SaSame MCP Observatory · Directory Pre-Flight
SaSame's free pre-flight measures the mechanical readiness that agents and directories care about: handshake, tools/list, schemas, descriptions, annotations, real-content behavior, and honest errors. After the grade, claim the owner-controlled Passport so agents can identify the operator-controlled record.
title + readOnlyHint or destructiveHint (missing annotations are ~30% of Claude rejects).Authoritative requirements live with the directories themselves: Claude Connectors submission · Anthropic Software Directory Policy · ChatGPT Apps submission.
Point either tool at your own public MCP endpoint. The probe is a legitimate MCP handshake (initialize + tools/list + one read-only tool call) — no auth-bypass, no payment, no data written to your server.
https://live-vps.sasame.online/public-mcp
| Tool | Returns |
|---|---|
| audit_mcp(url) | A→D grade, per-criterion pass/evidence, the single biggest gap, plus a machine-readable preflight block (PF1–PF3). |
| readiness_report(url) | The full Markdown report: every criterion with a fix, a Directory Pre-Flight section, and an ed25519-signed MCP-Ready certificate at grade A/B. |
| verify_mcp_ready(url) | A portable, offline-verifiable signed certificate of the same audit. |
Run the same readiness audit locally in one command — no MCP client, no install, no key (open-source, MIT):
npx mcp-readiness https://your-server.example/mcp
Same A→D grade and directory pre-flight as the hosted tools. The latest CLI also prints the claim path after the grade. On npm: mcp-readiness.
| ID | Check | Maps to |
|---|---|---|
| PF1 | Every tool has a title + readOnly/destructive hint | Claude & ChatGPT: missing/incorrect action labels — a top reject cause |
| PF2 | Specific, non-promotional tool names | ChatGPT: generic/comparative names may be rejected |
| PF3 | Privacy-policy URL surfaced over MCP (soft reminder) | Claude: missing policy = immediate reject (verify in your public docs) |
These map to the canonical, reproducible 10-criterion standard (C1–C10) but are reported as a separate advisory layer — a third party's directory policy never alters the reproducible grade.
If the endpoint is yours, call claim_start(url), publish the returned token through .well-known or DNS, then call claim_confirm. The result is an owner-controlled, agent-readable Readiness Passport. It is still measured-facts only: no safety verdict, no paid ranking, no KYC, no custody.
Every criterion is bound to the MCP spec, the registry schema, cryptography, or direct measurement — not taste — so anyone can re-run the audit and reach the same booleans. SaSame reports verification status only; it never issues a safety, quality, or "worth-using" verdict on any named server. SaSame's own public MCP server self-audits at grade A and passes PF1/PF2 (and PF3 is a standing reminder it applies to itself).