mcp-validator

mcp-validator is a Python testing suite (with reference HTTP/STDIO MCP servers) for validating Model Context Protocol (MCP) server implementations against the MCP specification, including protocol version negotiation and compliance testing for HTTP and STDIO transports. It also includes a framework for testing OAuth 2.1-based authentication for the 2025-06-18 protocol version.

Evaluated Mar 30, 2026 (21d ago)
Repo ↗ Testing mcp validation testing compliance oauth oauth2.1 http stdio python
⚙ Agent Friendliness
51
/ 100
Can an agent use this?
🔒 Security
66
/ 100
Is it safe for agents?
⚡ Reliability
35
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
65
Documentation
55
Error Messages
0
Auth Simplicity
55
Rate Limits
35

🔒 Security

TLS Enforcement
75
Auth Strength
70
Scope Granularity
80
Dep. Hygiene
40
Secret Handling
60

README describes security-related behaviors for the reference HTTP server/testing environment (e.g., TLS requirement for production with OAuth, WWW-Authenticate headers, CORS/origin validation, DNS rebinding prevention, and optional rate limiting). However, dependency hygiene, secret-handling practices, and exact error-code structure are not verifiable from the provided README alone.

⚡ Reliability

Uptime/SLA
0
Version Stability
55
Breaking Changes
40
Error Recovery
45
AF Security Reliability

Best When

You have an MCP server implementation (HTTP or STDIO) and want automated, repeatable protocol compliance/regression testing across multiple MCP protocol versions.

Avoid When

You need a turnkey managed service with a hosted endpoint, SDK, or OpenAPI/hosted API rather than a local test runner.

Use Cases

  • Run compliance tests to verify an MCP server correctly implements required MCP behaviors
  • Validate HTTP-based MCP servers (initialization, tools, errors, batching restrictions, session/protocol negotiation)
  • Validate STDIO-based MCP servers including tool discovery and error handling behaviors
  • Test and verify OAuth 2.1 authentication and related HTTP security headers for MCP servers
  • Generate detailed compliance reports for regression testing across MCP protocol versions

Not For

  • Production deployment as an MCP server for end users (it is primarily a validator/testing framework)
  • Replacing an MCP server’s own implementation of OAuth/security logic (it tests/validates, it does not substitute for server auth correctness)
  • Providing a stable hosted API/SaaS interface (this is a local test framework)

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: OAuth 2.1 Bearer tokens via Authorization header (for HTTP test/reference server usage) Environment-variable configuration for test/reference HTTP server
OAuth: Yes Scopes: Yes

Authentication is described for the reference HTTP server and HTTP compliance tests via environment variables (e.g., MCP_OAUTH_REQUIRED_SCOPES). This is not an auth interface for a hosted service; it is part of the validation environment.

Pricing

Free tier: No
Requires CC: No

No pricing information provided; repository appears to be a local open-source testing suite.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Test execution is command/script driven; an agent may need to orchestrate starting/stopping the reference server during tests.
  • OAuth-related tests likely require a reachable introspection endpoint or appropriate stubbing; missing external auth dependencies may cause failures unrelated to MCP compliance.

Alternatives

Other MCP conformance test suites (if available for your target transport/protocol version) Manual protocol conformance testing using the MCP specification and example clients/servers Minimal protocol test harnesses tailored to your MCP server’s transport (HTTP/STDIO) and supported versions

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-validator.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered