Audit your MCP server with /manifest.ai
There is a machine-readable, normative edition of the MCP-first manifest. Point an LLM at it and get a 40-rule conformance audit of any MCP server in minutes.
Principles are easy to nod along to and hard to verify. So the manifest has a second
edition built for machines: a hard, vendor-neutral specification at
/manifest.ai that an LLM can read to audit any MCP server.
The machine manifest
It’s plain text, RFC-2119 style, with 40 numbered rules (R1 to R40) covering architecture,
capability contracts, the risk model, authentication, and audit. Each rule is a
MUST / SHOULD / MUST NOT you can test a system against. It’s self-contained, an
agent needs nothing but that one document.
The one-line prompt
Give an LLM access to the target server and this:
Audit my MCP server against https://mcp-first.ai/manifest.ai. For each rule
R1..R40 return: id, verdict (pass|fail|partial|n/a) and a one-line reason. End
with conformance_score = pass / applicable. List the top 3 critical failures first.What gets checked
A few of the rules that catch the most real-world problems:
- Every tool declares a typed input/output/error schema and a risk level. Medium
- Tool visibility is filtered at discovery time by principal, role, scope, tenant.
- External email, bulk operations, payments, deletions are classified
critical. Critical - Secrets, passwords, raw tokens, full exports, disabling the audit log are off-limits. Forbidden for AI
Reading the verdict
The output is JSON: a verdict per rule, a list of critical failures, a conformance score, and a short summary. Three conformance levels, non-conformant (a MUST fails), baseline (all MUST pass), recommended (all MUST and SHOULD pass).
Pair it with the human checklist and the risk model when you’re remediating. The manifest is free to use and reference, point your tooling at it and make conformance something you can measure, not just claim.