Security tooling
Compliance check
A quick conformance test for an MCP server. Six focused probes exercise the most common ways a server diverges from the Streamable HTTP / Model Context Protocol spec. Each probe reports pass / warn / fail with a human-readable explainer plus the full request/response so you can dig in.
What it checks#
The compliance check answers one question: does this MCP server behave like the spec says it should?It's not a vulnerability scan and not a fuzz run — it's the "contract test" you'd want green before letting an agent point at an unknown server.
The checks cover handshake shape, content-type negotiation, tool listing structure, schema completeness, and error-envelope conformance on the JSON-RPC layer. A clean run means an agent built against the spec can reasonably talk to the server.
Spec, not securityA server can pass the compliance check and still be deeply vulnerable (SQL-injectable tools, exposed secrets, command-injection sinks). For security claims you want the Security Scan instead. The two are complementary: compliance proves the wire format is sane, scan proves the implementation is safe.
How to run it#
From the dashboard, open Inspector, pick the MCP proxy to test, and click Run compliance check. The six probes fire in sequence (the run takes 1–3 seconds end to end) and the modal renders the verdict for each.
The probes carry an aironclaw-compliance client identity in the handshake so the upstream can distinguish synthetic compliance traffic from real callers if it wants to.
Probes#
The six checks
initialize
MCP handshake
Sends initialize with a standard clientInfo + capabilities and expects a result that carries protocolVersion and capabilities. Fails when the server returns a JSON-RPC error or a structurally missing payload.
content_type
Streamable HTTP
Verifies the server responds with either application/json or text/event-stream. Warns when something else is returned (text/plain, no header, etc.) because most clients won't parse it correctly.
tools/list
Tool discovery
Sends tools/list and expects a tools[] array. Fails when the field is missing or the wrong shape. Empty array is allowed (a server may legitimately expose no tools).
tool_shape
Schema
Walks the tools[] array from the previous probe and verifies each entry has name (non-empty string) and inputSchema (object). Lists every malformed entry under the verdict so you can fix them in one go.
unknown_method
JSON-RPC error
Sends a JSON-RPC envelope with a method that doesn't exist. Expects a proper error envelope ({ error: { code, message } }) — not a 200 OK with an empty body, not a 500 with HTML.
bogus_tool_call
JSON-RPC error
Calls tools/call with a tool name the server doesn't expose. Expects the same proper-error envelope. Many homegrown MCP servers fail this one by 500-ing instead.
Verdicts & report#
Each probe returns one of three verdicts plus context:
Verdict scale
pass
green
The server behaved as the spec describes. No action needed.
warn
amber
We couldn't verify cleanly — usually a missing optional header, an unexpected but non-broken response shape, or a degenerate state (zero tools, etc.). Worth investigating but not a blocker.
fail
red
The server diverged from the spec. Clients that strictly follow the spec will misbehave. Fix before exposing this server to third-party agents.
The modal renders the verdict, a one-line summary, the rationale, and the full request / response pair (envelope sent, status, headers, body). The request and response are inspectable so you can copy a curl repro into a ticket without leaving the dashboard.
A top summary bar counts pass / warn / fail. A clean run shows 6 / 0 / 0.
Compliance check vs. Security Scan#
Both tools share the same gateway path but answer different questions. Pick the right one for the job:
When to use which
Onboarding a new MCP
Compliance first
Run the compliance check before you let any caller (human or agent) talk to a freshly-configured proxy. Confirms the wire format is healthy. Takes 1–3 seconds.
Production hardening
Security Scan
Once compliance is green, run a full Security Scan. The scan exercises every tool with injection / SSRF / leak / blind-RCE payloads. Takes 60–300 seconds.
Periodic regression
Both
Schedule the compliance check on every deploy of the upstream (fast). Schedule the Security Scan weekly or after major changes (thorough).
Triage a flaky 5xx
Compliance
If the proxy is returning errors and you don't know whether it's the firewall or the upstream, the compliance check isolates the upstream-spec layer in one shot.
Triage a suspicious response
Inspector
If you want to fire one specific tool call and look at the response by hand, that's the Inspector. Compliance fires a fixed set of six probes; Inspector lets you build any envelope.
REST API#
The compliance check is also reachable via REST. Authentication uses the personal access token described in Authentication.
Endpoint
POST /api/mcp/:id/inspect/compliance
run check
Runs all six probes in sequence. Returns { results[], summary: { pass, warn, fail, total }, startedAt, finishedAt }. Each result includes the probe id, label, status, message, rationale, full request/response envelopes, and latency.
Agent usageFor an agent flow, the AIronClaw skill ships an aironclaw compliance check --mcp <uuid> command that pretty-prints the verdict matrix and exits non-zero if any probe fails — drop it in CI as a gate.