
turva.dev
@erekola
The public read-only MCP server for turva.dev, live at mcp.turva.dev/mcp. Published in the official MCP registry as dev.turva/turva-mcp.
Overview
What is turva.dev?
turva.dev is a public, read-only Model Context Protocol (MCP) server for the turva.dev agent-readiness audit and advisory service. It lets AI agents query turva.dev’s service catalog, its own agent-readiness scores, public web-security scan results for its domain, and its engagement principles – all as structured JSON instead of scraped HTML.
How to use turva.dev?
Point any MCP client that supports Streamable HTTP at https://mcp.turva.dev/mcp. An example client configuration is provided. No authentication or API key is required.
Key features of turva.dev
- Four read-only tools returning structured JSON.
- Tools:
get_services,get_agent_readiness,get_security_evidence,get_principles. - Data served from static TypeScript objects; every response is deterministic.
- Scores include a measurement date and live verification links.
- Public and auditable – no authentication needed.
- Built on Cloudflare Workers, independent from the main turva.dev site.
Use cases of turva.dev
- AI agents querying turva.dev’s service catalog and pricing.
- Verifying turva.dev’s own agent-readiness scores from independent scanners.
- Checking public web-security scan results for the turva.dev domain.
- Understanding turva.dev’s engagement principles (async-only, least access, etc.).
FAQ from turva.dev
What data does turva.dev expose?
Four read-only tools: service catalog (audit, advisory, implementation, agent operations, MCP server design), agent-readiness scores from two independent scanners, public web-security scan results (Hardenize, Internet.nl), and engagement principles.
Does turva.dev require authentication or an API key?
No. All exposed data is public and read-only. No authentication or API key is required.
How is the data served?
Data is bundled as static TypeScript objects in a Cloudflare Worker, so responses are deterministic and depend on no external state.
How can I verify the scores?
Each tool response includes a measurement date and links to the independent scanner reports (StartupHub leaderboard, isitagentready, Hardenize, Internet.nl) so you can re-run any scan and compare.
What transport does turva.dev use?
Streamable HTTP on POST /mcp. No SSE transport. Server card JSON is available at GET / and GET /.well-known/mcp.