Self-hosted federated MCP gateway: one OAuth 2.1 MCP server in front of N apps, user-level scopes.
Securityv0.1.0streamable-httpmcp.cortex-gateway.dev repository
| Criterion | Points | Observed |
|---|---|---|
| reachability | 18 / 25 | HTTP 401 in 126ms — auth required; WWW-Authenticate present: "Bearer resource_metadata="https://mcp.cortex-gateway.dev/.well-known/oauth-protected-resource"" |
| protocol | 0 / 15 | handshake not reachable behind auth — unverified |
| tooling | 0 / 0 | auth-gated — tooling unverifiable, excluded from score (grade marked provisional) |
| latency | 10 / 10 | initialize round-trip 126ms |
| provenance | 15 / 15 | description present; repository linked; version 0.1.0; namespace io.github.wellknownmcp matches endpoint/repo |
Score 66/100 · latency 126ms · — tools · protocol access: auth-wellbehaved ⓘ
Security, data integrity, citation quality, and advertised claims are measured separately from protocol uptime. Missing evidence is marked unverified, never converted into a pass.
No deterministic trust observations published yet. This means unaudited—not safe, unsafe, accurate, or inaccurate.
Machine-readable receipt: /api/trust/io.github.wellknownmcp/cortex-gateway.json
Live operational-grade badge, re-probed continuously — not a security or data-quality certification. Put it in your README and link to the complete receipt:
[](https://mcpqueen.com/s/io.github.wellknownmcp/cortex-gateway)
Think the grade is wrong? Fix the finding the evidence shows, then the next probe cycle picks it up automatically (full cycle ≈ 3 days) — or open a dispute via the MCP endpoint.
Email alerts when the grade changes or the endpoint stops answering. Double-opt-in, one-click unwatch, free while in beta.
| When (UTC) | Grade | Score | Latency |
|---|---|---|---|
| 2026-07-14 23:15 | C | 66 | 126ms |