← Back to search

Search • Sprawl Radar • TrustOps • Gateway • Ledger • Mandates • Hosting • Agent Commerce • Docs Compiler • Demo • Trust Index • Discovery Sources • Submit Repo • GitHub Action • Plans • Intelligence API • Verified Profiles • Shortlists • Rankings • Compare • Badges • Claim • ChatGPT compatible • Claude compatible • Healthcare • Digests • RSS • RSS XML • Backfill • MCP API

MCP TRUSTOPS

Operational trust controls for MCP adoption

TrustOps answers which MCP servers agents are allowed to use, keeps that decision fresh, alerts when risk changes, and exports the result into runtimes, gateways, CI, and admin review.

Runtime decision API

/v1/decide

Agent Permissions Gateway: decide whether this agent may call this tool, with this payload, for this user, right now.

Task routing API

/v1/route

Choose the best server/tool path for a task before a specific attempted call exists.

Hosted runtime

Verify Hosted MCP

Host trusted MCP servers with GitHub deployments, secrets, egress controls, releases, and audit events.

Audit ledger

/v1/ledger/evidence-pack

Immutable, decision-aware execution history with policy snapshots, risk snapshots, mandates, outcomes, and cost evidence.

Mandate vault

/v1/mandates

Store signed user or company approvals for delegated agent actions, budgets, scopes, validity windows, and tool constraints.

Docs compiler

Agent-readable docs

Generate MCP drafts, server cards, llms.txt, schemas, examples, and policy metadata from OpenAPI, Markdown, Postman, websites, PDFs, and help centers.

Policy exports

JSON, Rego, YAML

Also exports GitHub Action, gateway config, and client readiness reports.

Publisher wedge

Claim + Verify

Verified owners get priority revalidation, badges, monitoring, and authenticated validation workflows.

Private registry

Internal MCP inventory

Scan private endpoints and repos, rank internal tools, and export workspace allowlists.

Platform modules

Verify Registry, Cloud, Gateway, Ledger, and Mandates share one trust model: server evidence, policy, user authorization, runtime context, and audit proof stay linked.

Verify Registry

discover + score

Public and private MCP inventory with comparison, rankings, reports, and risk inventory.

Verify Cloud

host + monitor

Sandboxed hosted runtime with secrets, egress controls, releases, rollback, uptime, and validation.

Verify Gateway

decide

Runtime allow, deny, or approval-required decisions for agent, user, server, tool, payload, and cost.

Verify Ledger

prove

Compliance-grade execution logs and replayable decision trails for agent incidents and evidence packs.

Verify Mandates

authorize

Consent records for delegated agent actions: scope, budget, validity, signature, and tool constraints.

Docs Compiler

become agent-ready

Turn existing product docs into generated MCP surfaces that can be validated, hosted, governed, and audited.

Fresh trusted index

Buyer decisions should default to fresh, confidence-weighted evidence. Long-tail servers remain searchable, but stale or never-validated scores are visibly separated from servers that meet a freshness SLA.

Fresh evidence

Browse fresh scores

Prioritize servers validated within the configured freshness window.

Long-tail inventory

Review stale servers

Keep discoverability without treating old evidence as a production decision.

Synthetic route checks

/healthz/routes

Rankings, shortlists, RSS, Healthcare, ChatGPT-compatible, and Claude-compatible pages are probed for render stability.

Authenticated validation is premium

Public validation is free. Paid authenticated validation lets publishers provide test credentials, run authorized tool calls, verify scopes per tool, detect overbroad scopes, and prove write-action confirmation flows.

Publisher setup

Claim → Plan → Credentials

The management page accepts verified claim tokens, plan selection, alert watches, and scheduled authenticated credentials.

TrustOps gate

tier-enforced

Authenticated credential storage requires the configured TrustOps feature tier.

Freshness tiers

Tier	SLA	Priority revalidation
Community	720h	✕
Pro	168h	✓
Enterprise	24h	✓

Plans

Public evaluators

Community

Registry: public discovery, server reports, comparison pages, RSS, and long-tail MCP inventory.

Freshness: Best-effort public validation

Next: Move to Pro when a shortlist needs fresher evidence.

Teams evaluating MCP adoption

Pro

Registry + alerts + policy exports: shortlists, drift alerts, saved comparisons, and JSON/Rego/YAML policy exports.

Freshness: 7 day target freshness

Next: Move to TrustOps for Gateway, Ledger, Mandates, and authenticated validation.

MCP server maintainers

Publisher

Claim + badge + priority validation: ownership proof, trust marks, revalidation, and publisher drift monitoring.

Freshness: Priority revalidation for claimed servers

Next: Add authenticated validation or Cloud hosting to prove scoped behavior in production-like runs.

Agent platform and security teams

TrustOps

Gateway + Ledger + Mandates: runtime permission decisions, signed authority, evidence packs, and authenticated validation.

Freshness: 24 hour target freshness for watched servers

Next: Add Cloud for hosted runtime or move to Enterprise for private inventory and custom controls.

Teams hosting trusted MCP servers

Cloud add-on

Hosted MCP runtime: sandboxing, secrets, egress controls, uptime, releases, and rollback.

Freshness: Validation gate before hosted runtime activation

Next: Pair with TrustOps for gateway enforcement and ledger evidence.

Companies becoming agent-ready

Docs Compiler add-on

Generate agent-readable surfaces: MCP drafts, server cards, llms.txt, tool schemas, examples, and policy metadata.

Freshness: Generated artifacts flow into validation after compilation

Next: Host generated surfaces in Cloud and govern them through TrustOps.

AI admins and marketplaces

Enterprise

Private registry + custom controls: private scans, compliance evidence exports, admin reports, and workspace allowlists.

Freshness: Custom SLA and private scan schedule

Next: Custom deployment, support, and integrations.

Demo flow

Step 1

Vet an MCP server

Open the report, read the executive verdict, and separate client compatibility from production trust.

Step 2

Export policy

Generate JSON, Rego, YAML, CI, or gateway rules from the same evidence.

Step 3

Decide an agent call

Use /v1/decide to allow safe calls, block risky payloads, and require approval where needed.

Step 4

Record the evidence

Persist the decision, mandate, policy snapshot, risk snapshot, cost, and outcome in the audit ledger.

Step 5

Subscribe to alerts

Watch the server, category, shortlist, or private inventory for score, schema, auth, and freshness changes.

Alerting

Watch servers, categories, shortlists, or team inventories and trigger email, Slack, Teams, webhook, RSS, GitHub issue, or PagerDuty-style routes.

Status changes Score drops or recovers Freshness SLA breach Validation schema drift OAuth or auth behavior changes Tool surface changes New or changed write tool Supply-chain signal changes Legal or compliance metadata changes

Buyer paths

PLATFORM TEAMS

MCP TrustOps for agent platform teams

Rank and route agents to MCP tools with fresh trust scores, policy exports, and runtime decisioning.

AI ADMINS

MCP TrustOps for enterprise AI admins

Approve MCP apps before employees use them, monitor drift, and export enforceable policy.

PUBLISHERS

MCP TrustOps for MCP publishers

Improve your score, prove ownership, run priority revalidation, and publish trust badges.

SECURITY

MCP TrustOps for security teams

Detect risky agent tools before deployment and separate security probes from product analytics.

MARKETPLACES

MCP TrustOps for marketplaces

Use Verify scores, readiness, freshness, and policy data through stable registry APIs.

APIs and MCP tools

Capabilities

/v1/trustops/capabilities

Server profile

/v1/servers/{namespace}/{name}/trustops

Policy

/v1/servers/{namespace}/{name}/policy

MCP tools

route_task decide_agent_call create_mandate get_evidence_pack compile_docs export_policy get_subscription_options get_gateway_options get_hosting_options

Permission decision

POST /v1/decide

trust score + policy + mandate + context = runtime allow, deny, or approval-required decision for one attempted call.

Mandates

POST /v1/mandates

Create delegated-action consent records with scope, budget, validity, signature, and constraints.

Audit evidence

GET /v1/ledger/evidence-pack

Export decision-aware audit evidence for SOC2, GDPR, HIPAA-style reviews, and agent incidents.

Docs compiler

POST /v1/docs/compile

Generate agent-readable MCP artifacts from existing docs and route them into validation, hosting, and governance.