Aħna Awdjtajna 23,000 MCP Servers. Hawnhekk Dak Li Sibnah.
AgentForge Trust huwa ħaj. Kull server MCP publiku mqassam fuq ħamsa dimensjonijiet — sigurtà, saħħa tal-kodiċi, imġiba, komunità, konformità EU. 23,402 servers indiċjati, 1,964 awdjtati. API pubblika ħielsa u pakkett npm.
Il-Problema
L-ekosistema MCP exploded fl-2025 — u fl-2026 hu f' 20,000+ servers pubbliċi fuq awesome-mcp-servers, mcp.so, glama.ai, u repositorji GitHub imla. Dik iktar għodod minn kull uman jista' jivverifikah. Meta l-aġent AI tiegħek jiddeċidi li jaqbel ma' random-financial-mcp@0.0.3 biex jiprċessa fakturi, min verifikah li ma taqtax il-Stripe keys tiegħek?
Ħadd. Sal-lum.
AgentForge Trust — Ħaj Issa
Illum qed inilquh AgentForge Trust — l-ewwel layer ta' awdit għall-ekosistema MCP. Kull server MCP publiku jikseb 0–100 Trust Score ikkalkulat fuq ħamsa dimensjonijiet indipendenti:
| Dimensjoni | Piż | Signal |
|---|---|---|
| Security Scan | 30% | GitHub Advisory API, dipendenza CVEs, secret leaks fl-sors |
| Code Health | 20% | Ricency tal-Commit, issue-to-star ratio, licenza, archived state |
| Behavioral Audit | 20% | Claude-powered source review — dak li verament jagħmel vs. README claims |
| Community Trust | 15% | Stars (log-scaled), forks, organization backing |
| EU Compliance | 15% | GDPR, AI Act readiness, data residency disclosure |
In-Numri
- 23,402 MCP servers indiċjati minn AgentForge, awesome-mcp-servers, u glama.ai
- 1,964 awdjtati fuq code_health + community_trust (91% tas-sett lungo awesome-mcp)
- Security scans qiegħduni roll out fuq kollha indexed servers din il-ġimgħa
- Behavioral audits qiegħduni jitqiegħdu fuq top 1,000 mil-community score
Akbar sejbiet minn ġorn wieħed: il-punti huma highly bimodal. Top-100 servers tkittibu f' 85–100 overall, filwaqt li l-long tail jiskendi sharply taħt 40. Il-middle hu kważi vojt. Enterprise procurement guide: issettja min_overall: 70 u tintilef 60% tal-volum pero telimina kważi r-riskju kollu.
Erba' Modi biex Tuża Dah
1. Il-/trust landing
Żur agentforge.community/trust għal leaderboard ħaj u l-metodolodija sħiħa. Top scorers issa: mindsdb, bytedance/UI-TARS-desktop, u ftit servers uffiċjali Anthropic — kollha f' 95+.
2. L-API pubblika
Tliet endpoints zero-auth:
GET /api/v1/trust?slug=…— full scorecard għal server wieħedPOST /api/v1/trust/evaluate— allow/deny gate bil-custom policyGET /api/v1/trust/list?category=&min_trust=80— directory filtratu
Cached f'edge, EU-hosted, 300s TTL.
3. L-għodda MCP
Ippublikata llum fuq npm:
npx -y agentforge-trust-mcpIddaħħal fil-Claude Desktop / Cursor / Foundry agent config u l-aġent tiegħek jikseb erba' għodod ġodda: check_trust, evaluate_policy, list_trusted, recommend. L-aġent jista' jawdit server upstream qabel jaqbel ma' hu, irfud li jsejjaħ servers taħt threshold ta' policy, jew issib alternattivi bil-query natural-language.
4. Enterprise policy dashboard
Qed jidħol f'enterprise tier f'Q3: definixxi organization-wide policies bħal "only servers b' ≥80 overall, EU-licensed, l-ebda secrets_leaked badge" — AgentForge Trust jenforzah f'discovery time fuq kull aġent f'stack tiegħek.
Kif Jiqqabbel ma' Microsoft Foundry
Microsoft illaunch lil Hosted Agents f'Foundry — hypervisor-isolated sandboxes għall-qlib ta' aġenti f'scale enterprise. Foundry isolvi agent runtime safety. AgentForge Trust isolvi tool supply chain safety. Huma complementary layers: tuqib l-aġent fuq Foundry, tiffiltra t-tool discovery tiegħu permezz AgentForge Trust. Iddaħħal agentforge-trust-mcp fil-Dockerfile Foundry tiegħek u l-governance enterprise isir single API call.
Partial Audits, Honest Scores
Il-biċċa l-kbira tas-servers illum għandhom code_health + community_trust puntati, filwaqt li security_scan u behavioral_audit qiegħduni jitqiegħdu. M'aħna ma npunizzaw servers għal audits non-completi — il-headline score hu weighted average fuq biss id-dimensjonijiet completed, irrapportati b' partial: true. Meta tara Partial audit · 2/5 dimensions fl-UI, in-numru li tara hu ġust; hu sempliċement mhux sħiħ għad.
Il-Metodolodija hu Open
Kollha hu MIT-licensed u auditable:
- mcp-trust-server source — il-pakkett npm
- scoring scripts — ingest, code-health, security scan, behavioral audit
- migration 036 — it-trust_scores schema + il-compute_overall_trust function
Aħna ppublikaw ir-rubric tiegħna, il-piżi tiegħna, u l-kodiċi ta' awdit tiegħna. Tista' tassenti, fork, jew tissobnetti version aħjar — aħna qed nixtiequ PRs fuq ir-regoli tal-iskoring.
Dak Li Jmiss
- Full security scans fuq kollha 23,402 servers — imħallsa by end of week
- Behavioral audits għat-top 1,000 — qiegħda qed titqiegħed issa fuq Claude Sonnet 4.6
- mcp.so integration — iżżidha l-katalogo tiegħhom fuq top ta' glama + awesome-mcp
- Enterprise tier — custom policies, on-demand re-audits, SSO — Q3 2026
- Signed attestations — Ed25519-signed trust reports tista' verifikah offline
Ippruvah Issa
- Żur il-landing: agentforge.community/trust
- Query l-API:
curl 'https://agentforge.community/api/v1/trust/list?min_trust=80&limit=10' - Installah l-għodda MCP:
npx -y agentforge-trust-mcp
L-agent economy mhux biss dwar liema għodod jeżistu. Hu dwar liema għodod tista' tfiducia. Illum, dik problema risoluta.