spec v0.1
EN

Checklist

MCP-first Checklist

A checklist to audit an existing or planned system against MCP-first, Product, Engineering, Security, and UX.

A checklist to audit an existing or planned system against MCP-first principles.

Product

  • Is every feature described as a capability, not just as a screen or button?
  • Is there a clear user intent for every capability?
  • Is there both a human and an agent-compatible usage form for every capability?
  • Is it clearly defined which capabilities may be executed autonomously?
  • Is it clearly defined which capabilities require explicit confirmation by the user?

Engineering

  • Is there a central action layer shared by all interfaces?
  • Are all actions typed with clearly defined schemas?
  • Are there input and output schemas for every tool?
  • Are there clear, machine-readable error codes per tool?
  • Is there a central policy engine used by all interfaces?
  • Are there audit logs for every executed action?
  • Are there tests per tool covering inputs, outputs, and failure cases?
  • Is there a dry-run mode for risky actions?

Security

  • Are all tools classified by risk level (low / medium / high / critical / forbidden)?
  • Are tools filtered at tool discovery based on user permissions, role, and scopes, not only blocked at call time?
  • Is there step-up authentication for particularly sensitive actions?
  • Are there human confirmation gates for critical actions?
  • Is there redaction and context filtering so agents only receive the context needed for their task?
  • Is there tenant isolation so no cross-tenant access is possible?
  • Are there rate limits per agent, client, and tool?
  • Is there protection against prompt injection attacks?
  • Is tool metadata validated server-side and not blindly taken from the client?
  • Is there monitoring and alerting for unusual or anomalous agent actions?

UX

  • Can the user always track which actions an agent has executed or intends to execute?
  • Does the user see clearly and understandably what will specifically happen upon a confirmation request?
  • Can the user reject or cancel a proposed agent action?
  • Is there a draft mode where the agent prepares and the human makes the final decision?
  • Are there undo or rollback options for reversible actions?
  • Are risky actions explained with clear language, recipients, scope, external effects, risk level?

Build capabilities once. Expose them everywhere.