MCP.so
Sign In

turva.dev

@erekola

About turva.dev

The public read-only MCP server for turva.dev, live at mcp.turva.dev/mcp. Published in the official MCP registry as dev.turva/turva-mcp.

Basic information

Category

Other

License

MIT

Runtime

node

Transports

stdio

Publisher

erekola

Submitted by

Erik Rekola

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "turva": {
      "url": "https://mcp.turva.dev/mcp"
    }
  }
}

Tools

4

The service catalog (audit, advisory, implementation, agent operations, MCP server design), the engagement model, and pricing (fixed list prices for audit, advisory and implementation; others on request)

turva.dev's own agent-readiness scores from independent scanners, with per-scanner sub-scores, leaderboard rank, notable wins, the measurement date, and verification links

Public web-security scan results for turva.dev's own domain (Hardenize, Internet.nl), with the scan date

The engagement principles: async-only, least access, results measured in scanner numbers, open and verifiable

Overview

What is turva.dev?

turva.dev is a public, read-only Model Context Protocol (MCP) server for the turva.dev agent-readiness audit and advisory service. It lets AI agents query turva.dev’s service catalog, its own agent-readiness scores, public web-security scan results for its domain, and its engagement principles – all as structured JSON instead of scraped HTML.

How to use turva.dev?

Point any MCP client that supports Streamable HTTP at https://mcp.turva.dev/mcp. An example client configuration is provided. No authentication or API key is required.

Key features of turva.dev

  • Four read-only tools returning structured JSON.
  • Tools: get_services, get_agent_readiness, get_security_evidence, get_principles.
  • Data served from static TypeScript objects; every response is deterministic.
  • Scores include a measurement date and live verification links.
  • Public and auditable – no authentication needed.
  • Built on Cloudflare Workers, independent from the main turva.dev site.

Use cases of turva.dev

  • AI agents querying turva.dev’s service catalog and pricing.
  • Verifying turva.dev’s own agent-readiness scores from independent scanners.
  • Checking public web-security scan results for the turva.dev domain.
  • Understanding turva.dev’s engagement principles (async-only, least access, etc.).

FAQ from turva.dev

What data does turva.dev expose?

Four read-only tools: service catalog (audit, advisory, implementation, agent operations, MCP server design), agent-readiness scores from two independent scanners, public web-security scan results (Hardenize, Internet.nl), and engagement principles.

Does turva.dev require authentication or an API key?

No. All exposed data is public and read-only. No authentication or API key is required.

How is the data served?

Data is bundled as static TypeScript objects in a Cloudflare Worker, so responses are deterministic and depend on no external state.

How can I verify the scores?

Each tool response includes a measurement date and links to the independent scanner reports (StartupHub leaderboard, isitagentready, Hardenize, Internet.nl) so you can re-run any scan and compare.

What transport does turva.dev use?

Streamable HTTP on POST /mcp. No SSE transport. Server card JSON is available at GET / and GET /.well-known/mcp.

Comments

More Other MCP servers