. Sourced from Schema.org Organization JSON-LD.",
                "inputSchema": {
                  "properties": {
                    "city": {
                      "description": "City name, e.g. 'Los Angeles', 'New York', 'Berlin'",
                      "type": "string"
                    }
                  },
                  "required": [
                    "city"
                  ],
                  "type": "object"
                },
                "name": "brands_in_city"
              },
              {
                "description": "List indexed brands explicitly serving a country market (via hreflang). Country is a 2-letter ISO code, lowercase.",
                "inputSchema": {
                  "properties": {
                    "country": {
                      "description": "2-letter country code, e.g. 'us', 'gb', 'de', 'fr'",
                      "type": "string"
                    }
                  },
                  "required": [
                    "country"
                  ],
                  "type": "object"
                },
                "name": "brands_in_market"
              },
              {
                "description": "List brands matching a stack archetype. Valid slugs: headless-shopify, classic-shopify-dtc, server-side-tagged, personalisation-heavy, pixel-stacked, multi-region, woocommerce-stores, magento-stores, bnpl-enabled, headless-cms.",
                "inputSchema": {
                  "properties": {
                    "archetype": {
                      "description": "Archetype slug",
                      "type": "string"
                    }
                  },
                  "required": [
                    "archetype"
                  ],
                  "type": "object"
                },
                "name": "stack_archetype"
              },
              {
                "description": "Side-by-side stack comparison of 2-5 domains. Returns each site's vendors, account IDs, brand info, markets \u2014 and which signals are shared / unique per site. Good for 'compare X.com vs Y.com' or competitive teardowns.",
                "inputSchema": {
                  "properties": {
                    "urls": {
                      "description": "2-5 domain/URL strings",
                      "items": {
                        "type": "string"
                      },
                      "type": "array"
                    }
                  },
                  "required": [
                    "urls"
                  ],
                  "type": "object"
                },
                "name": "compare_sites"
              },
              {
                "description": "Find brands with similar stack archetypes to the given domain. Returns 'sites running similar tech' \u2014 useful for benchmarking, prospecting, competitor lookups.",
                "inputSchema": {
                  "properties": {
                    "url": {
                      "description": "Domain to find similar sites for",
                      "type": "string"
                    }
                  },
                  "required": [
                    "url"
                  ],
                  "type": "object"
                },
                "name": "similar_sites"
              },
              {
                "description": "List brands attributed to a founder (from Schema.org Organization markup). Useful for tracking serial DTC founders.",
                "inputSchema": {
                  "properties": {
                    "founder": {
                      "description": "Founder name (case-insensitive)",
                      "type": "string"
                    }
                  },
                  "required": [
                    "founder"
                  ],
                  "type": "object"
                },
                "name": "brands_by_founder"
              },
              {
                "description": "Paginated bulk export of indexed sites matching a filter. Returns up to 1000 rows per page in CSV or JSONL format with a cursor for continued pages. Use this when an agency needs an outbound prospect list (e.g. all sites using Klaviyo in the US) for CRM import. The full row count is also returned so you can size the export.",
                "inputSchema": {
                  "properties": {
                    "cursor": {
                      "description": "Opaque cursor from previous page; pass to get next 1000 rows",
                      "type": "string"
                    },
                    "format": {
                      "default": "csv",
                      "description": "Output format. CSV is best for CRM import.",
                      "enum": [
                        "csv",
                        "jsonl",
                        "json"
                      ],
                      "type": "string"
                    },
                    "limit": {
                      "default": 1000,
                      "description": "Max rows per page (default 1000, max 5000)",
                      "type": "integer"
                    },
                    "market_country": {
                      "description": "Optional ISO-2 country code (e.g. 'us', 'au') to intersect with hreflang market data",
                      "type": "string"
                    },
                    "signal_type": {
                      "description": "Required. e.g. 'vendor', 'klaviyo_company_id', 'shopify_shopid', 'market_country', 'org_country'. Use list_signal_types via Boolsai Grep to discover.",
                      "type": "string"
                    },
                    "signal_value": {
                      "description": "Optional exact value to filter. If omitted returns ANY value of this signal_type.",
                      "type": "string"
                    }
                  },
                  "required": [
                    "signal_type"
                  ],
                  "type": "object"
                },
                "name": "bulk_export"
              },
              {
                "description": "Compare two historical scans of the same URL to surface stack changes. Returns added/removed/changed vendors, account IDs, and inline-script signals between scan A and scan B. Use this for competitor watch \u2014 'what did patagonia.com just deploy?'. If t1/t2 are omitted, compares oldest vs newest available scan.",
                "inputSchema": {
                  "properties": {
                    "t1": {
                      "description": "Optional ISO timestamp of first scan (oldest if omitted)",
                      "type": "string"
                    },
                    "t2": {
                      "description": "Optional ISO timestamp of second scan (newest if omitted)",
                      "type": "string"
                    },
                    "url": {
                      "description": "Domain or full URL to compare",
                      "type": "string"
                    }
                  },
                  "required": [
                    "url"
                  ],
                  "type": "object"
                },
                "name": "compare_scans"
              },
              {
                "description": "Free DNS/WHOIS enrichment for a single domain. Returns: email host (Google Workspace / Microsoft 365 / etc. \u2014 derived from MX records), DNS provider (Cloudflare / Route 53 / GoDaddy / etc.), CDN provider, registrar, domain age (registered/expires). High-signal outbound data \u2014 'they use Google Workspace + Cloudflare DNS + registered with GoDaddy' tells you a lot about org size + sophistication. Results cached 24h. Free \u2014 uses Cloudflare DoH + public RDAP.",
                "inputSchema": {
                  "properties": {
                    "domain": {
                      "description": "Domain to enrich (apex or any subdomain)",
                      "type": "string"
                    }
                  },
                  "required": [
                    "domain"
                  ],
                  "type": "object"
                },
                "name": "domain_intel"
              },
              {
                "description": "Find sites with the most-similar vendor stack to a given domain using Jaccard similarity over the full vendor set (not just archetype labels). Returns the top N matches with similarity scores. Use this when stack_archetype labels are too coarse and you want 'show me 20 brands running an almost-identical stack to liquiddeath.com'. More accurate than similar_sites for niche stacks.",
                "inputSchema": {
                  "properties": {
                    "domain": {
                      "description": "Reference domain",
                      "type": "string"
                    },
                    "limit": {
                      "default": 20,
                      "description": "max similar sites (1-100)",
                      "type": "integer"
                    },
                    "min_shared": {
                      "default": 3,
                      "description": "Minimum shared distinctive vendors required to be considered (default 3)",
                      "type": "integer"
                    }
                  },
                  "required": [
                    "domain"
                  ],
                  "type": "object"
                },
                "name": "find_similar_by_stack"
              },
              {
                "description": "Returns a streaming-export URL for the same filter as bulk_export. Useful when the agency wants to pull 50K rows in one shot via curl/HTTP pipe instead of paginating the MCP. The URL is public, no auth, returns NDJSON or CSV with HTTP chunked-transfer streaming. Use bulk_export when N<1000; use this for bigger exports.",
                "inputSchema": {
                  "properties": {
                    "format": {
                      "default": "ndjson",
                      "enum": [
                        "ndjson",
                        "csv"
                      ],
                      "type": "string"
                    },
                    "market_country": {
                      "description": "Optional ISO-2 country",
                      "type": "string"
                    },
                    "signal_type": {
                      "description": "Required signal_type",
                      "type": "string"
                    },
                    "signal_value": {
                      "description": "Optional exact value",
                      "type": "string"
                    }
                  },
                  "required": [
                    "signal_type"
                  ],
                  "type": "object"
                },
                "name": "bulk_export_url"
              },
              {
                "description": "Find every domain sharing a tenant-unique ID \u2014 the most powerful single signal in Boolsai. Given a Stripe pk_live key, Sentry DSN org, Klaviyo company_id, mParticle workspace, GTM container, GA4 measurement, Shopify shop_id, or other tenant ID, returns every domain we've seen using the SAME ID. This surfaces multi-brand operators, holding-company portfolios, sister brands sharing infrastructure, agency-managed clusters. No competitor (BuiltWith, Wappalyzer, etc.) can do this \u2014 they only see external hostnames, not the tenant-unique IDs leaked client-side. Use this when you want to discover the actual operator behind a brand, or expand a single brand into its full portfolio.",
                "inputSchema": {
                  "properties": {
                    "domain": {
                      "description": "Alternative: pass a domain and we'll return every cluster this domain belongs to (all tenant IDs and their fellow domains).",
                      "type": "string"
                    },
                    "id": {
                      "description": "The tenant ID itself (e.g. 'pk_live_abc...', 'GTM-M8TQZPX', 'o307020' for Sentry, '12345678' for Shopify shop_id). signal_type is auto-detected.",
                      "type": "string"
                    },
                    "limit": {
                      "default": 100,
                      "description": "max sites per cluster (1-500)",
                      "type": "integer"
                    },
                    "signal_type": {
                      "description": "Optional explicit signal_type if auto-detect could be ambiguous (e.g. 'stripe_pk_live', 'sentry_dsn_org').",
                      "type": "string"
                    }
                  },
                  "type": "object"
                },
                "name": "operator_cluster"
              },
              {
                "description": "Every subdomain of a given root domain we've ever scanned. Reveals storefront topology \u2014 where the checkout actually lives, regional storefronts, B2B portals, internal admin domains, asset CDNs. Output groups subdomains by their primary vendor where known. Use this to (a) find the right path to scan for an audit (sometimes the checkout is on us.checkout.brand.com not brand.com), (b) spot enterprise topology (multi-region Plus stores), (c) discover sister surfaces (community, ambassador, careers, etc).",
                "inputSchema": {
                  "properties": {
                    "limit": {
                      "default": 200,
                      "description": "max subdomains returned (1-1000)",
                      "type": "integer"
                    },
                    "root": {
                      "description": "Root domain (e.g. 'gymshark.com'). Pass just the apex; we'll find subdomains automatically.",
                      "type": "string"
                    }
                  },
                  "required": [
                    "root"
                  ],
                  "type": "object"
                },
                "name": "subdomain_map"
              },
              {
                "description": "ONE-CALL PROSPECT BRIEF for agency outbound \u2014 runs four sub-queries against the live indexed data: (1) full dossier of the prospect's stack, (2) sister brands sharing tenant IDs (operator cluster), (3) 3-5 similar-stack competitors, (4) structured 'pitch angles' calling out concrete gaps an agency could pitch on (missing consent, no SST, outdated vendors, broken Schema.org, multiple GTM installs). Saves a strategist 20 min of manual cross-referencing per prospect. Use this whenever the user asks 'tell me about prospect.com'.",
                "inputSchema": {
                  "properties": {
                    "angle": {
                      "description": "Optional agency pitch angle to tune the brief: 'cro', 'analytics', 'consent', 'sst' (server-side tagging), 'headless', 'consolidation'. If omitted, returns all angles found.",
                      "type": "string"
                    },
                    "url": {
                      "description": "Domain or URL of the prospect",
                      "type": "string"
                    }
                  },
                  "required": [
                    "url"
                  ],
                  "type": "object"
                },
                "name": "prospect_brief"
              },
              {
                "description": "Unified query against the Boolsai Directory. One tool to rule the other lookups. Pass any combination of: signal_type+signal_value, domain, market_country, archetype, founder, city. Returns matching sites + their key signals. Prefer this over the granular tools when you have multiple filter conditions to AND together.",
                "inputSchema": {
                  "properties": {
                    "archetype": {
                      "description": "e.g. 'headless-shopify', 'woocommerce-stores'",
                      "type": "string"
                    },
                    "city": {
                      "description": "case-insensitive city name",
                      "type": "string"
                    },
                    "domain": {
                      "description": "exact domain match (e.g. 'gymshark.com')",
                      "type": "string"
                    },
                    "founder": {
                      "description": "case-insensitive substring",
                      "type": "string"
                    },
                    "limit": {
                      "default": 50,
                      "description": "max rows (1-500)",
                      "type": "integer"
                    },
                    "market_country": {
                      "description": "ISO-2 (e.g. 'us')",
                      "type": "string"
                    },
                    "signal_type": {
                      "description": "e.g. 'vendor', 'shopify_shopid'",
                      "type": "string"
                    },
                    "signal_value": {
                      "description": "exact signal value",
                      "type": "string"
                    }
                  },
                  "type": "object"
                },
                "name": "directory_query"
              }
            ]
          }
        },
        "bad_protocol_status_code": 200,
        "delete_error": null,
        "delete_status_code": null,
        "expired_session_error": null,
        "expired_session_status_code": null,
        "issues": [
          "missing_session_id",
          "missing_protocol_header",
          "bad_protocol_not_rejected"
        ],
        "last_event_id_visible": false,
        "protocol_header_present": false,
        "requested_protocol_version": "2025-03-26",
        "session_id_present": false,
        "transport": "streamable-http"
      },
      "latency_ms": 21.94,
      "status": "error"
    },
    "utility_coverage_probe": {
      "details": {
        "completions": {
          "advertised": false,
          "live_probe": "not_executed",
          "sample_target": null
        },
        "initialize_capability_keys": [
          "tools"
        ],
        "pagination": {
          "metadata_signal": false,
          "next_cursor_methods": [],
          "supported": false
        },
        "tasks": {
          "advertised": false,
          "http_status": 200,
          "probe_status": "missing"
        }
      },
      "latency_ms": 17.76,
      "status": "missing"
    }
  },
  "failures": {
    "oauth_authorization_server": {
      "reason": "no_authorization_server"
    },
    "oauth_protected_resource": {
      "error": "Client error '404 Not Found' for url 'https://directory.boolsai.ai/.well-known/oauth-protected-resource'\nFor more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404",
      "url": "https://directory.boolsai.ai/.well-known/oauth-protected-resource"
    },
    "openid_configuration": {
      "reason": "no_authorization_server"
    },
    "server_card": {
      "error": "Client error '404 Not Found' for url 'https://directory.boolsai.ai/.well-known/mcp/server-card.json'\nFor more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404",
      "url": "https://directory.boolsai.ai/.well-known/mcp/server-card.json"
    },
    "transport_compliance_probe": {
      "bad_protocol_error": null,
      "bad_protocol_headers": {
        "content-type": "application/json"
      },
      "bad_protocol_payload": {
        "id": 410,
        "jsonrpc": "2.0",
        "result": {
          "tools": [
            {
              "description": "Global stats for the Boolsai directory: how many sites are indexed, signal types covered, top vendors, most-changed companies. Use at the start of a session to ground what's available.",
              "inputSchema": {
                "properties": {},
                "type": "object"
              },
              "name": "summary"
            },
            {
              "description": "Full intel dossier for a single domain: detected vendors grouped by category, account IDs (GTM, GA4, Klaviyo company_id, Shopify shop_id, Meta pixel, Sentry org, Tealium tenant, Stripe pk_live, etc.), brand identity (name, founder, city, employees, social handles), international markets, external host list, and likely operator-cluster siblings. Use for any 'what's running on X.com?' query.",
              "inputSchema": {
                "properties": {
                  "url": {
                    "description": "Domain or URL, e.g. 'gymshark.com' or 'https://gymshark.com/'",
                    "type": "string"
                  }
                },
                "required": [
                  "url"
                ],
                "type": "object"
              },
              "name": "site_dossier"
            },
            {
              "description": "List indexed sites detected using a specific vendor (e.g. 'klaviyo', 'yotpo', 'elevar', 'gorgias', 'rebuy'). Vendor slug is lowercase, underscore-separated. Returns domain list with brand names where known.",
              "inputSchema": {
                "properties": {
                  "vendor": {
                    "description": "Vendor slug, e.g. 'klaviyo', 'shopify', 'webflow', 'onetrust'.",
                    "type": "string"
                  }
                },
                "required": [
                  "vendor"
                ],
                "type": "object"
              },
              "name": "sites_using_vendor"
            },
            {
              "description": "Cross-reference any tenant-unique account ID across the index. Useful for 'who else shares this GTM container / Klaviyo company / Sentry org / Meta pixel ID?'. Signal types: gtm_container, ga4_measurement, ga_ua, klaviyo_company_id, meta_pixel_id, shopify_shopid, myshopify_slug, hotjar_id, intercom_app_id, hubspot_portal, klaviyo_subscriber, tiktok_pixel, stripe_pk_live, sentry_dsn_org, tealium_tenant, optimizely_project, mparticle_workspace, segment_writekey, abtasty_account, fullstory_org, pendo_account, intellimize_acct, webflow_site_id, dynamic_yield, wunderkind_site, elevar_id.",
              "inputSchema": {
                "properties": {
                  "signal_type": {
                    "description": "e.g. 'gtm_container', 'klaviyo_company_id', 'sentry_dsn_org'",
                    "type": "string"
                  },
                  "signal_value": {
                    "description": "the actual ID/value, e.g. 'GTM-XYZABC', 'H2zzaR'",
                    "type": "string"
                  }
                },
                "required": [
                  "signal_type",
                  "signal_value"
                ],
                "type": "object"
              },
              "name": "lookup_id"
            },
            {
              "description": "List indexed brands that publish a physical address in a given city. Sourced from Schema.org Organization JSON-LD.",
              "inputSchema": {
                "properties": {
                  "city": {
                    "description": "City name, e.g. 'Los Angeles', 'New York', 'Berlin'",
                    "type": "string"
                  }
                },
                "required": [
                  "city"
                ],
                "type": "object"
              },
              "name": "brands_in_city"
            },
            {
              "description": "List indexed brands explicitly serving a country market (via hreflang). Country is a 2-letter ISO code, lowercase.",
              "inputSchema": {
                "properties": {
                  "country": {
                    "description": "2-letter country code, e.g. 'us', 'gb', 'de', 'fr'",
                    "type": "string"
                  }
                },
                "required": [
                  "country"
                ],
                "type": "object"
              },
              "name": "brands_in_market"
            },
            {
              "description": "List brands matching a stack archetype. Valid slugs: headless-shopify, classic-shopify-dtc, server-side-tagged, personalisation-heavy, pixel-stacked, multi-region, woocommerce-stores, magento-stores, bnpl-enabled, headless-cms.",
              "inputSchema": {
                "properties": {
                  "archetype": {
                    "description": "Archetype slug",
                    "type": "string"
                  }
                },
                "required": [
                  "archetype"
                ],
                "type": "object"
              },
              "name": "stack_archetype"
            },
            {
              "description": "Side-by-side stack comparison of 2-5 domains. Returns each site's vendors, account IDs, brand info, markets \u2014 and which signals are shared / unique per site. Good for 'compare X.com vs Y.com' or competitive teardowns.",
              "inputSchema": {
                "properties": {
                  "urls": {
                    "description": "2-5 domain/URL strings",
                    "items": {
                      "type": "string"
                    },
                    "type": "array"
                  }
                },
                "required": [
                  "urls"
                ],
                "type": "object"
              },
              "name": "compare_sites"
            },
            {
              "description": "Find brands with similar stack archetypes to the given domain. Returns 'sites running similar tech' \u2014 useful for benchmarking, prospecting, competitor lookups.",
              "inputSchema": {
                "properties": {
                  "url": {
                    "description": "Domain to find similar sites for",
                    "type": "string"
                  }
                },
                "required": [
                  "url"
                ],
                "type": "object"
              },
              "name": "similar_sites"
            },
            {
              "description": "List brands attributed to a founder (from Schema.org Organization markup). Useful for tracking serial DTC founders.",
              "inputSchema": {
                "properties": {
                  "founder": {
                    "description": "Founder name (case-insensitive)",
                    "type": "string"
                  }
                },
                "required": [
                  "founder"
                ],
                "type": "object"
              },
              "name": "brands_by_founder"
            },
            {
              "description": "Paginated bulk export of indexed sites matching a filter. Returns up to 1000 rows per page in CSV or JSONL format with a cursor for continued pages. Use this when an agency needs an outbound prospect list (e.g. all sites using Klaviyo in the US) for CRM import. The full row count is also returned so you can size the export.",
              "inputSchema": {
                "properties": {
                  "cursor": {
                    "description": "Opaque cursor from previous page; pass to get next 1000 rows",
                    "type": "string"
                  },
                  "format": {
                    "default": "csv",
                    "description": "Output format. CSV is best for CRM import.",
                    "enum": [
                      "csv",
                      "jsonl",
                      "json"
                    ],
                    "type": "string"
                  },
                  "limit": {
                    "default": 1000,
                    "description": "Max rows per page (default 1000, max 5000)",
                    "type": "integer"
                  },
                  "market_country": {
                    "description": "Optional ISO-2 country code (e.g. 'us', 'au') to intersect with hreflang market data",
                    "type": "string"
                  },
                  "signal_type": {
                    "description": "Required. e.g. 'vendor', 'klaviyo_company_id', 'shopify_shopid', 'market_country', 'org_country'. Use list_signal_types via Boolsai Grep to discover.",
                    "type": "string"
                  },
                  "signal_value": {
                    "description": "Optional exact value to filter. If omitted returns ANY value of this signal_type.",
                    "type": "string"
                  }
                },
                "required": [
                  "signal_type"
                ],
                "type": "object"
              },
              "name": "bulk_export"
            },
            {
              "description": "Compare two historical scans of the same URL to surface stack changes. Returns added/removed/changed vendors, account IDs, and inline-script signals between scan A and scan B. Use this for competitor watch \u2014 'what did patagonia.com just deploy?'. If t1/t2 are omitted, compares oldest vs newest available scan.",
              "inputSchema": {
                "properties": {
                  "t1": {
                    "description": "Optional ISO timestamp of first scan (oldest if omitted)",
                    "type": "string"
                  },
                  "t2": {
                    "description": "Optional ISO timestamp of second scan (newest if omitted)",
                    "type": "string"
                  },
                  "url": {
                    "description": "Domain or full URL to compare",
                    "type": "string"
                  }
                },
                "required": [
                  "url"
                ],
                "type": "object"
              },
              "name": "compare_scans"
            },
            {
              "description": "Free DNS/WHOIS enrichment for a single domain. Returns: email host (Google Workspace / Microsoft 365 / etc. \u2014 derived from MX records), DNS provider (Cloudflare / Route 53 / GoDaddy / etc.), CDN provider, registrar, domain age (registered/expires). High-signal outbound data \u2014 'they use Google Workspace + Cloudflare DNS + registered with GoDaddy' tells you a lot about org size + sophistication. Results cached 24h. Free \u2014 uses Cloudflare DoH + public RDAP.",
              "inputSchema": {
                "properties": {
                  "domain": {
                    "description": "Domain to enrich (apex or any subdomain)",
                    "type": "string"
                  }
                },
                "required": [
                  "domain"
                ],
                "type": "object"
              },
              "name": "domain_intel"
            },
            {
              "description": "Find sites with the most-similar vendor stack to a given domain using Jaccard similarity over the full vendor set (not just archetype labels). Returns the top N matches with similarity scores. Use this when stack_archetype labels are too coarse and you want 'show me 20 brands running an almost-identical stack to liquiddeath.com'. More accurate than similar_sites for niche stacks.",
              "inputSchema": {
                "properties": {
                  "domain": {
                    "description": "Reference domain",
                    "type": "string"
                  },
                  "limit": {
                    "default": 20,
                    "description": "max similar sites (1-100)",
                    "type": "integer"
                  },
                  "min_shared": {
                    "default": 3,
                    "description": "Minimum shared distinctive vendors required to be considered (default 3)",
                    "type": "integer"
                  }
                },
                "required": [
                  "domain"
                ],
                "type": "object"
              },
              "name": "find_similar_by_stack"
            },
            {
              "description": "Returns a streaming-export URL for the same filter as bulk_export. Useful when the agency wants to pull 50K rows in one shot via curl/HTTP pipe instead of paginating the MCP. The URL is public, no auth, returns NDJSON or CSV with HTTP chunked-transfer streaming. Use bulk_export when N<1000; use this for bigger exports.",
              "inputSchema": {
                "properties": {
                  "format": {
                    "default": "ndjson",
                    "enum": [
                      "ndjson",
                      "csv"
                    ],
                    "type": "string"
                  },
                  "market_country": {
                    "description": "Optional ISO-2 country",
                    "type": "string"
                  },
                  "signal_type": {
                    "description": "Required signal_type",
                    "type": "string"
                  },
                  "signal_value": {
                    "description": "Optional exact value",
                    "type": "string"
                  }
                },
                "required": [
                  "signal_type"
                ],
                "type": "object"
              },
              "name": "bulk_export_url"
            },
            {
              "description": "Find every domain sharing a tenant-unique ID \u2014 the most powerful single signal in Boolsai. Given a Stripe pk_live key, Sentry DSN org, Klaviyo company_id, mParticle workspace, GTM container, GA4 measurement, Shopify shop_id, or other tenant ID, returns every domain we've seen using the SAME ID. This surfaces multi-brand operators, holding-company portfolios, sister brands sharing infrastructure, agency-managed clusters. No competitor (BuiltWith, Wappalyzer, etc.) can do this \u2014 they only see external hostnames, not the tenant-unique IDs leaked client-side. Use this when you want to discover the actual operator behind a brand, or expand a single brand into its full portfolio.",
              "inputSchema": {
                "properties": {
                  "domain": {
                    "description": "Alternative: pass a domain and we'll return every cluster this domain belongs to (all tenant IDs and their fellow domains).",
                    "type": "string"
                  },
                  "id": {
                    "description": "The tenant ID itself (e.g. 'pk_live_abc...', 'GTM-M8TQZPX', 'o307020' for Sentry, '12345678' for Shopify shop_id). signal_type is auto-detected.",
                    "type": "string"
                  },
                  "limit": {
                    "default": 100,
                    "description": "max sites per cluster (1-500)",
                    "type": "integer"
                  },
                  "signal_type": {
                    "description": "Optional explicit signal_type if auto-detect could be ambiguous (e.g. 'stripe_pk_live', 'sentry_dsn_org').",
                    "type": "string"
                  }
                },
                "type": "object"
              },
              "name": "operator_cluster"
            },
            {
              "description": "Every subdomain of a given root domain we've ever scanned. Reveals storefront topology \u2014 where the checkout actually lives, regional storefronts, B2B portals, internal admin domains, asset CDNs. Output groups subdomains by their primary vendor where known. Use this to (a) find the right path to scan for an audit (sometimes the checkout is on us.checkout.brand.com not brand.com), (b) spot enterprise topology (multi-region Plus stores), (c) discover sister surfaces (community, ambassador, careers, etc).",
              "inputSchema": {
                "properties": {
                  "limit": {
                    "default": 200,
                    "description": "max subdomains returned (1-1000)",
                    "type": "integer"
                  },
                  "root": {
                    "description": "Root domain (e.g. 'gymshark.com'). Pass just the apex; we'll find subdomains automatically.",
                    "type": "string"
                  }
                },
                "required": [
                  "root"
                ],
                "type": "object"
              },
              "name": "subdomain_map"
            },
            {
              "description": "ONE-CALL PROSPECT BRIEF for agency outbound \u2014 runs four sub-queries against the live indexed data: (1) full dossier of the prospect's stack, (2) sister brands sharing tenant IDs (operator cluster), (3) 3-5 similar-stack competitors, (4) structured 'pitch angles' calling out concrete gaps an agency could pitch on (missing consent, no SST, outdated vendors, broken Schema.org, multiple GTM installs). Saves a strategist 20 min of manual cross-referencing per prospect. Use this whenever the user asks 'tell me about prospect.com'.",
              "inputSchema": {
                "properties": {
                  "angle": {
                    "description": "Optional agency pitch angle to tune the brief: 'cro', 'analytics', 'consent', 'sst' (server-side tagging), 'headless', 'consolidation'. If omitted, returns all angles found.",
                    "type": "string"
                  },
                  "url": {
                    "description": "Domain or URL of the prospect",
                    "type": "string"
                  }
                },
                "required": [
                  "url"
                ],
                "type": "object"
              },
              "name": "prospect_brief"
            },
            {
              "description": "Unified query against the Boolsai Directory. One tool to rule the other lookups. Pass any combination of: signal_type+signal_value, domain, market_country, archetype, founder, city. Returns matching sites + their key signals. Prefer this over the granular tools when you have multiple filter conditions to AND together.",
              "inputSchema": {
                "properties": {
                  "archetype": {
                    "description": "e.g. 'headless-shopify', 'woocommerce-stores'",
                    "type": "string"
                  },
                  "city": {
                    "description": "case-insensitive city name",
                    "type": "string"
                  },
                  "domain": {
                    "description": "exact domain match (e.g. 'gymshark.com')",
                    "type": "string"
                  },
                  "founder": {
                    "description": "case-insensitive substring",
                    "type": "string"
                  },
                  "limit": {
                    "default": 50,
                    "description": "max rows (1-500)",
                    "type": "integer"
                  },
                  "market_country": {
                    "description": "ISO-2 (e.g. 'us')",
                    "type": "string"
                  },
                  "signal_type": {
                    "description": "e.g. 'vendor', 'shopify_shopid'",
                    "type": "string"
                  },
                  "signal_value": {
                    "description": "exact signal value",
                    "type": "string"
                  }
                },
                "type": "object"
              },
              "name": "directory_query"
            }
          ]
        }
      },
      "bad_protocol_status_code": 200,
      "delete_error": null,
      "delete_status_code": null,
      "expired_session_error": null,
      "expired_session_status_code": null,
      "issues": [
        "missing_session_id",
        "missing_protocol_header",
        "bad_protocol_not_rejected"
      ],
      "last_event_id_visible": false,
      "protocol_header_present": false,
      "requested_protocol_version": "2025-03-26",
      "session_id_present": false,
      "transport": "streamable-http"
    }
  },
  "remote_url": "https://directory.boolsai.ai/mcp",
  "server_card_payload": null,
  "server_identifier": "ai.boolsai/directory"
}

Known versions

1.0.0

Validation history

7 day score delta

n/a

30 day score delta

n/a

Recent healthy ratio

100%

Freshness

5.9h

Timestamp	Status	Score	Latency	Tools
May 20, 2026 02:22:13 PM UTC	Healthy	70.7	380.7 ms	19
May 19, 2026 02:21:35 PM UTC	Healthy	67.6	288.7 ms	19

Validation timeline

Validated	Summary	Score	Protocol	Auth mode	Tools	High-risk tools	Changes
May 20, 2026 02:22:13 PM UTC	Healthy	70.7	2025-03-26	public	19	9	none
May 19, 2026 02:21:35 PM UTC	Healthy	67.6	2025-03-26	public	19	9	none

Recent validation runs

Started	Status	Summary	Latency	Checks
May 20, 2026 02:22:13 PM UTC	Completed	Healthy	380.7 ms	action_safety_probe, advanced_capabilities_probe, connector_publishability_probe, connector_replay_probe, determinism_probe, initialize, interactive_flow_probe, oauth_authorization_server, oauth_protected_resource, official_registry_probe, openid_configuration, probe_noise_resilience, prompt_get, prompts_list, protocol_version_probe, provenance_divergence_probe, request_association_probe, resource_read, resources_list, server_card, session_resume_probe, step_up_auth_probe, tool_snapshot_probe, tools_list, transport_compliance_probe, utility_coverage_probe
May 19, 2026 02:21:35 PM UTC	Completed	Healthy	288.7 ms	action_safety_probe, advanced_capabilities_probe, connector_publishability_probe, connector_replay_probe, determinism_probe, initialize, interactive_flow_probe, oauth_authorization_server, oauth_protected_resource, official_registry_probe, openid_configuration, probe_noise_resilience, prompt_get, prompts_list, protocol_version_probe, provenance_divergence_probe, request_association_probe, resource_read, resources_list, server_card, session_resume_probe, step_up_auth_probe, tool_snapshot_probe, tools_list, transport_compliance_probe, utility_coverage_probe