Agent Validator
Web-based multi-protocol validator for AI agent endpoints. Enter a URL and get instant assessment across eight protocol layers β MCP, A2A/AP2, x402, OAuth 2.1, MCP Apps, ERC-8004, OASF, and on-chain reputation.
Ask AI about Agent Validator
Powered by Claude Β· Grounded in docs
I know everything about Agent Validator. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
AgentProbe (MCP Agent Validator)
Web-based multi-protocol validator for AI agent endpoints. Enter a URL and get instant assessment across eight protocol layers β HTTP, MCP, A2A/AP2, x402, OAuth, MCP Apps, HTML, and ERC-8004.
Live demo: https://agentprobe.xyz
Video: https://www.youtube.com/watch?v=gnmsCEly3fA
DoraHacks: https://dorahacks.io/buidl/39293
TL;DR
- Problem: Agent endpoints are hard to validate across multiple evolving protocols.
- Solution: One URL β unified assessment across HTTP, MCP, A2A/AP2, x402, OAuth, MCP Apps, HTML, and ERC-8004.
- Benefit: Faster debugging, safer integrations, and clearer compliance signals.
Demo Video
Quickstart
git clone https://github.com/agentprobe/mcp-agent-validator.git
cd mcp-agent-validator
npm install
npm run start:dev
Open http://localhost:4000 in your browser and enter an endpoint URL to validate.
How It Works
- Input: A single agent endpoint URL.
- Assessment: Server runs the
mcp-agent-assessmentpipeline with protocol-specific validators. - Output: Unified verdicts per protocol layer plus raw assessment output.
Features
- HTTP β Connectivity, HTTPS, SSL validation, CORS, HTTP/2 detection
- MCP β Server discovery, tool/resource/prompt listing, capability detection
- A2A / AP2 β Agent card validation, AP2 version and role detection via
capabilities.extensionsandX-A2A-Extensionsheader - x402 β Payment-required endpoint detection with scheme, network, and token analysis
- OAuth β Authorization server metadata discovery
- MCP Apps β UI resource detection for MCP applications
- HTML β Website detection, Content-Type, SSL status, HTTP/2
- ERC-8004 β On-chain agent registry lookup with OASF classification, reputation, and metadata extraction
Architecture
flowchart LR
A[URL Input] --> B[Server]
B --> C[mcp-agent-assessment]
C --> HTTP[HTTP]
C --> MCP[MCP]
C --> A2A[A2A/AP2]
C --> X402[x402]
C --> OA[OAuth]
C --> APPS[MCP Apps]
C --> HTML[HTML]
C --> E8[ERC-8004]
HTTP --> I[Results]
MCP --> I
A2A --> I
X402 --> I
OA --> I
APPS --> I
HTML --> I
E8 --> I
API
POST /api/validate
Returns a structured validation result with separate sections for each protocol.
curl -X POST http://localhost:4000/api/validate \
-H 'Content-Type: application/json' \
-d '{"url": "https://your-endpoint.example.com"}'
Response contains mcp, a2a, ui (MCP Apps), and oauth objects with status, categories, summary, and messages. A2A results include AP2 version, roles, and extension URIs when detected.
POST /api/assess
Returns the raw assessment result from mcp-agent-assessment with full layer details.
curl -X POST http://localhost:4000/api/assess \
-H 'Content-Type: application/json' \
-d '{"url": "https://your-endpoint.example.com"}'
Optional parameters: timeout (number, ms), erc8004 (object with rpcNodes).
POST /api/lookup
Query the ERC-8004 on-chain registry for agent registration data, endpoints, OASF classification, and reputation.
curl -X POST http://localhost:4000/api/lookup \
-H 'Content-Type: application/json' \
-d '{"agentId": 2340, "chainId": 8453}'
| Key | Type | Description | Required |
|---|---|---|---|
| agentId | number | Agent token ID in the ERC-8004 registry | Yes |
| chainId | number or string | Chain ID (e.g. 8453 for Base) or CAIP-2 (e.g. eip155:8453) | Yes |
| rpcNodes | object | Custom RPC nodes per chain alias | No |
Authentication
Authentication is optional. When API_TOKEN is not set, the API is open (dev mode).
When API_TOKEN is set, two authentication methods are supported:
| Method | How it works |
|---|---|
| Session Cookie | Browser visits GET / and receives a session cookie automatically. All subsequent API calls from the browser include the cookie. |
| Bearer Token | External scripts send Authorization: Bearer <API_TOKEN> header. |
# With Bearer token
curl -X POST http://localhost:4000/api/validate \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer your-token-here' \
-d '{"url": "https://your-endpoint.example.com"}'
Environment Variables
| Variable | Required | Default | Description |
|---|---|---|---|
PORT | No | 4000 | Server port |
API_TOKEN | No | - | When set, enables authentication for API endpoints |
Project Structure
src/
βββ server/
β βββ Server.mjs # HTTP server, routing, auth, API handlers
β βββ StaticFiles.mjs # Static file serving for docs/
βββ mcp/
β βββ McpServer.mjs # Built-in MCP server (validate, lookup, client introspection)
βββ prober/
β βββ AssessmentProbe.mjs # Maps assessment results to UI-friendly format
β βββ AgentLookup.mjs # Direct ERC-8004 on-chain registry queries
docs/
βββ index.html # Single-page frontend
βββ style.css # Styles
tests/
βββ unit/
βββ server.test.mjs # Server route, auth, and API tests
βββ static-files.test.mjs
βββ assessment-probe.test.mjs
Dependencies
- mcp-agent-assessment β Unified assessment pipeline (MCP, A2A/AP2, x402, OAuth, MCP Apps)
- a2a-agent-validator β A2A agent card and AP2 extension detection
- x402-mcp-validator β x402 payment protocol validation
- mcp-apps-validator β MCP Apps UI resource detection
- erc8004-registry-parser β ERC-8004 on-chain registry parsing
Built by
License
MIT